|
Server : Apache/2.4.62 System : FreeBSD fbsdweb2.web.rcn.net 14.1-RELEASE FreeBSD 14.1-RELEASE releng/14.1-n267679-10e31f0946d8 GENERIC amd64 User : www ( 80) PHP Version : 8.3.8 Disable Function : NONE Directory : /domains/ap.belleisle/INFOSEC/tutorial/ |
Upload File : |
<HTML> <HEAD> <TITLE>INFOSEC and Windows�</TITLE> <META NAME="description" CONTENT="Cerberus Systems, Inc. develops, manufactures and markets Windows� cryptosystems designed to meet or exceed level 1 of FIPS PUB 140-1 with DOD 5220.22-M disk data recovery countermeasures."> <META NAME="keywords" CONTENT="168-bit keys, access control, ANSI X9.17, computer security, confidentiality, crypto, cryptography, cryptographic, cryptology, cryptosystem, Data Encryption Standard, data security, DES, disk encryption, DOD 5200.28-STD, DOD 5220.22-M, encrypt, encryption, Federal Information Processing Standards, file encryption, FIPS, FIPS 46-2, FIPS 74, FIPS 81, FIPS 140-1, FIPS 180-1, FIPS 186, INFOSEC, integrity, key, NBS Special Publication 500-20, NCSC TG-25, passphrase, password, personal, privacy, private key, Secure Hash Standard, security, Security Requirements for Cryptographic Modules, security software, sensitive-but-unclassified, sensitive information, SHA, SHA1, SHS, software, standards, triple-DES, Windows�."> </HEAD> <BODY TOPMARGIN="0" LEFTMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#009966" ALINK="#FF0000" VLINK="#009966"> <BASEFONT SIZE=2 FACE="Arial,Helv,Helvetica"> <TABLE ALIGN=LEFT BORDER=0 CELLSPACING=0 CELLBORDER=0 CELLPADDING=12 WIDTH=640> <TR> <!-- LEFT MARGIN STRIP --> <TD BGCOLOR="#336666" ALIGN=CENTER VALIGN=TOP> <FONT SIZE=1> <a href="../../default.htm"><IMG SRC="../images/web_icon.gif" ALT="CERBERUS HOME ICON" WIDTH=72 HEIGHT=72 BORDER=0 VSPACE=2><br><b><i>CERBERUS</i></b></a> <P><a href="../index.htm""><IMG SRC="../images/needs.gif" ALT="THE NEED" WIDTH=90 HEIGHT=30 BORDER=0></a><br> <a href="../privacy.htm">Vulnerabilities</a> <a href="../threats.htm">Threats</a> <a href="../forensic.htm">Countermeasures</a> <P><a href="../products/index.htm""><IMG SRC="../images/products.gif" ALT="PRODUCTS" WIDTH=90 HEIGHT=30 BORDER=0></a><br> <a href="../products/docusec.htm">Document Security</a> <P><a href="../stds/index.htm"><IMG SRC="../images/standard.gif" ALT="STANDARDS" WIDTH=90 HEIGHT=30 BORDER=0></a><br> <a href="../stds/fip140-1.htm">FIPS PUB 140-1</a><br> <a href="../stds/sanitize.htm">DOD 5220.22-M</a><br> <a href="../stds/ncsctg25.htm">NCSC TG-25</a> <br> <a href="../stds/fip81.htm">FIPS PUB 81</a> <br> <a href="../stds/fip180-1.htm">FIPS PUB 180-1</a><br> <a href="../stds/d520028.htm">DOD 5200.28-STD</a><br> <P><a href="index.htm"><IMG SRC="../images/tutorial.gif" ALT="TUTORIALS" WIDTH=90 HEIGHT=30 BORDER=0></a><br> <a href="winfosec.htm"><FONT COLOR="#00CC99">INFOSEC</FONT></a><br> <a href="keys.htm">Cryptosystems</a><br> <a href="phrases.htm">Passphrases</a><br> <a href="leaks.htm">Windows� Leaks</a><br> <a href="system.htm">System Settings</a> <P><a href="../download/index.htm"><IMG SRC="../images/download.gif" ALT="DOWNLOADS" WIDTH=90 HEIGHT=30 BORDER=0></a><br> <P><HR WIDTH=84> <P><a href="mailto:[email protected]">QUESTIONS? <br><IMG SRC="../images/email2.gif" ALT="E-MAIL" WIDTH=61 HEIGHT=31 BORDER=0></a><br> <P><br><IMG SRC="../images/amex_ok.gif" ALT="AMEX WELCOME" WIDTH=51 HEIGHT=68 BORDER=0> </FONT> </TD> <!-- END LEFT MARGIN STRIP --> <!-- MAIN SECTION --> <TD ALIGN=LEFT VALIGN=TOP> <!-- Title Bar --> <TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH=500> <TR><TD> <!-- Right-justified Logotype --> <TABLE ALIGN=RIGHT BORDER=0 CELLSPACING=0 CELLPADDING=0> <TR><TD><FONT COLOR="#006633" SIZE=3><B><I>CERBERUS <FONT SIZE=1>SYSTEMS, INC.</FONT></I></B></FONT></TD></TR><TR><TD ALIGN=CENTER><FONT COLOR="#999933" SIZE=1><B><I> <!--forensic software countermeasures--> <!--INFORMATION SECURITY TOOLS--> <!--INFOSEC for Personal Computers--> <!--INFOSEC Products for Windows®--> <!--INFOSEC Tools for PCs & Laptops--> <!--personal information security tools--> Windows®-compatible encryption </I></B></FONT></TD></TR> </TABLE> <!-- End Logotype --> </TD></TR> <TR ALIGN=CENTER><TD WIDTH=490> <!-- Centered Page-Title --> <TABLE BORDER=0 CELLSPACING=0 CELLPADDING=10> <TR><TD ALIGN=CENTER><FONT COLOR="#CC3300" SIZE=4><B> <!-- Title Text--> INFOSEC <FONT SIZE=2>AND</FONT> WINDOWS<sup>®</sup> <!-- End Title Text --> </B></FONT></TD></TR> </TABLE> <!-- End Page-Title --> </TD></TR></TABLE> <!-- End Title Bar --> <!-- content --> <FONT SIZE=2> <P>The NSA's National Cryptologic School defines information security, or INFOSEC as a <i>risk management program,</i> of both technical and operational measures, taken to counter threats to sensitive information's <FONT COLOR="#006633"><b><i>confidentiality, integrity</i></b></FONT> or <FONT COLOR="#006633"><b><i>availability.</i></b></FONT> <P><HR SIZE=1 WIDTH=50% ALIGN=CENTER> <P ALIGN=CENTER><FONT COLOR="#006633"><b><i>COMPUSEC</i></b></FONT> <P>INFOSEC concerning Computer Systems Security, or COMPUSEC is the responsibility of NSA's National Computer Security Center (NCSC). <BLOCKQUOTE><FONT SIZE=1 COLOR="#006633"> <B>NOTE:</B> The National Security Agency/Central Security Service is responsible for Signals Intelligence (SIGINT), including Communications Intelligence, or COMINT. In addition to <i>traffic analysis,</i> COMINT includes breaking the <i>codes</i> and <i>ciphers</i> used to protect targeted communications. Cryptology, the science which underlies such <i>cryptanalysis,</i> also underlies the design of secure codes and ciphers - <i>cryptography.</i> Thus, NSA also has the mission of providing cryptographic technology for Communications Security, or COMSEC. COMSEC includes protecting data in transit between computer systems, and since cryptography can also be used to protect data while it's on a computer system, NSA is responsible for the combination of COMSEC and COMPUSEC - INFOSEC. </FONT></BLOCKQUOTE> <P>NCSC is responsible for <i>certifying</i> software operating systems that may be used in <i>Automated Information Systems,</i> or AISs. This aids the <i>accreditation</i> of an AIS for a specific program's <i>DoD Classified</i> or <i>Sensitive But Unclassified</i> (SBU) information. <P>Access to DoD Classified information must be limited to individuals who <i>both</i> possess the appropriate <i>Personal Clearance Level</i> (PCL; i.e. Confidential, Secret or Top Secret/<wbr>EBI/<wbr>SBI), <i>and</i> have been <i>Indoctrinated</i> for that program. <BLOCKQUOTE><FONT SIZE=1 COLOR="#006633"> <B>NOTE:</B> The most sensitive information is <i>compartmented,</i> to restrict access to those indoctrinated for its program. This has led to the popular misconception that there are "classifications higher than Top Secret." Instead, each program has a Classified code name, consisting of a pair of randomly generated words, like Fragrant Emerald and an unclassified <i>digraph,</i> like BK. Security personnel can check access lists to see if someone is cleared for Program BK, without themselves being cleared for <i>need to know</i> Fragrant Emerald information (or the name, itself). The fact that they have a Top Secret (TS) PCL, even if Fragrant Emerald is a TS program, doesn't permit them to see such data. <P>Such SCI (<i>Sensitive Compartmented Information</i>) or Special Access Programs may require more frequent repetitions of a person's Extended or Special Background Investigation to maintain his/her clearance. The costs of such EBI/SBI investigations, and those of various INFOSEC measures, are weighed against the costs of compromise. A 1991 Navy INFOSEC planning form listed nominal per-incident costs of $10,000 for Privacy Act data, $100,000 for Secret and $1,000,000 for generic Top Secret, in a hierarchy that extended further upwards to SIOP-ESI, SCI and National Cryptologic. </FONT></BLOCKQUOTE> <P>SBU information is a broad category of all other information whose security the US Government has a legal obligation to protect (under 15 USC 271-278h, for instance). <BLOCKQUOTE><FONT SIZE=1 COLOR="#006633"> <B>NOTE:</B> SBU information includes Federal Reserve <i>FedWire</i> funds transfers, DoD <i>For Official Use Only</i> (FOUO) information, Privacy Act data and proprietary information. </FONT></BLOCKQUOTE> <P><HR SIZE=1 WIDTH=50% ALIGN=CENTER> <P ALIGN=CENTER><FONT COLOR="#006633"><b><i>TRUSTED SYSTEMS</i></b></FONT> <P>Under NCSC's Trusted Computer Systems Evaluation Criteria (DOD 5200.28-STD), Windows� operating systems are Class D, the lowest of its seven levels. <BLOCKQUOTE><FONT SIZE=1 COLOR="#006633"> <B>NOTE:</B> The increasing levels of "trust" in DOD 5200.28-STD are D, C1, C2, B1, B2, B3 and A. Win3.1, Win3.11, WFW3.11 and Win95 are Class D. WinNT 3.51 is certified as Class C2, as long as it's used on a PC with no floppy drive, no network or modem connection, and physical security measures adequate to maintain that configuration. </FONT></BLOCKQUOTE> <P>Even an AIS with a B2- or B3-certified operating system could fail accreditation for a particular program's sensitive information. Nevertheless, Windows� PCs can even be accredited for Top Secret/SCI and similar Special Access Programs, if used in Dedicated Mode per DOD 5220.22-M. The key is the embedding of the AIS in a physically and operationally secure environment while it contains sensitive data. <P>The DOS/Windows� architecture makes it fundamentally impossible for any software to deny a knowledgeable attacker access to a PC's system resources. <BLOCKQUOTE><FONT SIZE=1 COLOR="#006633"> <B>NOTE:</B> Commercial access control software which modifies the DOS/Windows� <i>Master Boot Record</i> on your hard disk can be circumvented by the copy of an MBR that accompanies the basic DOS files on an "emergency boot diskette." BIOS passwords can be reset with jumpers or by shorting your CMOS <i>setup</i> memory's battery. Removing the floppy drive can defeat these kinds of attacks on your system. However, <i>any</i> Windows� (or DOS) system can read your hard disk's data files. One loaded with the kind of software used by law enforcement agencies can read files that you "deleted." Consequently, any means of system access control can be made irrelevant by disconnecting your disk controller cable and reconnecting one from another PC (or laptop). Any adversary who's unconcerned with your discovering such an attack can just steal your hard drive. </FONT></BLOCKQUOTE> <P>Consequently, add-on products cannot ensure COMPUSEC for a Windows-based <i>system.</i> However, it <i>is</i> possible to cryptographically control access to your <i>data.</i> <P><HR SIZE=1 WIDTH=50% ALIGN=CENTER> <P ALIGN=CENTER><FONT COLOR="#006633"><b>CRYPTOGRAPHIC SECURITY</b></FONT> <P>The only way you can protect your data while it's in use on an unsecure computer system is through physical and operational security measures. The only way you can guarantee your data's <i>availability</i> is by the disciplined use of data back-ups to a (non-physically-co-located) secure storage medium. <P>However, high-grade encryption can protect your data's <i>confidentiality</i> from being compromised when your system is outside your operational or physical <i>security perimeter.</i> Encryption can also enable you to determine whether your data's <i>integrity</i> has been compromised by tampering. <P>Such encryption obviously requires strong (export-controlled) ciphers. In addition, however, such encryption must be implemented in a <i>high-grade cryptosystem</i> that doesn't allow the operating system to circumvent the security of the encryption, and that doesn't compromise availability. <P>When combined with physical and operational security for your PC (and for your person), disciplined use of a high-grade software cryptosystem can provide high-level INFOSEC for your high-value data. <BLOCKQUOTE><FONT SIZE=1 COLOR="#006633"> <B>NOTE:</B> Disciplined use is not universal use. If you feel that it's important to deny anyone else access to your particular copy of a publically available application program, our software cryptosystems are not for you. They (and we) do not support mass-encryption of executables, dynamic link libraries and virtual device drivers. Universal encryptors that intervene between Windows� and your disk may prevent your back-up software from working. Decryption delays in accessing their various components can crash some programs, or Windows� itself. More importantly, such disadvantages of mindless over-encrypting can discourage your using encryption to protect your <b>high-value <i>data</i> files.</b> Our software cryptosystems are specifically designed to provide you with minimal discouragement from their proper use, within the limits of good INFOSEC practices. </FONT></BLOCKQUOTE> <P><HR SIZE=1 WIDTH=50% ALIGN=CENTER> <P ALIGN=CENTER><FONT COLOR="#006633"><b>CRYPTOGRAPHIC STANDARDS</b></FONT> <P>Effective encryption requires strong ciphers (e.g. triple-DES), that are performed by a securely implemented <i>cryptographic engine.</i> That cryptographic engine must meet the applicable standards for such ciphers; for their secure implementation; and for their secure modes of use (e.g. FIPS PUBs 46-2, 74 and 81). <P>Such a cryptographic engine must be integrated with secure key-generation, access control, and file overwriting functions (to standards like ANSI X9.17, FIPS PUB 180-1 and DOD 5220.22-M), to create a <i>high-grade cryptosystem.</i> <P>A high-grade cryptosystem must meet the Security Requirements for Cryptographic Modules (FIPS PUB 140-1). It must not leak keying information or exhibit the other implementation insecurities covered by that standard's Derived Test Requirements. <P>A high-grade software cryptosystem must perform automatic self-tests, to verify its <i>own</i> integrity and assure its user that it remains free from tampering. <P><HR SIZE=1 WIDTH=50% ALIGN=CENTER> <P ALIGN=CENTER><FONT COLOR="#006633"><b>IMPLEMENTATION</b></FONT> <P>A high-grade cryptosystem must be designed from the ground up. Products originally designed to handle un-encrypted data may be riddled with security leaks; adding encryption functions to them gives a false sense of security. If products are globally marketed, US export controls will limit their encryption to weak ciphers. <BLOCKQUOTE><FONT SIZE=1 COLOR="#006633"> <B>NOTE: </B>Software to "crack" Lotus 1-2-3�, Lotus Symphony�, MS Excel�, MS Word�, Quattro Pro�, Quicken� and WordPerfect� encrypted files is available for from $99 to $185 from <a href="http://www.crak.com"><u>CRAK Software</u></a> and <a href="http://www.accessdata.com"><u>AccessData:</u></a> "AccessData's software recovers passwords for PKZip, WinZip, Word, Excel, WordPerfect, Lotus1-2-3, Paradox, Q&A, Quattro-Pro, Ami Pro, Approach, QuickBooks, Act!, Access, Word Pro, dBase, Symphony, Outlook, Express, MSMoney, Quicken, Scheduler+, Ascend, Netware, and Windows NT server/workstation." Non-export-controlled "encryption products" are similarly crippled. Avoiding such products is not difficult with a little study, by leaving "secret design features" and "new encryption algorithms" for the unwary. (See Matt Curtin's <a href="http://www.interhack.net/people/cmcurtin/snake-oil-faq.html"><u>Encryption Snake Oil FAQ</u></a>) </FONT></BLOCKQUOTE> <P>Its implementation must not purchase your data's <i>confidentiality</i> at the expense of its <i>integrity</i> or its <i>availability.</i> Power transients or system crashes in mid-encryption must not damage your data. Encryption must not interfere with back-up software. <BLOCKQUOTE><FONT SIZE=1 COLOR="#006633"> <B>NOTE:</B> Our software cryptosystems are specifically designed to not interfere with the backup process, unlike automatic disk-encryptors. They are also designed to avoid corrupting data if interrupted in mid-encryption by system crashes, whether such crashes are due to power transients or to Windows� reaction to what it perceives as other programs' <i>Illegal Operations</i> or <i>General Protection Faults.</i> </FONT></BLOCKQUOTE> <P>Pre-packaged, generic high-level software building blocks used to minimize programming effort can leak your passphrase. Encryption software that directly uses passwords as keys, rather than using one-time keys from a cryptographically strong key generator, provides increased opportunity for cryptanalytic attack. <P>Such cryptosystem implementations are weak, regardless of the strength of the cipher used in the actual encryption subroutines. <P><HR SIZE=1 WIDTH=50% ALIGN=CENTER> <P ALIGN=CENTER><FONT COLOR="#006633"><b><i>OPERATING SYSTEM</i></b></FONT> <P>Even without such implementation flaws, no cryptosystem can guarantee your data's security if your operating system bypasses it by writing extra copies of un-encrypted <i>plaintext</i> data into various locations on your hard disk. <P>The Windows� operating system can leak partial or complete copies of sensitive data around the strongest encryption. These copies are readily scavanged with the forensic software used by law enforcement agencies and by data recovery specialists in legal discovery for law suits. Such software is readily available to others, as well. <P>Any high-grade cryptosystem claiming the ability to protect your sensitive data on a Windows� PC must also provide the specific functions needed to plug those leaks. Only such a cryptosystem can really offer <FONT COLOR="#999933"><b><i>Windows®-<WBR>compatible encryption.</i></b></FONT> <P>The following sections address the design and use of software cryptosystems to <FONT COLOR="#006633"><b><i>secure your data, even though you can't secure your system.</i><b></FONT> <a href="keys.htm"><IMG SRC="../images/web_next.gif" BORDER=0></a> </FONT> <!-- End Content ---> <!-- Standard Footer ---> <CENTER> <P><BR> <FONT SIZE=2 COLOR="#006633"><B><i> Cerberus Systems, Inc. develops, manufactures and markets<BR> software cryptosystems designed to level 1 of FIPS PUB 140-1<BR> with DOD 5220.22-M disk data recovery countermeasures. </i></B></FONT> <P><HR SIZE=1> <FONT SIZE=1 COLOR="#CC3300"> The Cerberus logo and the <i>...Security Manager</i> product names are trademarks of Cerberus Systems, Inc.<BR> © Copyright 1997-99, all rights reserved. </FONT> <HR SIZE=1> </CENTER> <!--- End Standard Footer ---> </TD> <!-- END MAIN SECTION --> <!-- PADDING CELL --> <TD> <!-- right margin = 2 x cellpadding --> </TD> <!-- END PADDING CELL --> </TR> </TABLE> </BODY> </HTML>