in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

USB Data Encryption: A Timely Example of An Information Security Breach

  • US military secrets sold for $18 and S&H
  • USB encryption - not just an addendum to laptop encryption

This week, the world found out that an MP3 player, sold from a pawnshop in Oklahoma City and bought by a guy residing in New Zealand, contained the information of 60 US soldiers.  Of course, this is not news, per se.  There have been lots of instances over the past four years when sensitive information has been leaked via small, digital devices, which is why the use of data encryption software like AlertBoot is imperative when it comes to dealing with sensitive information.

US Military Secrets Sold for $18 and S&H

The real reason why this data breach made headlines was probably due to the distance involved.  And because of the distance, many have made assumptions regarding the story.

For example, I've read many posts of how eBay was involved and what not, but it looks like the guy purchased the mp3 player while in the US.  Apparently, the "in" thing to do for foreigners is to saunter into a pawnshop?  I know I did it once or twice.

According to several sources, the information contained in the mp3 player included names, SSNs, equipment deployed to various war theaters, pregnancy status of female soldiers, and a notice that releasing the contents was prohibited by federal law.  More proof that people don't read nor follow written security policies.

By the way, the purchase was back in March 2008.  He came forward nearly a year after he bought this thing…and supposedly moved to New Zealand just last month.  My guess is that he wanted to leave the US, or maybe he was waiting for a regime change in the US.  (Does New Zealand have an extradition treaty with the US?  Something to look into, perhaps).

USB Data Encryption - An Integral Part of Your Computer Security

There are many managers that believe the use of encryption on computers will solve all of their security problems.  And I'm sure there are plenty of vendors who want to sell them into this fantasy.

Wake up, people!

Like the above story shows, there are plenty of ways that data can walk out of your organization.  Any digital device that stores information--videos, music files, pictures, etc--are technically hard disks.  They have an added value--such as displaying said pictures or playing those music files--but their base component is the hard drive; i.e., it's a data storage device.

It is imperative that any organization that is seriously considering data protection measures also give thought to such matters.  For example, an employee hooks up his iPhone to a company computer to charge it.  Conveniently enough, this also allows him to transfer work files into his iPhone, something that may be banned per company policy (but as shown with the mp3 player, routinely ignored).

Does a company allow it to happen?  On the one hand, charging the phone is necessary.  On the other, you don't to give employees the ability to trigger a data breach.  Plus, if you won't allow it, can you physically enforce it?

The answer is yes.  I've read of people who use superglue to shut USB ports.  That's certainly one way of approaching the problem.

A more flexible solution is the use of USB port control software, which would give whitelisted devices access to a computer, while blacklisting other devices, like the iPhone above.  Combine it with hard disk encryption software and you've got yourself a pretty secure platform.


Related Articles:
http://tvnz.co.nz/view/page/413551/2453415
http://www.sciam.com/blog/60-second-science/post.cfm?id=looking-for-top-secret-military-inf-2009-01-28
http://www.totaltele.com/View.aspx?ID=104458&t=2
http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10554016

 
<Previous Next>

An Overstatement: Heartland Payment Systems And The 100 Million Figure

Data Breach Cost: VA Agrees To Pay $20 Million For Lost And Recovered Laptop

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.