Perceived weakness in device encryption

Over the last month there has been much hype about the demonstration of ‘freezing’ RAM in laptops and then using the extra time gained by the cooling process to extract information from the memory that had not been fulled cleared down once the machine was powered off.

 

This was immediately used as a marketing tool at the Infosecurity Europe show by a vendor (you know who you are) to highlight the vulnerability of information even on a machine with full disc encryption. 

 

I was suprised that so many people were taken in by this.  Has no one been conducting proper risk assessments on the data that they are trying to protect?

 

While technically this is a vulnerability in device encryption there are numerous ways to protect against this issue.

1. Be vigilant to individuals sneeking around with cooling liquids or portable cooling systems that have their eye on your, server/workstation/laptop.

2. Do not leave your device unattended in an insecure location.

3. Use 2 factor authentication for any full disc encryption product.

4. Do not take very sensitive data from a secure working environment.

 

None of these points are new.  They were relevant before the ‘cooling the RAM’ excitement and they are as relevant now.  Do not be put off using device encryption because someone tells you about this ‘vulnerability’.

Now where did I leave the liquid nitrogen…

 

Advertisements

~ by Simon Hancock on May 15, 2008.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: