Privacy and free expression have been under threat from a number of sources over the past decade. At the same time, ‘cyber’ criminals now have the potential to destroy lives as people now depend on the Internet more than ever. Identities can be stolen, bank accounts raided within minutes, and people wrongly implicated when their own security has been compromised. The exhaustive list of possible threats is beyond the scope of a single blog post, but as they’ve become more sophistcated so have the countermeasures to protect communications and ‘digital assets’. It’s hardly surprising that information security has become big business and an entire industry has grown around it.
Infosecurity 2011 certainly was massive, with over 12,500 registered to attend, and at least 500 businesses and research groups demonstrating the latest in security tech.
It wasn’t as good as the hacker conferences, as most the exhibitors here were looking for clients ready to buy some advanced and very expensive stuff, the kind of client looking to buy a Â£30K rackmounted firewall. That’s not to say I won’t be getting hold of some of the cryptosystems I saw there in the near future, and for those looking to get into the industry, it’s definitely worth the trip.
Printers are usually a very weak spot in corporate networks, since these days they’re multifunction devices, they store considerable amounts of data, files can be pulled off a printer queue, and nobody talks about the possibility of data leaving a network in paper form. Canon’s security department has all that covered. It turns out the engineer at the event was also a forensics person, so we spent ages talking about that.
Couldn’t complete the hacking challenge this time on account of the keyboards being very shit (it wasn’t even a QWERTY), which means I’ll have to bring a laptop at the next Hex Factor event. Did some lock picking though.
This stall was quite educational, as we learned a couple of interesting things about SSD drives that persuaded me to make the switch from mechanical drives, and also learned of a possible data recovery method involving UV light. We also discussed hardware-based cryptography, which featured a lot at this year’s event.
Quotium Seeker was the second intelligent network penetration system I saw at Infosec, the first being IBM’s which I came across earlier. Seeker looks for vulnerabilities in a network, generates the exploits and displays real-time video footage of the process. The guy there was running a demonstration in which the system was (slowly) imitating the actions of a hacker, going through the possible attacks, even attempting SQL injections. It also has a nice interface which practically anyone can use without too much training, with sceenshots of about 7 different pen tests running in parallel and indicating exactly where the vulnerabilities were found.
Quotium Seeker in action
This firm has a reputation for being generally better than several major anti-malware firms, and lately it’s produced a comprehensive range of security products for endpoint security, encryption and data protection. The disc I got hold of includes a massive amount of useful information and tools which are basically demo versions of its enterprise software. They are also freely available from the Sophos site.
The bloke there took a particular interest in me for some reason, and insisted on explaining the purpose of a mysterious large red box. I could see why, as it turned out to be the ultimate rack-mounted Encryption Manager for Storage to be used in networks with very large arrays, where efficient key management becomes difficult. This is a heavy duty piece of kit with several backup power supplies and cooling systems, capable of safely and reliably storing up to 25 million keys.
Employing a systems administator usually means handing control of a network and all its user accounts to a single person, which I’m told is something that occasionally causes problems for large organisations. The Secret Server provides a hosted key management system that stores backup copies of admin passwords that can be recovered by an executive if the sysadmin leaves the organisation for whatever reason. Each time the sysadmin changes a password, the backup is automatically updated.
Devices tend to be more secure the closer security is to the hardware layer. VASCO has found a clever way of implementing this idea with the Digipass Nano, which is an extremely thin circuit that’s placed between the SIM card and the connectors inside a cellphone. The circuit adds another layer of encryption, and if I’m correct, also turns the phone into a hardware component for two-factor authentication in a larger system.
Several different Eclypt storage devices were on display here, including laptop HDDs and external USB drives. Although I didn’t enquire about the exact prices, they’re apparently quite affordable. As the 256-bit encryption is OS-independent and handled internally by integrated circuits wthin the drives themselves, its security far less vulnerable to the attacks I outlined in my last post. The devices also support multiple users, each with their own encryption keys. For some reason CESG would only give them a protective marking of up to restricted level, although the security’s most likely far better than software-based encryption. ViaSat also provides software for managing Eclypt drives.