Download presentation
Presentation is loading. Please wait.
Published byNina Padmore Modified over 9 years ago
1
Data Protection Topics: Anti-Forensics Cryptographic Filesystems Encrypted Network Tunnels Secure Deletion Encrypted Remote Filesystems 1
2
Approaches to Data Protection Data Hiding ● Anti-Forensics ● Steganography (not stenography) Data Encryption ● Data lifecycle ● Creation ● Storage on filesystems ● Transfer across networks ● Deletion 2
3
Basic Data Hiding Linux Hidden Mount Points ● Mount filesystem on top of pre-existing filesystem Camouflaged files ● Hide file in large directory like /dev ● Camouflaged names like “. “ ( ) 3
4
NTFS Alternate Data Streams (ADS) Windows NTFS only Arbitrary file/directory attributes Manipulated from command prompt No GUI recognizes ADS, including Windows Explorer Overlooked by most antivirus, IDS and security tools LADS (List ADS) only tool for discovering ADS 4
5
Filesystem Slack Space and BMAP Filesystems (particularly ext2) ● View disk as contiguous series of blocks ● Blocks are the smallest addressable unit ● Ext2 block size: 1024, 2048 or 4096 bytes ● File's inode contains blockmap ● Internal fragmentation when file doesn't fill block ● Free space between EOF and EO Block is slack space BMAP ● bmap stores data in a single file's slack space ● slacker stores large data in multiple file's slack space 5
6
Cryptographic Filesystems and EncFS Everybody needs a cryptographic filesystem Cryptographic filesystems used to be difficult EncFS makes Linux crypto filesystems easy ● Uses OpenSSL for encryption; very fast and secure ● Decrypted filesystem mount point is transparent ● Friendly features: ● One simple userland command ● encfs ~/.crypt ~/crypt ● encfs -u ~/crypt ● Automatic idle unmounting ● Paranoid mode 6
7
Encrypted Network Tunnels Problem: have cleartext protocol; need encryption Non-intrusive solution: Tunnels (aka. port-forwarding) Tunnels ● Wrap existing TCP protocol with strong-encryption ● Also good for bypassing draconian firewalls ● Tunnel Contractors ● SSH port-forwarding ● Stunnel SSL tunneling 7
8
Tunnelling/Port Forwarding 8 http://www.bitvise.com/port-forwarding.html
9
Stunnel – Universal SSL Wrapper Stunnel Features ● SSL Client ● SSL Server ● Server and client certificate validation ● TCP wrapper support ● IDENT lookups ● SMTP protocol negotiation ● Source address rewriting ● IP source routing protection ● DNS spoofing protection 9
10
Secure Remote Filesystem Mounts with SHFS SHFS ((Secure) SHell FileSystem) No server-side configuration required Linux Loadable Kernel Module on client side Easily mount remote filesystems through SSH tunnel Friendly Features ● Two simple userland commands ● shfsmount -ps foo.bar.com ~/mnt/remote ● shfsumount ~/mnt/remote ● Broken connections re-established ● Follows symlinks 10
11
Secure Deletion Magnetic Force Scanning Tunnelling Microscopy Filesystem unlinking Secure Deletion Methods ● Gutmann Wipe ● American DoD 5220-22.M Standard Wipe ● Canadian RCMP TSSIT OPS-II Standard Wipe ● PRNG Stream Wipe Tools ● Wipe ● Securely deletes files/directories from command line ● Darik's Boot and Nuke ● Bootable secure deletion floppy ● Wipes all detectable hard disks 11
12
What You Will Do In Lab Explore Alternate Data Streams on NTFS Hide data in slack space with bmap/slacker Create a cryptographic filesystem with EncFS Encrypt arbitrary network protocols ● Stunnel Tunnels ● SSH port-forwarding Mount a remote filesystem securely with SHFS Explore secure deletion with wipe Discuss Darik's Boot and Nuke 12
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.