DOCSLIB.ORG

Comparison of Disk Encryption Software 1 Comparison of Disk Encryption Software

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Comparison of disk encryption software 1 Comparison of disk encryption software This is a technical feature comparison of different disk encryption software. Background information Name Developer First released Licensing Maintained? ArchiCrypt Live Softwaredevelopment Remus ArchiCrypt 1998 Proprietary Yes [1] BestCrypt Jetico 1993 Proprietary Yes BitArmor DataControl BitArmor Systems Inc. 2008-05 Proprietary Yes BitLocker Drive Encryption Microsoft 2006 Proprietary Yes Bloombase Keyparc Bloombase 2007 Proprietary Yes [2] CGD Roland C. Dowdeswell 2002-10-04 BSD Yes CenterTools DriveLock CenterTools 2008 Proprietary Yes [3][4][5] Check Point Full Disk Encryption Check Point Software Technologies Ltd 1999 Proprietary Yes [6] CrossCrypt Steven Scherrer 2004-02-10 GPL No Cryptainer Cypherix (Secure-Soft India) ? Proprietary Yes CryptArchiver WinEncrypt ? Proprietary Yes [7] cryptoloop ? 2003-07-02 GPL No cryptoMill SEAhawk Proprietary Yes Discryptor Cosect Ltd. 2008 Proprietary Yes DiskCryptor ntldr 2007 GPL Yes DISK Protect Becrypt Ltd 2001 Proprietary Yes [8] cryptsetup/dmsetup Christophe Saout 2004-03-11 GPL Yes [9] dm-crypt/LUKS Clemens Fruhwirth (LUKS) 2005-02-05 GPL Yes DriveCrypt SecurStar GmbH 2001 Proprietary Yes DriveSentry GoAnywhere 2 DriveSentry 2008 Proprietary Yes [10] E4M Paul Le Roux 1998-12-18 Open source No e-Capsule Private Safe EISST Ltd. 2005 Proprietary Yes Dustin Kirkland, Tyler Hicks, (formerly [11] eCryptfs 2005 GPL Yes Mike Halcrow) FileVault Apple Inc. 2003-10-24 Proprietary Yes FileVault 2 Apple Inc. 2011-7-20 Proprietary Yes FinallySecure Enterprise SECUDE 2006 Proprietary Yes (SECUDE) FREE CompuSec CE-Infosys 2002 Proprietary Yes [12] FreeOTFE Sarah Dean 2004-10-10 Open source Yes [13] GBDE Poul-Henning Kamp 2002-10-19 BSD Yes Comparison of disk encryption software 2 [14] GELI Pawel Jakub Dawidek 2005-04-11 BSD Yes KryptOS The MorphOS Development Team 2010 Proprietary Yes loop-AES Jari Ruusu 2001-04-11 GPL Yes n-Crypt Pro n-Trance Security Ltd 2005 Proprietary Yes [15] PGPDisk PGP Corporation 1998-09-01 Proprietary Yes [16] Private Disk Dekart 1993 Proprietary Yes R-Crypto R-Tools Technology Inc 2008 Proprietary Yes McAfee Endpoint Encryption McAfee, Inc. [17] 2007 Proprietary Yes (SafeBoot) [18] SafeGuard Easy Sophos (Utimaco) 1993 Proprietary Yes [19] SafeGuard Enterprise Sophos (Utimaco) 2007 Proprietary Yes [20] SafeGuard PrivateDisk Sophos (Utimaco) 2000 Proprietary Yes SafeHouse Professional PC Dynamics, Inc. 1992 Proprietary Yes Scramdisk Shaun Hollingworth 1997-07-01 Open source No [21] Scramdisk 4 Linux Hans-Ulrich Juettner 2005-08-06 GPL Yes SecuBox Aiko Solutions 2007-02-19 Proprietary Yes SECUDE Secure Notebook SECUDE 2003 Proprietary Yes SecureDoc WinMagic Inc. 1997 Proprietary Yes [22] Sentry 2020 SoftWinter 1998 Proprietary Yes [23] softraid / RAID C OpenBSD 2007-11-01 BSD Yes SpyProof! Information Security Corp. 2002 Proprietary Yes [24] svnd / vnconfig OpenBSD 2000-12-01 BSD Yes Symantec Endpoint Encryption Symantec Corporation 2008 Proprietary Yes [25] TrueCrypt Foundation 2004-02-02 Proprietary TrueCrypt TrueCrypt [26] Yes License 3.0 Aloaha Secure Stick Aloaha 2008 Proprietary Yes Name Developer First released Licensing Maintained? Operating systems Comparison of disk encryption software 3 Name Windows Pre-Windows Windows FreeBSD Linux Mac NetBSD OpenBSD DragonFly NT-based NT Mobile/Pocket OS X BSD PC ArchiCrypt Live Yes No No No No No No No No BestCrypt Yes Yes No No Yes Yes No No No BitArmor DataControl Yes No No No No No No No No BitLocker Drive Yes No No No No No No No No Encryption Bloombase Keyparc Yes Yes No No Yes Yes No No No CenterTools DriveLock Yes No No No No No No No No CGD No No No No No No Yes No No Check Point Full Disk Yes No Yes No Yes Yes No No No Encryption CrossCrypt Yes No No No No No No No No [27] Cryptainer Yes No Yes No No No No No No CryptArchiver Yes No No No No No No No No [28] cryptoloop Yes No No No Yes No No No No Discryptor Yes No No No No No No No No DiskCryptor Yes No No No No No No No No DISK Protect Yes No No No No No No No No [28] cryptsetup/dmsetup Yes No No No Yes No No No Yes [28] [29] dm-crypt/LUKS Yes No Yes No Yes No No No Yes DriveCrypt Yes No No No No No No No No DriveSentry Yes No No No No No No No No GoAnywhere 2 E4M Yes Yes No No No No No No No e-Capsule Private Safe Yes No No No No No No No No eCryptfs No No No Yes Yes No No No No FileVault No No No No No Yes No No No FileVault 2 No No No No No Yes No No No FREE CompuSec Yes No No No Yes No No No No [30] FreeOTFE Yes No Yes No Partial No No No No GBDE No No No Yes No No No No No GELI No No No Yes No No No No No loop-AES No No No No Yes No No No No n-Crypt Pro Yes No No No No No No No No PGPDisk Yes No No No No Yes No No No PGP Whole Disk Yes No No No Yes Yes No No No Encryption Private Disk Yes Yes No No No No No No No Comparison of disk encryption software 4 R-Crypto Yes No No No No No No No No McAfee Endpoint Yes No [31] No No Yes No No No Encryption (SafeBoot) Yes SafeGuard Easy Yes No No No No No No No No SafeGuard Enterprise Yes No No No No Yes No No No SafeGuard PrivateDisk Yes No No No No No No No No SafeHouse Professional Yes Yes No No No No No No No Scramdisk Yes Yes No No Yes No No No No Scramdisk 4 Linux No No No No Yes No No No No SecuBox No No Yes No No No No No No FinallySecure Yes No No No No No No No No Enterprise (SECUDE) SecureDoc Yes No No No Yes Yes No No No Sentry 2020 Yes No No No No No No No No softraid / RAID C No No No No No No No Yes No SpyProof! Yes No No No No No No No No svnd / vnconfig No No No No No No No Yes No Symantec Endpoint Yes No No No No No No No No Encryption [32] TrueCrypt Yes No No No Yes Yes No No No Aloaha Secure Stick Yes No No No No No No No No Name Windows Pre-Windows Windows FreeBSD Linux Mac NetBSD OpenBSD DragonFly NT-based NT Mobile/Pocket OS X BSD PC Features • Hidden containers: Whether hidden containers (an encrypted container (A) within another encrypted container (B) so the existence of container A can not be established)[33] can be created for deniable encryption. Note that some modes of operation like CBC with a plain IV can be more prone to watermarking attacks than others. • Pre-boot authentication: Whether authentication can be required before booting the computer, thus allowing one to encrypt the boot disk. • Custom authentication: Whether custom authentication mechanisms can be implemented with third-party applications. • Multiple keys: Whether an encrypted volume can have more than one active key. • Passphrase strengthening: Whether key strengthening is used with plain text passwords to frustrate dictionary attacks, usually using PBKDF2. • Hardware acceleration: Whether dedicated cryptographic accelerator expansion cards can be taken advantage of. • Trusted Platform Module: Whether the implementation can use a TPM cryptoprocessor. • Filesystems: what filesystems are supported. • Two-factor authentication: Whether optional security tokens (hardware security modules, such as Aladdin eToken and smart cards) are supported (for example using PKCS#11) Comparison of disk encryption software 5 Name Hidden Pre-boot Custom Multiple keys Passphrase Hardware TPM Filesystems Two-factor containers authentication authentication strengthening acceleration authentication [34] [34][35] [34][36] ArchiCrypt Live Yes No No Yes No No No ? Yes BestCrypt Any [37] [38] Yes Yes No Yes Yes Yes Yes supported Yes by OS BitArmor NTFS, DataControl FAT32 on No Yes No Yes Yes No No No non-system volumes BitLocker Drive [39] [40] [41] [42] [41] Chiefly [44] No Yes Yes Yes Yes Yes Yes [43] Yes Encryption NTFS Bloombase No No Yes Yes Yes Yes No ? ? Keyparc CGD Any [45] [46] [45] [] No No Yes Yes Yes No No supported Yes by OS CenterTools Any DriveLock No Yes No No Yes No No supported Yes by OS Check Point Full ? Yes Yes Yes Yes ? ? ? Yes Disk Encryption CrossCrypt No No No No No No No ? No CryptArchiver No No No No ? No No ? ? cryptoloop Any [47] No Yes Yes No No Yes No supported ? by OS DiskCryptor Any [48] [48] No Yes Yes No Yes Yes No supported Yes by OS [49] [49] DISK Protect ? Yes ? Yes ? ? No ? ? cryptsetup/dmsetup Any [47] No Yes Yes No No Yes No supported No by OS dm-crypt/LUKS Any [47] No Yes Yes Yes Yes Yes No supported Yes by OS [50] DriveCrypt Yes Yes No Yes Yes No No ? Yes DriveSentry Any GoAnywhere 2 No No Yes No Yes No ? supported Yes by OS E4M No No No No ? No No ? No e-Capsule Private [51] No No [] No Yes No ? ? Safe Yes Yes [52] eCryptfs No No Yes Yes Yes Yes Yes Yes Yes Comparison of disk encryption software 6 FileVault ? HFS+, Two [53] No No No [53] Yes No possibly No passwords others FileVault 2 HFS+, [54] No Yes No Yes Yes Yes No possibly No others FREE CompuSec Any No Yes No No No No No supported No by OS FreeOTFE Any [55] [56] Yes No Yes Yes Yes No No supported Yes by OS GBDE Any [57] [58] [58] [57] No No Yes Yes No No No supported Yes by OS GELI Any [57] [59] [59] [57] No Yes Yes Yes Yes Yes No supported Yes by OS GuardianEdge NTFS, Hard Disk No Yes Yes Yes Yes No No Yes FAT32 Encryption loop-AES Any [60] [60] [60] [60] [60] [61] No Yes Yes Yes Yes Yes No supported Yes by OS [62] n-Crypt Pro No No No No N/A No No ? ? [63] [64] PGPDisk No Yes ? Yes Yes ? Yes ? Yes Private Disk Any No No No Yes Yes No No supported Yes by OS R-Crypto Any ? No ? ? ? ? ? supported ? by OS McAfee Endpoint Any [65] Encryption Yes Yes Yes Yes Yes Yes Yes supported Yes (SafeBoot) by OS SafeGuard Easy Any [66] No Yes No Yes Yes No Yes supported Yes by OS SafeGuard Any [66] Enterprise No Yes No Yes Yes No Yes supported Yes by OS SafeGuard Any [67] PrivateDisk
Recommended publications
  • Operating System Boot from Fully Encrypted Device

    Operating System Boot from Fully Encrypted Device

    Masaryk University Faculty of Informatics Operating system boot from fully encrypted device Bachelor’s Thesis Daniel Chromik Brno, Fall 2016 Replace this page with a copy of the official signed thesis assignment and the copy of the Statement of an Author. Declaration Hereby I declare that this paper is my original authorial work, which I have worked out by my own. All sources, references and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Daniel Chromik Advisor: ing. Milan Brož i Acknowledgement I would like to thank my advisor, Ing. Milan Brož, for his guidance and his patience of a saint. Another round of thanks I would like to send towards my family and friends for their support. ii Abstract The goal of this work is description of existing solutions for boot- ing Linux and Windows from fully encrypted devices with Secure Boot. Before that, though, early boot process and bootloaders are de- scribed. A simple Linux distribution is then set up to boot from a fully encrypted device. And lastly, existing Windows encryption solutions are described. iii Keywords boot process, Linux, Windows, disk encryption, GRUB 2, LUKS iv Contents 1 Introduction ............................1 1.1 Thesis goals ..........................1 1.2 Thesis structure ........................2 2 Boot Process Description ....................3 2.1 Early Boot Process ......................3 2.2 Firmware interfaces ......................4 2.2.1 BIOS – Basic Input/Output System . .4 2.2.2 UEFI – Unified Extended Firmware Interface .5 2.3 Partitioning tables ......................5 2.3.1 MBR – Master Boot Record .
  • Effective Crypto Ransomawre Detection Using Hardware

    Effective Crypto Ransomawre Detection Using Hardware

    Effective Crypto Ransomawre Detection Using Hardware Performance Counters John Podolanko Department of Computer Science & Engineering The University of Texas at Arlington Supervisor Jiang Ming, PhD In partial fulfillment of the requirements for the degree of Master of Science in Computer Science May 2019 Abstract Systems affected by malware in the past 10 years has risen from 29 million to 780 million, which tells us it is a rapidly growing threat. Viruses, ransomware, worms, backdoors, botnets, etc. all come un- der malware. Ransomware alone is predicted to cost $11.5 billion in 2019. As the downtime, data loss, and financial damages are ris- ing, researchers continue to look for new ways to mitigate this threat. However, the common approaches have shown to yield high false posi- tive rates or delayed detection rates resulting in data loss. My research explores a dynamic approach for early-stage ransomware detection by modeling its behavior using hardware performance counters with low overhead. The analysis begins on a bare-metal machine running ran- somware which is profiled for hardware calls using Intel R VTuneTM Amplifier before it compromises the system. By using this approach, I am able to generate models using hardware performance counters extracted by VTuneTM on known ransomware samples collected from VirusTotal and Hybrid Analysis, and I use that data to train the de- tection system using machine learning techniques. I have shown that hardware performance counters can provide effective metrics for use in detecting and mitigating the ever-growing ransomware threat faced by the world while ensuring no data is lost. ii Acknowledgements The author thanks the supervisory committee for all their guidance, support, and patience.
  • Mobiceal: Towards Secure and Practical Plausibly Deniable Encryption on Mobile Devices

    Mobiceal: Towards Secure and Practical Plausibly Deniable Encryption on Mobile Devices

    2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks MobiCeal: Towards Secure and Practical Plausibly Deniable Encryption on Mobile Devices Bing Chang∗, Fengwei Zhang†, Bo Chen‡, Yingjiu Li∗, Wen-Tao Zhu§, Yangguang Tian∗, Zhan Wang¶ and Albert Ching ∗School of Information Systems, Singapore Management University, {bingchang, yjli, ygtian}@smu.edu.sg †Department of Computer Science, Wayne State University, [email protected] ‡Department of Computer Science, Michigan Technological University, [email protected] §Data Assurance and Communications Security Research Center, Chinese Academy of Sciences, [email protected] ¶RealTime Invent, Inc. i-Sprint Innovations Abstract—We introduce MobiCeal, the first practical Plausibly searched and copied when he was crossing a border, and he Deniable Encryption (PDE) system for mobile devices that can was inspected for seven times during five years [26]. defend against strong coercive multi-snapshot adversaries, who The existing PDE systems on mobile devices [21], [34], may examine the storage medium of a user’s mobile device at different points of time and force the user to decrypt data. [35], [43], [27], [20] are not resilient against such multi- MobiCeal relies on “dummy write” to obfuscate the differences snapshot attacks since they hide sensitive data in the ran- between multiple snapshots of storage medium due to existence domness initially filled across the entire disk. By comparing of hidden data. By incorporating PDE in block layer, MobiCeal storage snapshots at different points of time, a multi-snapshot supports a broad deployment of any block-based file systems on adversary may detect any unaccountable changes to the ran- mobile devices.
  • PV204: Disk Encryption Lab

    PV204: Disk Encryption Lab

    PV204: Disk encryption lab May 12, 2016, Milan Broz <[email protected]> Introduction Encryption can provide confidentiality and authenticity of user data. It can be implemented on several different layes, including application, file system or storage device. Application encryption examples are PGP or ZIP compression with password. Encryption of files (inside filesystem or through independent layer like Linux eCryptfs) provides more generic solution. Yet some parts (like filesystem metadata) are still unencrypted. However this solution provides encrypted data with private key per user. (Every user can have own directory encrypted by own key.) Encryption of the low-level storage (disk) is called Full Disk Encryption (FDE). It is completely transparent to the user (no need to choose what to encrypt – the whole disk is encrypted). The encrypted disk behaves as the same as a disk without encryption. The major disadvantage is that everyone who knows the password can read the whole disk. Often we combine FDE with another encryption layer. The primary use of FDE is to provide data confidentiality in power-down mode (stolen laptop does not leak user data). Once the disk is unlocked, the main encryption key remains in system, usually directly in system RAM. Exercise II will show how easy is to get this key from memory image of system. Another disadvantage of FDE is that it usually cannot guarantee integrity of data. Encryption is fully transparent and length-preserving, the ciphertext and plaintext device are of the same size. There is no space to store any integrity information. This allows attacks by direct modification of ciphertext.
  • ストレージの管理: Geom, Ufs, Zfs

    ストレージの管理: Geom, Ufs, Zfs

    FreeBSD 勉強会 ストレージの管理: GEOM, UFS, ZFS 佐藤 広生 <[email protected]> 東京工業大学/ FreeBSD Project 2012/7/20 2012/7/20 (c) Hiroki Sato 1 / 94 FreeBSD 勉強会 前編 ストレージの管理: GEOM, UFS, ZFS 佐藤 広生 <[email protected]> 東京工業大学/ FreeBSD Project 2012/7/20 2012/7/20 (c) Hiroki Sato 1 / 94 講師紹介 佐藤 広生 <[email protected]> ▶ *BSD関連のプロジェクトで10年くらい色々やってます ▶ カーネル開発・ユーザランド開発・文書翻訳・サーバ提供 などなど ▶ FreeBSD コアチームメンバ(2006 年から 4期目)、 リリースエンジニア (commit 比率は src/ports/doc で 1:1:1くらい) ▶ AsiaBSDCon 主宰 ▶ 技術的なご相談や講演・執筆依頼は [email protected] まで 2012/7/20 (c) Hiroki Sato 2 / 94 お話すること ▶ ストレージ管理 ▶ まずは基礎知識 ▶ GEOMフレームワーク ▶ 構造とコンセプト ▶ 使い方 ▶ ファイルシステム ▶ 原理と技術的詳細を知ろう ▶ UFS の構造 ▶ ZFS の構造(次回) ▶ GEOM, UFS, ZFSの実際の運用と具体例(次回) 2012/7/20 (c) Hiroki Sato 3 / 94 復習:UNIX系OSの記憶装置 記憶装置 ハードウェア カーネル ソフトウェア ユーザランド ユーザランド ユーザランド プロセス プロセス プロセス 2012/7/20 (c) Hiroki Sato 4 / 94 復習:UNIX系OSの記憶装置 HDD カーネル デバイスドライバ GEOMサブシステム /dev/foo (devfs) バッファキャッシュ VMサブシステム physio() ファイルシステム ユーザランドアプリケーション 2012/7/20 (c) Hiroki Sato 5 / 94 復習:UNIX系OSの記憶装置 ▶ 記憶装置はどう見える? ▶ UNIX系OSでは、資源は基本的に「ファイル」 ▶ /dev/ada0 (SATA, SAS HDD) ▶ /dev/da0 (SCSI HDD, USB mass storage class device) ▶ 特殊ファイル(デバイスノード) # ls -al /dev/ada* crw-r----- 1 root operator 0, 75 Jul 19 23:46 /dev/ada0 crw-r----- 1 root operator 0, 77 Jul 19 23:46 /dev/ada1 crw-r----- 1 root operator 0, 79 Jul 19 23:46 /dev/ada1s1 crw-r----- 1 root operator 0, 81 Jul 19 23:46 /dev/ada1s1a crw-r----- 1 root operator 0, 83 Jul 19 23:46 /dev/ada1s1b crw-r----- 1 root operator 0, 85 Jul 19 23:46 /dev/ada1s1d crw-r----- 1 root operator 0, 87 Jul 19 23:46 /dev/ada1s1e crw-r----- 1 root operator 0, 89
  • Portace Na Jin´E Os

    Portace Na Jin´E Os

    VYSOKEU´ CENˇ ´I TECHNICKE´ V BRNEˇ BRNO UNIVERSITY OF TECHNOLOGY FAKULTA INFORMACNˇ ´ICH TECHNOLOGI´I USTAV´ INFORMACNˇ ´ICH SYSTEM´ U˚ FACULTY OF INFORMATION TECHNOLOGY DEPARTMENT OF INFORMATION SYSTEMS REDIRFS - PORTACE NA JINE´ OS PORTING OF REDIRFS ON OTHER OS DIPLOMOVA´ PRACE´ MASTER’S THESIS AUTOR PRACE´ Bc. LUKA´ Sˇ CZERNER AUTHOR VEDOUC´I PRACE´ Ing. TOMA´ Sˇ KASPˇ AREK´ SUPERVISOR BRNO 2010 Abstrakt Tato pr´acepopisuje jak pˇr´ıpravu na portaci, tak samotnou portaci Linuxov´ehomodulu RedirFS na operaˇcn´ısyst´emFreeBSD. Jsou zde pops´any z´akladn´ırozd´ılypˇr´ıstupuk Lin- uxov´emu a FreeBSD j´adru,d´alerozd´ılyv implementaci, pro RedirFS z´asadn´ı,ˇc´astij´adra a sice VFS vrstvy. D´alezkoum´amoˇznostia r˚uzn´epˇr´ıstupy k implementaci funkcionality linuxov´ehoRedirFS na operaˇcn´ımsyst´emu FreeBSD. N´aslednˇejsou zhodnoceny moˇznostia navrˇzenide´aln´ıpostup portace. N´asleduj´ıc´ıkapitoly pak popisuj´ıpoˇzadovanou funkcional- itu spolu s navrhovanou architekturou nov´ehomodulu. D´aleje detailnˇepops´ann´avrha implementace nov´ehomodulu tak, aby mˇelˇcten´aˇrjasnou pˇredstavu jak´ymzp˚usobem modul implementuje poˇzadovanou funkcionalitu. Abstract This thesis describes preparation for porting as well aw porting itself of RedirFS Linux kernel module to FreeBSD. Basic differences between Linux and FreeBSD kernels are de- scribed as well as differences in implementation of the Virtual Filesystem, crucial part for RedirFS. Further there are described possibilities and different approaches to implemen- tation RedirFS functionality to FreeBSD. Then, the possibilities are evaluated and ideal approach is proposed. Next chapters introduces erquired functionality of the new module as well as its solutions. Then the implementation details are describet so the reader can very well understand how the new module works and how the required functionality is implemented into the module.
  • Taxonomy of Linux Kernel Vulnerability Solutions

    Taxonomy of Linux Kernel Vulnerability Solutions

    Taxonomy of Linux Kernel Vulnerability Solutions Serguei A. Mokhov Marc-Andre´ Laverdiere` Djamel Benredjem Computer Security Laboratory Computer Security Laboratory Computer Security Laboratory Concordia Institute for Concordia Institute for Concordia Institute for Information Systems Engineering Information Systems Engineering Information Systems Engineering Concordia University, Concordia University, Concordia University, Montreal, Quebec, Canada Montreal, Quebec, Canada Montreal, Quebec, Canada Email: [email protected] Email: ma [email protected] Email: d [email protected] Abstract—This paper presents the results of a case study on C programs in general, as well as statistics on their relative software vulnerability solutions in the Linux kernel. Our major importance. We also introduce a new methodology to track contribution is the introduction of a classification of methods used the patch solving a security issue based only on the contents to solve vulnerabilities. Our research shows that precondition validation, error handling, and redesign are the most used of the security advisory. methods in solving vulnerabilities in the Linux kernel. This The paper is organized as follows: we examine previous contribution is accompanied with statistics on the occurrence work that was done regarding Linux and C security in of the different types of vulnerabilities and their solutions that Section II, followed by a description of the methodology we observed during our case study, combined with example used in order to obtain the solutions to the vulnerabilities in source code patches. We also combine our findings with existing programming guidelines to create the first security-oriented Section III. Afterwards, in Section IV, we show our results, coding guidelines for the Linux kernel.
  • Mcafee Foundstone Fsl Update

    Mcafee Foundstone Fsl Update

    2016-AUG-18 FSL version 7.5.841 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release. NEW CHECKS 20369 - Splunk Enterprise Multiple Vulnerabilities (SP-CAAAPQM) Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: High CVE: CVE-2013-0211, CVE-2015-2304, CVE-2016-1541, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE- 2016-2109, CVE-2016-2176 Description Multiple vulnerabilities are present in some versions of Splunk Enterprise. Observation Splunk Enterprise is an operational intelligence solution Multiple vulnerabilities are present in some versions of Splunk Enterprise. The flaws lie in multiple components. Successful exploitation by a remote attacker could lead to the information disclosure of sensitive information, cause denial of service or execute arbitrary code. 20428 - (HT206899) Apple iCloud Multiple Vulnerabilities Prior To 5.2.1 Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2016-1684, CVE-2016-1836, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483, CVE-2016-4607, CVE- 2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4619 Description Multiple vulnerabilities are present in some versions of Apple iCloud. Observation Apple iCloud is a manager for the Apple's could based storage service. Multiple vulnerabilities are present in some versions of Apple iCloud. The flaws lie in several components. Successful exploitation could allow an attacker to retrieve sensitive data, cause a denial of service condition or have other unspecified impact on the target system.
  • Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives

    Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives

    Self-encrypting deception: weaknesses in the encryption of solid state drives Carlo Meijer Bernard van Gastel Institute for Computing and Information Sciences School of Computer Science Radboud University Nijmegen Open University of the Netherlands [email protected] and Institute for Computing and Information Sciences Radboud University Nijmegen Bernard.vanGastel@{ou.nl,ru.nl} Abstract—We have analyzed the hardware full-disk encryption full-disk encryption. Full-disk encryption software, especially of several solid state drives (SSDs) by reverse engineering their those integrated in modern operating systems, may decide to firmware. These drives were produced by three manufacturers rely solely on hardware encryption in case it detects support between 2014 and 2018, and are both internal models using the SATA and NVMe interfaces (in a M.2 or 2.5" traditional form by the storage device. In case the decision is made to rely on factor) and external models using the USB interface. hardware encryption, typically software encryption is disabled. In theory, the security guarantees offered by hardware encryp- As a primary example, BitLocker, the full-disk encryption tion are similar to or better than software implementations. In software built into Microsoft Windows, switches off software reality, we found that many models using hardware encryption encryption and completely relies on hardware encryption by have critical security weaknesses due to specification, design, and implementation issues. For many models, these security default if the drive advertises support. weaknesses allow for complete recovery of the data without Contribution. This paper evaluates both internal and external knowledge of any secret (such as the password).
  • Omegakey Manage Your Device at the Management Module

    Omegakey Manage Your Device at the Management Module

    Welcome to use our latest version of Lost Mode How to Start to Use it Bluetooth tracker. Detect the distance between the device and Bluetooth Tracker module your phone under the lost mode .Turn on the Step 1: Download the latest version App(version 1.6.0) from Apple App store. omegakey Manage your device at the management module. alarm at alert whether the device is lost, there Step 2: Open the Bluetooth and App. are two levels of lost alarm mode. Select the Thank you for purchasing omegakey Freely set and remove your device here. Step 3: Tap the Beacon for 3-5 times on hard surface, and the Beacon will be connectable when you Double-click the “call” button to find your device. alarm mode you want from the device. Phone hear a buzz. alarm, and both ends alarm. Step 4: Click the Beacon in the App which you want to configure and enter a name to connect it. Step 5: Now, you can configure and use the Beacon normally. NEXT Note: If you're having trouble with the Bluetooth, we recommend you completely remove the battery from the unit for 10 sec and reinsert it. There are many apps you can download some are better than others, we have linked just click on the apple / android icons on the first page Once you have selected the app you like download it and follow the on screen instructions ATTACH BLUETOOTH BEACON EXTERNALLY FOR MAX PERFORMANCE Found mode More View the alarm location or item's last location Find the device under the find mode according p.s make sure your Bluetooth is on and your phone is compatible with 4.0 Bluetooth to the strength of the signal.
  • A Future-Focused Forensic Imager Designed to Streamline Evidence Collection Processes

    A Future-Focused Forensic Imager Designed to Streamline Evidence Collection Processes

    A Future-Focused Forensic Imager Designed to Streamline Evidence Collection Processes Extremely fast forensic imaging speed surpassing 50GB/min. Clone PCIe to PCIe at speeds above 90GB/min Image to/from Thunderbolt™ 3/USB-C external storage enclosures with an optional I/O card. Image and verify from up to 5 source drives up to 9 destinations simultaneously Create a logical image to capture only specific files needed Concurrent Image+Verify greatly reduces duration of image plus verification process Two 10GbE connections provide fast network imaging performance Network capture feature to capture network traffic, VOIP, internet activity Multi-task. Image from multiple sources simultaneously FEATURES n The Falcon®-NEO achieves imaging speeds when imaging directly to large capacity Thunder- n Image from a Mac® computer with USB-C ports surpassing 50GB/min and can clone PCIe to PCIe bolt 3 RAID storage enclosures for evidence data using a USB-C to USB-A cable and Target Disk at speeds at over 90GB/min. collection. The card connects to the Falcon-NEO’s Mode or use Logicube’s USB boot device to n Image and verify to multiple image formats; 2 write-blocked source I/O ports or 1 destination I/O image a source drive from a Mac computer on the native copy, .dd, dmg, e01 and ex01. The Falcon- port. The I/O card does not currently support imaging same network without booting the Mac computer’s ® NEO provides MD5, SHA1, SHA256, and dual hash in TDM from Mac systems, refer to the Falcon-NEO native OS. The Falcon-NEO supports imaging from ® authentication at extremely fast speeds.
  • Taxonomy for Anti-Forensics Techniques & Countermeasures

    Taxonomy for Anti-Forensics Techniques & Countermeasures

    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by St. Cloud State University St. Cloud State University theRepository at St. Cloud State Culminating Projects in Information Assurance Department of Information Systems 4-2020 Taxonomy for Anti-Forensics Techniques & Countermeasures Ziada Katamara [email protected] Follow this and additional works at: https://repository.stcloudstate.edu/msia_etds Recommended Citation Katamara, Ziada, "Taxonomy for Anti-Forensics Techniques & Countermeasures" (2020). Culminating Projects in Information Assurance. 109. https://repository.stcloudstate.edu/msia_etds/109 This Starred Paper is brought to you for free and open access by the Department of Information Systems at theRepository at St. Cloud State. It has been accepted for inclusion in Culminating Projects in Information Assurance by an authorized administrator of theRepository at St. Cloud State. For more information, please contact [email protected]. Taxonomy for Anti-Forensics Techniques and Countermeasures by Ziada Katamara A Starred Paper Submitted to the Graduate Faculty of St Cloud State University in Partial Fulfillment of the Requirements for the Degree Master of Science in Information Assurance June, 2020 Starred Paper Committee: Abdullah Abu Hussein, Chairperson Lynn A Collen Balasubramanian Kasi 2 Abstract Computer Forensic Tools are used by forensics investigators to analyze evidence from the seized devices collected at a crime scene or from a person, in such ways that the results or findings can be used in a court of law. These computer forensic tools are very important and useful as they help the law enforcement personnel to solve crimes. Computer criminals are now aware of the forensics tools used; therefore, they use countermeasure techniques to efficiently obstruct the investigation processes.