sign in sign up
<<
Home , Encrypting File System, Volume (computing), Windows Vista

Protect Sensitive Data Using Technologies

Ravi Sankar Technology Evangelist | Corporation http://ravisankar.spaces.live.com/blog Where is the User Data Stored?

Q: Where is the biggest data exposure risk?

SQL Clients

• Documents

–Where do users keep their documents? • User Profile

–Outlook, Sharepoint, Desktop, Temp, IE… • Per-machine Data

–Search index, offline file cache, pagefile… • Non-standard Locations

–…ISV & in-house apps What are the data protection options? • BitLocker Drive Encryption • Encrypting • Rights Management Service • But don’t forget –Data backup –Data minimizing –Data classification • Each year, hundreds of thousands of without appropriate safeguards are lost, stolen, or improperly decommissioned around the world BitLockerTM / EFS in Vista Disk Layout & Key Storage Where’s the Encryption Key? 1. SRK (Storage Root Key) contained in TPM Contains: 2. SRK encrypts the VMK (Volume Master Key). • Encrypted OS 3. VMK encrypts FVEK (Full Volume • Encrypted File Encryption Key) – used for the actual data • Encrypted Temp Files encryption. • Encrypted Data 4. FVEK and VMK are stored encrypted on the • Encrypted File Operating System Volume.

VMK FVEK 2 SRK Operating 3 1 System 4 Volume System Volume (1.5GB) System Contains: • MBR • Boot Manager • Boot Utilities BDE Protection Methods Factors BDE Function and Remarks • Transparently validates early boot components on OS startup • Best ease of use TPM • Protects against HW-only attacks • Vulnerable to some HW attacks TPM • User must enter 4-20 digit PIN on OS startup • BDE validates PIN and early boot components + • Protects against software-only and many hardware attacks PIN • Vulnerable to TPM breaking attacks TPM • Looks for USB flash drive with Startup Key • BDE validates saved key and early boot components + • Protects against many HW attacks Startup Key • Protects against TPM attacks • Looks for USB with Startup Key • BDE validates saved key Startup Key • Protects against many HW attacks • Vulnerable to lost token and pre-OS attacks BitLocker Scenario 1 BitLocker Scenario 2 BitLocker Scenario 3

Normal Vs. BitLocker™ Decommission

Nothing

****** *

Delete keys Reformat drive

Admin wipes drive

• Encrypts each file • Requires NTFS • support for user/ recovery key • Confidential information is leaked out by accidental forwarding of e-mails and other documents Does your policy support enforcement..? End User Scenarios • Safeguard Sensitive Information with RMS • Protect e-, documents, and Web content

 Keep corporate e-mail off the Internet Outlook 2003  Prevent forwarding of confidential Secure Emails Windows RMS information  Templates to centrally manage policies

 Control access to sensitive info Word 2003, PowerPoint 2003  Set access level - view, change, ... Secure Documents Excel 2003, Windows RMS  Determine length of access  Log and audit who has accessed rights-protected information

Users without Office 2003 can view rights- protected files IE w/RMA, Windows RMS Secure Intranets Enforces assigned rights: view, print, export, /paste & -based expiration Federated Rights Management

Contoso Adatum

Together AD FS and AD RMS enable users from different domains to securely share documents based on federated Account Federation Trust Resource identities Federation Federation AD RMS is fully claims- Server aware and can interpret AD FS claims Web Office SharePoint Server SSO 2007 can be configured to accept federated identity claims RMS does not protect against analog attacks… /Server 2008 Information Protection

Scenarios BitLocker EFS RMS Laptops Branch office server Local single-user file & folder protection Local multi-user file & folder protection Remote file & folder protection Untrusted network admin Remote document policy enforcement

Some cases can result in overlap. (e.g. Multi-user roaming laptops with untrusted network admins)