Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, March 12, 2009

Securely booting from strangest of places

Could FOSE 2009 be remembered as the year of the bootable portable drive?

On the show floor, a number of vendors are displaying either USB drives, enclosed hard drives or other portable media from which an entire operating system and associated application can booted.

BeCrypt (Booth 2231) offers a USB key with a complete operating environment as a way to run a secure session on an unmanaged PC.  Insert the drive in a USB port and configure the laptop to boot from the USB, and the hard drive is bypassed altogether in favor of the software on the USB stick.  The USB drive, called the BeCrypt Trusted Client, contains a stripped-down version of Linux, along with any applications you want to run.  This setup would allow a government worker to run a secure session from anywhere by using the basic secure OS along with downloadable applications provided by Citrix software or some other client.  The material on the drive is encrypted with either 128 bit or 256 bit Advanced Encryption Standard (AES).  The drive itself has a shock rating of 300 Gs operating and 900 Gs when not in use, it can work in temperatures ranging from 20 degrees below zero to 75 degrees centigrade.

What makes this drive bootable is that it comes with backup and recovery software called BounceBack.  When the hard drive fails, plug this portable drive in to the USB port and you can boot directly into the backup.  If you don’t need rugged, you could just buy the BounceBack software and back everything up to your own USB key or portable hard drive.

For the security-conscious, MXI Security (booth 2223) does these offerings one better with a couple of bootable USB drives that use Common Access Card-level user authentication out of the box.  The Access CAC is a USB drive with fingerprint reader, as well as the ability to hold CAC public key infrastructure credentials.  The user can set up the device to allow access to its files only by a combination of a fingerprint biometric and a password.  Or, if that drive is attached to a computer with a CAC reader on a Defense Department network, access can be granted through CAC authentication.  A worker who wants to sign onto a Defense Department network from a public machine would just insert a USB drive, and attach a smart card reader into another USB port.

Booting from CD is another option, and increasingly, we are seeing a number of what is known as live CDs, or CDs that contain an entire OS that can be loaded into working memory without touching the hard drive at all.  With one of these live CDs, you simply insert the disk and set the computer BIOS to boot from the optical disk player, and the entire Linux desktop environment comes up.

Posted on 03/12