Oh %*&#, I lost my USB stick!!!

I couldn’t help but recently overhear a conversation while enjoying an outing with my wife at a local café; a university professor was telling a colleague about the horror of losing her USB stick. Looking clearly distraught as she explained the story, I mused about what data could have been stored on the thumb drive: students’ marks, banking information, private photos and videos. The potential fallout is hard to ascertain. “What a nightmare!”, I said to myself as I contemplated whether or not to interject the conversation. Luckily we ended up chatting and I got the chance to bring up encryption and the importance of protecting portable data. What I had to say clearly caught her attention and would bet that going forward she would take whatever steps necessary to avoid being in that situation again.

Encrypting data on flash drives should be a top priority if they are being used to store sensitive data, especially because of their propensity for physical loss due to small size and portability. Think about how easy it is to misplace, drop or simply leave behind. What about the minimal effort required for a thief to walk by and snatch one out of your device? With flash drives reaching terabyte capacity, people are storing more and more data on them without taking into consideration the impact if they were to fall into the wrong hands.

My recommendation is the wonderful freeware encryption utility called “TrueCrypt”. I know many have heard by now that the project abruptly ended in May 2014, but for the time being it remains my #1 choice for protecting my flash drive until there is a viable alternative. I realize the program’s sourceforge page recommends users to switch over to Microsoft’s proprietary BitLocker that only ships with the higher end Ultimate/Enterprise editions of the OS. I’m sorry, but this answer is not sufficient as BitLocker is only supported by Windows OS whereas TrueCrypt is cross-platform (Windows/Linux/OS X). I personally believe that the source code for encryption software should be publicly available for cryptanalysis as was the case with TrueCrypt. In fact, a professional security audit is under way called the Open Crypto Audit Project and so far has not found any evidence of backdoors or malicious code. The reason for the TrueCrypt developers suddenly dropping the project after 10 years is somewhat of a mystery. The bizarre message that appeared on the website stating that development ended after MS terminated support of Windows XP is very cryptic and has fanned the flames of conspiracy theorists worldwide. Many suggest that the developers simply decided to retire the project but I have decided to keep an open mind as like the revelations of NSA whistleblower Edward Snowden revealed, anything is possible.

Well enough of my ranting…back to the solutions…

One of TrueCrypt’s many great features is OTFE (On-the-fly Encryption) also known as real-time encryption. The main advantage is transparency to the user, meaning that you do not have to re-encrypt the files you work with after you’re done using them. There is also a portable mode that will allow you to run the program directly from the USB device without the need for the program to be installed on the operating system as long as you have admin rights. The TrueCrypt v7.1a installation packages and instructions can still be found on the GRC’s TrueCrypt final release archive.

There is an alternate OTFE portable solution for USB flash drives called Rohos Mini Drive that deserves honorable mention. One of the features gives the ability to access the disk without the need for admin rights, however there are several limitations. Please refer to the website for more information.

Another solution is File/Folder Encryption. The disadvantage when compared to OTFE is that encryption is not done in real-time. You need to manually select the files that you want to encrypt and if there is sensitive data that is not part of your encrypted archive, it will be clearly readable by anybody with access to your flash drive. My recommendation for File/Folder encryption is 7Zip which also has a portable app that can be installed and run directly from the USB device without software or admin right dependencies.

The most expensive solution is Hardware-Based Encryption. These secure flash drives are widely available from many vendors, such as IronKey and Kingston. The advantages are that encryption is always active without software or driver dependencies and no learning curve. Encryption/Decryption operations are managed by a built-in chip on the flash drive. The downside is the elevated cost that can easily be 3 or 4 times that of a regular flash drive with similar capacity.

All of these solutions support the AES-256 cryptographic algorithm which is the government standard for encrypting highly sensitive classified information. What this basically means is that unless by chance your flash drive is found by some NSA cryptanalyst, your data should be safe from prying eyes. So if you really care about securing your portable data, go and try one of these great encryption solutions ASAP.

Advertisements

pfSense – Unified Threat Management Home Lab Project

…on why pfSense makes a lot of Sense: pfsense.org

  • Go far beyond the consumer grade WiFi gateway that sits on the shelf, collects dust and runs outdated firmware. No worries, you can make use of it as an AP.
  • Have an old PC lying around? Turn it into a pfSense box; It’s the green way of thinking.
  • Amazing Features: Stateful Firewall, Hardware Failover, Multi-WAN, Load Balancing, VPN, Dynamic DNS, Captive Portal, DHCP Server etc.
  • Additional 3rd Party Packages: Squid Proxy, Snort IDS/IPS, pfBlocker and more…..
  • I highly recommend purchasing a copy of “pfSense – The Definitive Guide”. A great read, props to Chris Buechler and Jim Pingle.
  • Great user community and support to help you when you find yourself banging your fist or head against your desk.

For InfoSec folks it is an awesome project to not only protect the home network but reap the benefits of learning about firewalls, networking, intrusion detection and traffic analysis. I’ve used multi-port NICs and a couple of switches for LAN segmentation so I can test malware and various security tools without disrupting my home network and facing the wrath of my wife for bringing down her Facebook session. “Sorry Honey!”

My current LAB design:

Hardware:

  • pfSense box: Lenovo M58P (SFF), 1TB HDD, 8GB RAM. 3 x LAN ports
  • D-Link DIR-628 WiFi
  • MikroTik RB250GS switch
  • Netgear GS108T switch
  • Custom PC: Asus Maximus V Gene, Core I5, 16GB RAM, 4 x HDD, 3 x LAN port, Host OS = Windows 7 + Mixed Windows/Linux VMs

Additional software:

  • Syslog Watcher – snmpsoft.com  – Syslog parsing and reporting – Running on Windows 7 Host PC
    Replaced with Splunk. See my post
  • Snorby – snorby.org – Snort NIPS monitoring and traffic analysis – Running on CentOS VM

Stay tuned for more…

pfSense snorby syslog_watcher

Security and the Browser

Take back control of your web browser. Be aware of the malicious activity that targets the browser and empower your surfing experience!!!

***Featuring an overview of Firefox security add-ons, primarily NoScript.

Important links for further reading:
https://www.us-cert.gov/publications/securing-your-web-browser
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project