=============================================================== T H E S E C U R I U S N E W S L E T T E R =============================================================== June 18, 2002 | Vol. 3, #02 | http://www.securius.com/ CONTENTS: * The Joys of Full Disk Encryption * Microsoft Baseline Security Analyzer =============================================================== A service of PC Guardian | San Rafael, California Computer security products | http://www.pcguardian.com/ "Protecting Computers & Data Worldwide -- Since 1984" =============================================================== -------------------------------------------------------- THE JOYS OF FULL DISK ENCRYPTION -------------------------------------------------------- Here at PC Guardian headquarters, we've had our heads down, fingers tapping away on keyboards. We've been pounding out the code and testing the heck out of it. Our latest and most important project is a hard disk encryption solution, Encryption Plus(R) Hard Disk (EP Hard Disk) 7.0. EP Hard Disk 7.0 is the apex of a line of disk encryption products from PC Guardian. Our record of accomplishment in this market niche goes back to 1994. Version 7.0 is a substantial re-engineering and re-write of our current shipping product. Like its predecessors, it encrypts all the sectors on the end user's hard disk and then delivers transparent on-the-fly decryption of those sectors as they are needed by either the system or the user. Once the program is installed and a password is provided to the pre-DOS logon prompt, the user will not notice that the program is working behind the scenes, decrypting on demand and re-encrypting. There are numerous benefits to the full-disk approach, as opposed to mere file encryption. Manual file-by-file encryption is laborious and error prone. It's all too easy for a user to leave sensitive information unprotected. Even if the user is exceptionally careful, Windows application data gets stored in numerous locations, including temporary directories and swap files. Full-disk encryption addresses the sloppiness of both users and applications: all data is encrypted, regardless of user work habits and application file storage routines. For an excellent overview of the challenges faced in designing cryptosystems that are transparent to the user and applications, see Matt Blaze's groundbreaking 1993 paper on his Cryptographic File System[1]: http://www.crypto.com/papers/cfs.pdf Like all PC Guardian software products, EP Hard Disk 7.0 is designed for deployment in large organizations. An administrative program provides IT personnel and/or security administrators with fine-grain control of how user disks are encrypted. Administrators can configure the user program to enforce corporate password policy, including password length and expiration, and set both start-up and logon messages. During the initial disk encryption, the program encrypts in the background and thus can be set to run "slow" (leaving resources for the user) or "fast" (optimized for encryption). Similarly, the disk encryption process is designed to recover from catastrophes like power loss, though this can be turned off in order to further speed the initial disk encryption. Like PC Guardian's other enterprise software products, the program offers multiple recovery mechanisms. These are useful when the user forgets a password or when the user is "hit by a bus" (i.e., the company needs the data and the user is not around). The Authenti-Check(R) mechanism challenges the user to remember his or her answer to one or more personal questions. The One-Time Password recovery mechanism is built around an easy-to-use (but hard to code) challenge-response system that allows the administrator to reset a user's password during a phone call. EP Hard Disk 7.0 uses the Rijndael cipher for data encryption and decryption, using a 256-bit key length. Rijndael is the new US Advanced Encryption Standard (AES) designed to replace DES. It was selected during an exhaustive multi-year process that involved extensive reviews by cryptographers worldwide. We are confident that Rijndael provides good security. It's also fast -- an important attribute for a cipher used for on-the-fly cryptographic operations.[2] EP Hard Disk 7.0 is currently in beta release and is being tested by a select group of PC Guardian customers. If you are involved with computer security for large organizations, I invite you to contact us and start an evaluation of this hard disk encryption solution. Please note that this product is NOT designed for consumers or standalone PCs -- we are only able to honor requests from qualified evaluators in large organizations. This beta, like all betas, should not be run on production machines. Only Windows XP, 2000, and NT are supported at this time. For more information about EP Hard Disk, see our product page on the web: http://www.pcguardian.com/software/Encryption_Plus_Hard_Disk/ In order to request an evaluation copy of EP Hard Disk 7.0 Beta, please contact us via the form at http://www.pcguardian.com/contact_email.html -------------------------------------------------------- MICROSOFT BASELINE SECURITY ANALYZER -------------------------------------------------------- As long-time readers know, this newsletter has knocked Microsoft for the many security problems that affect its operating systems.[3] On the up side, Microsoft has released a nifty security tool that scans Windows-based computers for common security snafus: the Microsoft Baseline Security Analyzer (MBSA). MBSA runs on Windows 2000/XP-based computers and scans for missing "hot fixes" and security vulnerabilities on Windows NT/2000/XP-based computers. MBSA generates reports for security issues in Microsoft's operating systems, Internet Information Services (IIS), SQL Server, and Internet Explorer. If you run Windows 2000 or XP, you owe it to yourself to try this tool. It has a clean and simple graphical user interface (GUI). The program's GUI and data parsing routines are built around XML, an architecture that's likely to appear in other security programs. Not only does MSBA cite problems, but it also provides links to further information about system security. Thus, running this program is an easy and practical way to learn more about Windows 2000/XP security. If you administer a network of Windows machines, you can save a lot of shoe leather by using MBSA to remotely check many machines at once. For more information and to download, surf to http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q320454 Be forewarned: Some users are reporting anomalies when running MBSA. See http://www.eweek.com/article/0,3658,s=712&a=25576,00.asp As always, trust but verify. See you next issue. 'Til then, keep your guard up! REFERENCES [1] M. Blaze. "A Cryptographic File System for Unix." Proceedings of the First ACM Conference on Computer and Communications Security, Fairfax, VA, November 1993. [2] Federal Information Processing Standard 197, November 26, 2001 http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf [3] See, for example, "Windows XPploitable" at http://www.securius.com/newsletter/archive/301.txt =============================================================== ABOUT THIS NEWSLETTER The Securius Newsletter is published periodically by PC Guardian. For information about our simple and effective crypto software and anti-theft devices, please visit us at http://www.pcguardian.com/ To find out more about our crypto software, visit http://www.pcguardian.com/software/ You can find our archive of back issues at http://www.securius.com/newsletter/archive/ SUBSCRIBING/UNSUBSCRIBING To unsubscribe from this newsletter, send an email to leave-securius-nl@lists.securius.com To subscribe to this newsletter, send an email to join-securius-nl@lists.securius.com FEEDBACK OR QUESTIONS Write the author, Seth T. Ross sross@pcguardian.com PC Guardian 1133 East Francisco Blvd. San Rafael, CA 94901 US ABOUT THE AUTHOR Seth is the Chief Strategy Officer at PC Guardian and author of the book, _UNIX System Security Tools_ (McGraw-Hill 1999): http://www.amazon.com/exec/obidos/ASIN/0079137881/pcguardian-20 SPECIAL THANKS TO Emily Navarre, editor extraordinaire, and Sherrie Van Tyle FORWARD THIS MAIL RIGHT NOW Please take a moment and forward this newsletter to a colleague or friend. =============================================================== Redistribution of this newsletter is permitted, as long as the entire message body and this notice are included. Copyright 2002 PC Guardian. All rights reserved.