Showing posts with label TrueCrypt. Show all posts
Showing posts with label TrueCrypt. Show all posts

Friday, August 14, 2015

Sysadmin Linkfest: Rnd edition

Here is a seemingly random (Rnd) collection of linkage for the syadmins in the RSS crowd.

Enjoy.

20683743 (Tools)

FileIOTest is a command line tool that tests the speed of local or remote (SMB) storage by performing some common file IO operations repeatedly and measuring the duration.

These are the main facts:

  • Performs four different types of file IO: write, custom read, read with the GetPrivateProfileString API, create/delete
  • The number of iterations can be specified
  • Each generated file name is unique to prevent caching
  • Works with local and UNC paths
  • FileIOTest does not require any software to be installed
  • FileIOTest works on any version of Windows from Vista / Server 2008 onwards
  • FileIOTest is freeware

Couple this utility with some Windows performance monitoring traces (Win 10 WPT via the Win ADK here) and who knows what fun you could have?!  See also PerfView.

44468807 (Surface Pro)

I’ve been seeing some strange trends with a few of our Surface Pro 3 devices. For some of them, they seem to be loosing functionality (drivers?) with the Microsoft Dock hardware. Cases in point; one Surface Pro 3 tablet (Win 8.1) has lost the ability to connect to the network via the Dock Ethernet port. If I take another SP# unit and place it in the same Dock, it connects fine to the network with no issues…so it doesn’t seem to be an issue with the dock itself…just this particular tablet picking up and using the driver. I’m going to see if any of the Ethernet drivers in this pack (or the driver pack MSI itself) resolves the issue before doing reimaging the unit.  Likewise, a different SP3 user reported their external monitor connected via the display port through the Dock stopped working. Take another SP3 unit and place in the same dock and it drives the same external monitor just fine. Again, I’m going to try the driver pack first before doing a reimage on the unit. Thoughts?

59479408 (Mobile Ads/Malware)

I’ve seen a few of these “pop-up” fake alert windows in iOS, but not many. Lavie has seen more than a good many on her iOS devices. So far we have been able to get out of them with a bit of work but no harm done, yet. Regardless we are now more sensitive to these “exploit” methods.

I’m looking forward to the potential capability of ad-blocking modules (for security not revenue drain) in iOS 9. Here are some links

48734052 (Anti-Virus)

71414462 (Network Tools)

35251748 (SSD’s)

60014312 (Windows Server 2012 Essentials)

4537758 (Folder Redirection Considerations)

78434592 (Windows 8/8.1/10 and Windows Photo Viewer)

One of the most common requests for help from our Surface Pro 3 tablet users is how to get the photos embedded in emails to open up in Windows Picture Viewer rather than the Windows 10 “app”. It’s easy enough to show them how to save the attachment to disk, then right click and “open with” Windows Photo Viewer.  However that’s not convenient. Here are some tips on how to set it as the default application.

Randomness courtesy of the random number generator at RandomNumberGenerator.com

Carry on!

Claus Valca

Sunday, May 03, 2015

Old News Update on TrueCrypt

My “to blog” hopper is overflowing with linkage. However there have been a number of challenges keeping up with the onslaught of “real-life” work and family needs lately.

The hopper is much neglected.

I anticipate there will be a series of upcoming posts that cover very old (in Internet time) topics that I still want to get up for my own reference.

This is one of such posts.

I use TrueCrypt to encrypt my primary personal laptop. The protection is against data-loss due to common theft.

The TrueCrypt project shut down suddenly, freaked a bunch of folks out, and spawned an independent security audit of the source code. Many folk fled in panic. I decided to stick it out and leave TrueCrypt in place rather than migrate to another solution. In April 2014 the first phase of the Audit was completed (PDF link) and things generally seemed fairly solid.

The second phase of the audit was finished up (PDF link) in April 2015 and things again looked relatively positive for the core security integrity of the software.

Here’s the rest of the story:

Now that the dust has settled, I remain confident in sticking with the current TrueCrypt deployment on my system. If/when I upgrade to Win 10 I’ll have to remove the TrueCrypt encryption and begin looking for the next alternative. But until then, it’s good enough for me.

Cheers,

Claus Valca

Saturday, October 04, 2014

TrueCrypt linkage

tinyapps.org blog has been running a nice series of posts regarding TrueCrypt.

I’ve been using TrueCrypt for some time now (just shy of a year) on my Windows 7 system as at the time it seemed to be the best balance of security and compatibility/recoverability for my needs.

Again, I’m using TrueCrypt whole-disk encryption to protect the data on my laptop in case it is lost by theft or careless user misplacement. Other solutions are out there and they have their own pros/cons.

In the aftermath of the TrueCrypt “collapse” back in May 2014, many have fled TrueCrypt and no longer trust it.

I noted the other day a new TrueCrypt fork called CipherShed via this InfoSec Handlers Diary blog post.

It’s worth being familiar with, but in light of the recent round of postings, I wanted to seek out the opinion of the GSD-respected tinyapps blogger regarding this fork.

I did receive sage wisdom and was kindly pointed to this discussion:

Just a point to consider for now while the Phase II audit process continues…

More resources on TrueCrypt itself

Update April 14, 2014: Phase I of the audit is complete, and report is available. Phase II begins on the formal cryptanalysis.

I’m not a programmer so I’m just watching and listening to the discussions and audits by those professionals who are. I’ll continue to post bits as both projects move forward.

Cheers,

Claus Valca

Saturday, August 02, 2014

The Valca Layered Security Experiment

Some notes on the current layered security approach I’m using on my laptop (Win 7) as well as Lavie’s (Win 8.1).

I keep the Microsoft OS’s regularly patched with all available MS updates.

I am using Windows Firewall for ease of administration rather than one of the multitudes of alternative (and more feature packed) firewall solutions. It’s strange as I used to be pretty heavy into the alternative firewall thing around this blog in the past. WF works well enough.

I don’t run Shockwave or Air any more.

I update Flash, Java, and regularly run Qualys BrowserCheck and the Secunia Software Inspector to look for critical software updates for these common threat vectors.

I do still run Microsoft Security Essentials despite having tried Bitdefender Antivirus Free and AVG Free Antivirus. They did great but the whitelisting was a pain and less than smooth.

I run Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) just updated to the final public release 5.0 version. I take the defaults (for now). More info below.

I “inoculate” our systems against Crypto-type malware using CryptoPrevent from Foolish IT LLC.

Recently I ponied up the $ for a few lifetime licenses of Malwarebytes Premium anti-malware and Internet security software. The new 2.0 version still needs some polish but performance is great and Lavie gets so exited when her nightly scans come back clean. Not sure why. It plays wonderfully with MSSE.

Malwarebytes recently released a supportive product called Malwarebytes Anti-Exploit

It works by monitoring your system for zero-day exploits attacking your browser and other commonly found software. The free version just protects the web-browsers and Java, while the Premium version protects PDF readers, Microsoft office applications, medial players, and allows for creation of custom shields. It reminded be a bit of an old PCTools product (now retired) called ThreatFire. I’m not linking to it since it is old but you can search if you are curious.

I’ve not yet applied it to our “production” systems, but am running it on a Windows 7 Enterprise VM system that also has EMET 5.0 and AVG Free protection. Early alpha/beta versions did have conflicts with EMET but this public version seems to work fine with it. So far so stable. Once I am comfortable with it, I may try it on our primary laptops.

What else?

The HDD is “protected” with the last working version of TrueCrypt. Yes I know all about the drama.

As I have said, my primary concern is data loss from burglary or theft, less so from the multi-letter agencies.  When I get around to upgrading to a 1 TB SSD hard drive (prices please drop!) I may plunge in and do an upgrade to Windows 8.whatever at a level that would support Bitlocker so I could get off TrueCrypt. But that’s activity for a different day.

The take away here is that I’m keeping my systems updated and that I’ve layered the defenses. It’s become much more work than most standard users would do, but instead of fishing for a hobby, I sysadmin.

Cheers,

--Claus Valca

Footnotes:

Saturday, May 31, 2014

TrueCrypt: A Perspective

OK. By now everyone who cares should already be familiar with the world getting turned upside down this past week regarding TrueCrypt.

Just in case, here is a collection of the best news I can find about the situation. Read up if this is news to you, listed in semi-breaking order.

Conspiracy theories aside, it appears (most likely) that the project developers decided to throw in the towel on the project.

This is the best full-summary page I can find on the whole thing; and archive downloads of the working version.

Last good “working” (meaning encrypting supporting) version? TrueCrypt 7.1a.

That’s actually the same version I have been running on my Win 7 laptop for some time now with no issues.

My use of TrueCrypt at home isn’t to keep my system locked down from any three-letter government agencies. If some theories are true and it was compromised/backdoored, then we all have bigger issues to worry about--well we have those already. What I mean to say is my use of full-disk-encryption is to protect the system if our home is broken into and it is lost due to common theft/burglary. TrueCrypt should be able to keep our data safe and minimize the impact of the system’s loss.

As such, I’ve seen nothing to believe that I should discontinue use of TrueCrypt at home in this protection and security scenario. I will continue to do so until new data comes to light that suggests a common, non-technical thief could easily bypass TrueCrypt.

However.

If I did want/need to go to a different whole-disk encryption solution here are the options I personally would be considering.

Microsoft Bitlocker?

This is what the TrueCrypt developers tossed their fans towards, cryptically.

Only I have Windows 7 Premium that doesn’t come with our support Bitlocker. Bummer for us sheeple.

I suppose I could just go ahead and do a Windows Anytime Upgrade to Ultimate or Enterprise, right? Would cost me some money but hey…not too shabby?

Umm, it looks like now that Win 8/8.1 is out, no more Anytime Upgrades to higher Win 7 editions. That sucks.

So, I could just pony up the money for a full Win 7 update OS upgrade.

But at those price-points, I probably would be considering just purchasing a commercial ($-$$) whole disk encryption solution for less.

BIOS based or Self Encrypting Drive locking?

So, rather than using an OS-based software solution, one could switch over to using the BIOS to lock down the hard-drive access. Some BIOS systems allow setting of a hard drive access password. This is similar to, but not always the same as, a Self Encrypting Drive (SED) solution.

These might be a pretty good solution on modern hardware; but may not work if the system is kept in a hibernate/sleep mode. It’s also hard to find a lot of hardware options to retrofit a SED drive. Price and formats are very limited in my searches for one.

That said, if your system does support it, you may already be able to go to an alternative whole disk encryption/access protection without any additional expense.

Freeware Whole Disk Encryption Alternatives

CE-Infosys : FREE CompuSec PC Security Suite - This is a German freeware product. I used it along time ago in testing against Kon Boot bypass technique. It worked great, was well documented, and remains free for personal usage.  My biggest concern is that it does not seem to support use with WinPE so that if some kind of failure occurred, I could not off-line authenticate to the encrypted contents. I must do a full disk-decryption.

TrueCrypt protected drives can be off-line accessed from a WinPE environment as long as you have the TrueCrypt drivers/application available.

DiskCryptor - This application seems to have continued to mature in the shadow of TrueCrypt. It is frequently updated and does support off-line access of a encrypted volume from a WinPE environment. LiveCD - DiskCryptor wiki. Bart and Winbuilder guides are available to assist with the process.  I suspect this project will get renewed support as TrueCrypt fans shift there attention here.

FreeOTFE - I’m not familiar with this product but it did get a bit of mention in some comment sections after TrueCrypt’s stage exit.

For the Truly Paranoid

Tails - Privacy for anyone anywhere

I guess the theory would go, run Tails from a boot media (CD/DVD/USB) on your system.  Keep the HDD itself zero’ed out, or use an encrypted volume on it, and then use an encrypted USB tool as well for file-storage…or keep your required files in a cloud store…that supports encryption as well.

That’s a bit extreme to me with the other solutions…but some people in some countries may very well need that level of protection.

I’m sure we will see some alternative free/Open Source solutions for whole disk encryption come in to fill the void left by TrueCrypt…if things bear out on the current trajectory.  In the meantime, alternatives do exist…including continued use of TrueCrypt 7.1a.

Cheers.

--Claus Valca

Saturday, November 02, 2013

Miscellaneous TrueCrypt linkage

I have used TrueCrypt for a long time…but only with TrueCrypt container files that stand alone and are mounted.

Then I branched out and started using full-volume encryption to protect some back-up external USB drive devices.

Recently, I bit the bullet and started using TrueCrypt system-wide encryption to protect my personal home laptop…all system volumes. No worries so far.

Because of that I pay close attention to TrueCrypt news, and here is some linkage, in case you are interested.

Let's audit Truecrypt! - A Few Thoughts on Cryptographic Engineering blog by Matthew Green

New effort to fully audit TrueCrypt raises $16,000+ in a few short weeks - Ars Technica

Is TrueCrypt Audited Yet? - project homepage

How I compiled TrueCrypt 7.1a for Win32 and matched the official binaries - technically heavy-duty and most excellent article by Xavier de Carné de Carnavalet.

Windows 8.1 upgrade: be careful with TrueCrypt - GTranslated - Borns IT and Windows Blog - Basically, if you are using full-system partition encryption with TrueCrypt, the recommendation is to first fully-decrypt and remove TrueCrypt encryption…then apply the Win 8.1 upgrade…then reapply the TrueCrypt full system partition encryption. If not you might hose your system during the upgrade. That’s a bad thing.

Cheers,

Claus Valca