in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Real Data Security Is Necessary In Virtual Environments As Well

The Infotech section of the India Times on-line recently carried an article where an insider leaked software code to a rival team.  I’m not sure if actually happened, or if it’s just a what-if scenario, but it is readily believable.  In fact, I’ll bet it’s not unusual, although I doubt it’s common.

 

Essentially, the insider took the code and smuggled it out by using steganography.  Steganography is the art of hiding messages (think invisible ink.  The message is there, but hidden), and in this case the code was e-mailed out hidden in music files.  Mind you, the message can be hidden in pretty much any type of file, including images.   There is virtually no way to determine whether something is being smuggled sub rosa unless you’re actually in the know (i.e., a sender or a recipient).  I think I first learned of this technique about five years ago, when there was talk of terrorists using it as a way to circumvent Internet monitoring by US security agencies.  It is a very powerful method of securing data because you don’t know it’s there to begin with.  Which is why the affected company didn’t catch it when it happened.

 

Going back to the company, despite denying physical access to outside media ports such as CD-writers; ensuring firewalls were put in place; restricting access to free e-mail accounts; and monitoring out-going e-mail, the criminal was still able to take out the valuable code by using a virtual machine.  He installed a new operating system on this newly-created virtual machine and then installed the steganography software.  My guess is that the perp went through the process of securing a virtual machine because the company had application controls in place for real computers. 

 

Application control, available via AlertBoot, allows administrators to define which software can run on a machine.  The use of whitelists and blacklists makes the process easier to manage, and makes it easier to deploy these settings across all computers in an enterprise, be it a small business with five computers or a Fortune 500 company with offices scattered across the globe.  When an IT department makes sure that employees can’t use the CD drive, you can bet they’ve considered and, perhaps, implemented application control which would disallow the installation and execution of steganography software or any other type of software that creates problems for a company (such as P2P software. They sure show up a lot in data breach cases).

 

So what went wrong?

 

Well, I can only assume, but part of the workflow process for a lot of developers is testing things out in a variety of environments.  The use of virtual machines makes this process faster and easier while significantly lowering the needs for capital-intensive resources: you don’t have to have five different computers in a cramped office (or, most likely, a cubicle), with most of the machines barely used.  Most engineers dislike being in cramped quarters, so virtualization is a boon to them.  Accountants on the other hand love it because they’re not spending good money for something that will halve in value two seconds after buying it. The creation of new virtual machines is a breeze, and when done with it, the end user has the option of just wiping it out.  That’s right.  The end user can create and delete virtual machines if given the appropriate authorization.  But, if the initial configuration is not set up correctly for the virtual machines, this allows the end user to abuse the situation, as detailed in the beginning of this post.  Is there a way to get around this?

 

With AlertBoot, the answer is yes.  As long as AlertBoot is part of the virtual machine template, IT administrators would not have to get involved in securing the numerous virtual machines that can be created and deleted on a daily basis.  As part of the template, any application control settings that were set up for physical machines can be extended to virtual machines, making life easier for everyone involved and ensuring that the proper lock-downs are in place.

 
<Previous Next>

TSA Requires Disk Encryption Following Several Losses

Laptop Security As Part of Freshman Orientation?

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.