Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Government flash memory data loss avoidable

CyberArk Software : 04 November, 2008  (Technical Article)
Closure of UK gateway web site after loss of access data from misplaced memory stick was an avoidable event according to Cyber-Ark
Cyber-Ark says that the reported discovery of a memory stick containing user names and passwords for the UK government gateway over the weekend - and the consequential temporary shutdown of the UK gateway Web site - would not have happened if the government and its contractors had stuck to sensible security guidelines.

'After more than 12 months of widely reported government data thefts and losses, you would expect the message not to store sensitive data like this on a USB stick would have got through to the government and its contractors, but it obviously has not,' said Mark Fullbrook, Cyber-Ark's Country Manager.

'We now learn that the Prime Minister regards the discovery of the memory stick - in a pub car park in Staffordshire - is unacceptable. That may be the case, but the case represents a total breakdown in security procedure,' he said.

According to Fullbrook, the fact that the data concerned was stored on a portable memory stick in the first place - never mind the fact that it was lost in a pub car park - flies in the face of any organisation's commonsense security strategy.

This category of information, he said, should never have been stored on a portable device, even a laptop, in the first place. It should have been stored centrally, on an encrypted drive, and accessible only using an authenticated and encrypted VPN.

'That way only those elements of the data that were required at any given time, would be accessed, by the person that required the information. It's relatively easy to set up a digital data vault that relays the required user ID and password to the required server, effectively operating as a remote authentication system,' he explained.

Fullbrook went on to say that even though the USB stick was encrypted, the data could still be compromised using a brute force attack, using something as simple as a graphics processor to accelerate the processing power of the password cracker.

'Russia's ElcomSoft demonstrated this was possible last month when it released a `password recovery' package capable of using the latest generation NVIDIA video cards to accelerate a brute force decryption process by up to 100 times. A naked USB stick like the one found in the Staffordshire pub car park would be wide open to this type of attack,' he said.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo