DSTA Presentation V - PowerPoint PPT Presentation

1 / 27
About This Presentation
Title:

DSTA Presentation V

Description:

Physical access to unencrypted confidential data ... Auto update your anti-virus' virus signature on a daily basis ... Avoid running using administrator-type ... – PowerPoint PPT presentation

Number of Views:27
Avg rating:3.0/5.0
Slides: 28
Provided by: Sapp6
Category:

less

Transcript and Presenter's Notes

Title: DSTA Presentation V


1
DSTA Presentation V
  • Final Presentation Ways to secure laptop in all
    possible areas

2
Introduction
  • If anyone says your laptop is 100 secured its
    a lie!
  • Laptops can never achieve 100 security so long
    as its not isolated
  • However at DSTA, we try to achieve the maximum
    security attainable
  • (This is very important because of the
    confidentiality policy we have here at DSTA)
  • So, how is a laptop considered safe?
  • Instead, lets ask the opposite..
  • Main issue What are the ways to compromise a
    laptops security?

3
Ways to compromise a laptop
  • Installations of malwares
  • Viruses, backdoor, Trojans, spywares, key
    loggers, root kit..and Stoned Boot Kit
  • Bootable viruses and rootkits
  • Malwares can slow down your PC and leak out
    confidential data!
  • Theft of sensitive data from laptop (both network
    and physical access)
  • Physical access to unencrypted confidential data
  • Physical access to hard disk using other laptop
    systems
  • Ability to connect to external storage devices
  • Confidential data grabbed through network by
    malwares (See above)

4
Types of Malwares
  • Infectious Malwares
  • Computer Virus infects .exe files, spreads when
    executed
  • Computer Worm Actively transmits over network
    to computers
  • Concealment Malwares
  • Trojan Horse Acting as a clean file, which in
    fact contains malicious files
  • Root kit Malware that hides itself from
    Anti-Virus programs
  • Backdoor method of bypassing normal
    authentication for remote access
  • Malwares for profits
  • Spyware malware that installs and collects data
    without users knowledge
  • Botnet Used by attacker to send upgraded
    malware to all same botnets
  • Keystroke Logger Tracks the keystrokes typed by
    the user

5
Prevention of Malwares
  • General prevention solutions for malwares
  • Recommended to install 2 anti-virus software on
    auto-protect mode
  • 2 anti-virus is actually controversial, but have
    at least a good one
  • Auto update your anti-virus virus signature on a
    daily basis
  • Boot a bootable anti-virus occasionally to detect
    root kit and MBR viruses
  • Avoid running using administrator-type accounts
    unless necessary
  • These measures however, doesnt prevent root
    kits especially Stoned Boot Kit

6
What is Stoned Bootkit?
  • A new boot virus created by Peter Kleissner
  • Infects all Windows OS including Windows 7
  • Changes MBR of infected system to Stoned
    Bootkits
  • Hackers can install any software along with
    Stoned BootKit
  • Trojan and backdoor etc
  • Comes with both bootable and non-bootable
    versions
  • Full-volume encryption like TrueCrypt does not
    prevent Stoned Boot Kit
  • Official Site http//stoned-vienna.com/

7
Stoned Boot Kit Prevention
  • Similarly, always have the latest updated
    Anti-Virus on Auto-Protect
  • Again, boot with a bootable Anti-Virus
    occasionally
  • This checks for boot sector viruses undetected at
    Windows level
  • Whats the difference?
  • Stoned Boot Kit comes in Live CD version as well!
  • This means your system can still be compromised
    if it boots the CD
  • (This only happens if the Black Hat has physical
    access to your laptop

8
Stoned Boot Kit Prevention
  • Configure your BIOS settings to prevent that!
  • Set Boot Priority to always boot from Hard Disk
    Drive first
  • Set a BIOS password to prevent unauthorized
    changes in BIOS
  • If already infected or believed to be infected
    with Stoned Boot Kit..
  • Boot Windows Recovery Console CD to reinstall
    MBR
  • This will remove the MBR changes caused by Stoned
    Boot Kit
  • Reinstalling the MBR does not affect the OS
  • Run fixmbr command from the CD

9
Stoned Boot Kit - Miscellaneous
  • One reason why full-volume encryption like
    TrueCrypt doesnt prevent Stoned Boot Kit is
    because full-volume encryption only encrypts all
    partitions in a hard disk, with the exception of
    MBR.
  • MBR of any hard disk is never ever encrypted
    (source)
  • Thus when decrypts on logon, Stoned Boot Kits
    MBR will still run first
  • (Before TrueCrypts MBR)

10
Theft of sensitive data from laptop
  • Physical access to unencrypted confidential data
  • Physical access to hard disk using other laptop
    systems
  • Ability to connect to external storage devices
  • Confidential data grabbed through network by
    malwares (Resolved)

11
Theft of sensitive data from laptop - Solutions
  • Physical access to confidential data
  • Proceed with a full-volume encryption
  • So users are required to enter the correct
    password to decrypt the OS
  • Sometimes the authentication can be transparent
    with usage of TPM
  • Types of Encryption Software (Multi-encryption is
    possible with different software)
  • HP Protect Tools (Supposedly to be the most
    recommended according to experts)
  • Windows 7 BitLocker
  • TrueCrypt
  • Listed in descending order of performance

12
So, what is TPM?
  • A cryptography hardware chip for...
  • storing cryptographic keys and sensitive data (in
    a full-volume encryption)
  • enabling platform software to use those keys to
    achieve security goals
  • Currently at version 1.2 (TPM 1.2)
  • More than 100 million newer laptops have TPM
    chips built-in
  • (Most high-end laptops made by HP, Dell, Sony,
    Lenovo, Toshiba, and others.)

13
HP Protect Tool
  • A security platform designed by HP
  • Addresses rising issues of theft and security
    breaches occurrence
  • HP Protect Tools has 7 modules in total
  • For full-volume encryption, Drive Encryption
    module has to be additionally installed after
    installation of HP Protect Tools
  • However, that module is only supported in HP
    laptop models which were manufactured since 2007
  • (This laptop does not support this Drive
    Encryption module Demo)
  • (Demo with other HP Protect Tools modules EFS
    and PSD)
  • Because all of these encryption tool uses
    similar models, well discuss it later

14
HP Protect Tools Drive Encryption
  • Links to download HP Protect Tools and Drive
    Encryption
  • Drive Encryption for desktops
  • http//h20000.www2.hp.com/bizsupport/TechSupport/S
    oftwareDescription.jsp?langenccusswItemvc-581
    58-1idx0mode4jumpidreg_R1002_USEN
  • Drive Encryption for laptops (but incompatible
    with this laptop)
  • ftp//ftp.hp.com/pub/softpaq/sp35501-36000/sp35577
    .exe

15
Windows 7 BitLocker
  • Logical volume encryption system built-in in some
    Windows 7 version
  • Professional Ultimate editions only
  • Having the TPM hardware chip is one of the system
    requirements
  • However, this laptop still runs on Windows XP,
    so theres no demo for this

16
How BitLocker works
(Other encryption tool have models similar to one
of following 3)
  • In order to operate, at least 2 NTFS-formatted
    volumes are required
  • One for OS (typically C drive)
  • Another for booting the OS (Must not be encrypted
    and at least 1.5 GB)
  • 3 models for BitLocker encryption (2 of which
    requires TPM)
  • Transparent operation mode (requires TPM)
  • User Authentication mode (requires TPM)
  • USB Key Mode (no TPM required)

17
BitLocker Encryption Models
  • Transparent operation mode
  • Requires the TPM chip to provide a transparent
    user experience
  • The user logs onto Windows as usual without
    noticing any difference
  • At the back, the key used for the disk encryption
    is encrypted in TPM chip(Itll boot the
    unencrypted NTFS volume to look for the key in
    TPM chip then boot the encrypted NTFS volume with
    OS installed)
  • TPM releases key only if early boot files appear
    to be unmodified.

18
BitLocker Encryption Models
  • Transparent operation mode
  • Requires the TPM chip to provide a transparent
    user experience
  • The user logs onto Windows as usual without
    noticing any difference
  • At the back, the key used for the disk encryption
    is encrypted in TPM chip(Itll boot the
    unencrypted NTFS volume to look for the key in
    TPM chip then boot the encrypted NTFS volume with
    OS installed)
  • TPM releases key only if early boot files appear
    to be unmodified.

19
BitLocker Encryption Models
  • User Authentication mode
  • Similar to Transparent model, except it involves
    authentication
  • Authentication is required during pre-boot
    environment to boot the OS
  • 2 authentication methods are supported
  • A pre-boot PIN entered by the user
  • A USB key

20
BitLocker Encryption Models
  • USB Key Mode (No need for TPM)
  • USB key that contains the startup key is
    required to boot the protected OS
  • (Unlike previous model, USB key in this case
    stores the startup key directly)
  • To use this mode, BIOS must be updated to support
    reading
  • of USB devices in the pre-OS environment

21
Full-disk Encryption
  • With full-disk encryption, unauthorized users
    will be unable to access the secured data in a
    hard disk without the authentic cryptographic key
    or password

22
Theft of sensitive data from laptop
  • Physical access to unencrypted confidential
    data (Resolved)
  • Physical access to hard disk using other laptop
    systems
  • Ability to connect to external storage devices
  • Confidential data grabbed through network by
    malwares (Resolved)

23
Accessing hard disk using other systems
  • Easy solution
  • HP Laptops comes with BIOS with built-in
    DriveLock password feature
  • Sets password for the hard disk within the hard
    disk itself
  • Prevents laptops without DriveLock BIOS from
    accessing the hard disk
  • Even with DriveLock firmware, the right password
    will be required
  • Source (Page 6 of..)
  • http//h20331.www2.hp.com/Hpsub/downloads/HP_Prote
    ctTools_Embedded_Security.pdf

24
Theft of sensitive data from laptop
  • Physical access to unencrypted confidential
    data (Resolved)
  • Physical access to hard disk using other laptop
    systems (Resolved)
  • Ability to connect to external storage devices
  • Confidential data grabbed through network by
    malwares (Resolved)

25
Disabling connection to other storage devices
  • This is another issue with a simple solution
  • At BIOS, configure single/multiboot option to
    only single boot option
  • (Remember to lock BIOS with a BIOS password to
    prevent modifications)
  • This will ensure that the system only recognize
    its own hard disk.

26
MISC Boot Options
  • Boot order can be prioritized among the following
    devices
  • Hard drive (primary, secondary)
  • Diskette drive
  • Optical drive
  • USB storage devices (hard drive, diskette drive,
    optical drive)
  • Network
  • Source (Page 8) http//h20331.www2.hp.com/Hpsub/d
    ownloads/HP_ProtectTools_Embedded_Security.pdf

27
Windows Registry Key An alternative
  • Alternatively, we can alter Windows Registry Key
    to disable USB drive
  • Refer to http//www.petri.co.il/forums/showthread
    .php?t3299
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "DSTA Presentation V" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!