Security for Dummies

security tips and tricks

A review of fingerprint security device

Miguele Fernandez, a founder of Extrememhz.com has tested and reviewed the n-Tegrity – Fingerprint protected personal data manager.

“…Very few products that come in for review are not only impressive and feature-rich enough to spend a considerable amount of extra time evaluating, but few are designed with such unique functionality that they end up being a pleasure to use.  The n-Tegrity Pro from the talented folks at n-Trance is one if these rare products that will certainly impress.  After having the pleasure of spending countless hours discovering and testing its somewhat endless array of features, this biometric flash drive is certainly in a class of its own and not to be mistaken as “just another flash drive”…

 …it is the first product I have found that allows RDC connections via your fingerprint… 

…Folks, the best way I can describe this product is that it is one that will provide ultimate peace of mind thanks to its highly unique features which will basically provide you with your own secured working environment, regardless of what PC you plug this little beast in… With that said, the n-Tegrity Pro earns our very highest recommendation and “Extreme Excellence Award…”

Full text of review can be found here

July 3, 2008 Posted by | Encryption, passwords, Security | , , | Leave a comment

Over 10000 laptops are lost every week in US airports

Yesterday article in PCWorld with reference to the Ponemon Institute The figure itself is amazing. But travelers’ attitude is more surprising.  About 77 percent of people surveyed said they had no hope of recovering a lost laptop. Therefore, they even did not claim the lost laptop. About 53 percent said that laptops contain confidential company information, with 65 percent taking no steps to protect the information.
What these figures say? 

  1. 53% of 637,000 = 337,610 laptops with confidential information lost each year
  2. 65% of 337,610 = 219,446 unprotected laptops with confidential information lost

According to the earlier survey of the same Ponemon Institute the average cost of compromised record in 2006 was $182. I can assume that nowadays it is much higher, about $250/record.

Assuming that each laptop has only 1 confidential record, direct annual damage is $54,861,625

Back to article:

Laptop theft is fairly prevalent in the U.S., said Mike Spinney, a spokesman for Ponemon Institute. In a study conducted by the institute, 76 percent of companies surveyed reported losing one or more laptops each year, of which 22 percent were due to theft or other criminal mischief.  Many people are ashamed of reporting lost laptops as they leave them where they shouldn’t be, Spinney said.

Let us compare above figures to the cost of simple measures for data protection:

  1. Encryption of disk – $45 per laptop with software solution or
  2. Encryption of disk – $115 per hardware key
  3. Dell Laptop tracking and recovery – 1st year free, including
  • Combat Theft – Absolute’s recovery team partners with law enforcement to track and recover your laptop 
  • Protect Data – Capability to delete valuable corporate data from the stolen system 
  • Track Your PCs – Manage software licenses, equipment leases, machine configurations and usage with remote monitoring capabilities.

What about your laptop?
Is it protected?
Do you keep confidential info on your hard disk?
Do you encrypt?

July 1, 2008 Posted by | Encryption, lost laptops, privacy, Security, Security Threats | , , | 1 Comment

Why do you need encryption to be portable

In previous post I have told you about 5 reasons to use encryption, but did not mention the main one. It is not the reason number 6, it is the MAIN reason.
Before I tell you what this reason is I want you to imagine that when you encrypt some data you put it in a safe. The stronger algorithm the thicker are the walls of the safe. Let’s imagine AES 256  as a safe with 10” steel walls, massive door and very complicated lock. Next character – a cryptographic key, which can be a password (a dial pad on the safe door) or a key.
I hope you clearly imagine this safe. Good. Let’s assume that you closed this safe with a password. We all know that passwords are rather weak protection and sooner or later your password will be guessed. You ask why? OK, I will remind you.
1. You have to remember passwords, therefore it cannot be too complicated
2. You have to type it blind, in without seeing letters, so it cannot be too long. Otherwise you will need to input it several times
3. You likely use a vocabulary word as a password, or address, or you family member’s name and date of birth. It can be also your pet name. So a brute-force attack will definitely smash your protection.
So, encrypting a file using passwords is like placing it in a safe with dial pad. Sometimes you even write the password down and stick it near the dial pad. Actually, nowadays cryptographic algorithms are extremely strong. The only weak link is the user. Yes, you are! Are you still relying on this kind of protection?
Let us imagine a stronger one. You have a key to lock your safe with. It can be a key-file on some removable media. This is a bit stronger. You lock and open your safe with the same key. This is a symmetric encryption.
There is even stronger solution, when you lock with one key and unlock with another. This technology is called PKI or asymmetric encryption. It can use a hardware key, like Aladdin e-Token or smartcard. Is it secure enough? Yes, it is much safer than a password and a key file. But… You need something to enable these keys. A smartcard reader and drivers installed, or drivers for the e-Token or ActiveX enabled. That means that you can use encrypted file on your workstation only. What if you want to use this file somewhere else?

Is there a way to make it portable? Yes, there are portable cryptographic tools. They do not need drivers; they work automatically, integrating both crypto-engines and key generation tools.

Summarizing, you need Portable Encryption to make your files really secured. If you encrypt one with a password, you lock it within a safe and invite a brute-force attack. If you encrypt using a preinstalled system you provide also tools for this attack. Only using portable solution will keep your files safe. You carry your keys and your lock with you, while your info is closed within a safe.

June 28, 2008 Posted by | Encryption, privacy, Security | , | 1 Comment