Today’s article in GCN highlights this concern:

A Justice Department spokesman told DigitalTrends that, in this case, users didn’t have a right to expect their files back, because Megaupload had warned them on its terms-of-service and website FAQ to make copies of their files and that the users assumed responsibility for any loss of data.

Kanguru offers great, large-capacity storage solutions with built-in security options; perfect for keeping your files safe and portable on-the-go, and giving you 100% control over your files.  Take a look:

• Kanguru Defender Elite™
• Kanguru SSD™
• RocIT Defender™

The Kanguru SSD 100 is available in 64GB, 128GB and 256GB capacities.  Buy online or from your preferred IT solution provider.

Kanguru SSD 100

Here a short excerpt:

Twas the night before Christmas, when all through the house
Not a creature was stirring, not even a mouse.
The data was all safe, protected with care,
In hopes that year-end bonuses soon would be there.

The servers were nestled all safe in their racks
Protected from malware and vile forms of hacks.
The data all encrypted, with a nice complex key,
The software came, of course, with a great big huge fee.

The full post is a fun read for IT and Infosec Professionals, check it out here.

Have a safe and happy holiday!

For many years solid state drives have been reserved for technology enthusiasts, hardcore gamers and those with deep pockets. The performance advantage of SSDs over traditional, spinning-platter hard disk drives, or HDDs, has never been a point of contention. SSD’s transfer rates typically double or triple the speed of their mechanical counterparts. However, the high retail price for even low-capacity SSDs prevented the average computer user from experiencing the benefits of an SSD.

As the cost per gigabyte for SSDs has come down in recent years we are finally seeing SSD prices straddling the line of affordability and consumers and manufacturers have taken notice, and you should too. In addition to becoming affordable, added features and improved technology have SSDs making a strong case to replace the aging HDD in your computer or laptop.

Reliability

It is a common fallacy that SSDs are less reliable than HDDs. This is actually pretty far from the truth. In 2010, the percentage of component returns to retailers was very close between the top 5 SSD manufacturers and top 5 HDD manufacturers, about 2-3%[1].  So we know that SSDs aren’t being returned at a higher rate than HDDs.

This misconception may be the result of SSDs growing pains through its early years. Early SSD adopters were plagued by issues like poor firmware, degrading flash memory and other issues typical to new technology. This resulted in an initial negative response from the tech community which may be continuing to haunt SSDs, even though the reliability of SSDs has become better than HDDs on several levels.

Fundamentally solid state disks are more reliable because SSDs do not contain any moving parts. There are no read heads, actuator arms or spinning platters that can break down in an SSD. SSDs can be moved around freely while in use and have a higher tolerance against shock and vibration than HDDs. In a mechanical HDD platters spin at thousands of rotations per minute, and any shock or vibration can cause data to become corrupted or a mechanical component to malfunction.

When a mechanical hard drive with spinning platters crashes it often results in physical damage to the platters which store data. Physical damage to these platters could cause data to be lost permanently. SSDs do not suffer from this vulnerability. Typically if a SSD crashes, it usually occurs with an electronic component like a transistor or capacitor which may cause the drive to be inoperable, but the memory should remain completely intact and recoverable.

New Technologies

As with any new technology, SSDs experienced their fair share of growing pains as they matured. And like with so many problems that occur with new technology, these problems were fixed using technological innovations.

-          Native Command Queuing (NCQ): Originally designed to increase SATA HDD performance by optimizing the order in which read/write commands are executed, NCQ reduces latency on mechanical drives by grouping commands that would be read/written to the same area on the disk. However with solid state drives, since there are no moving parts, there is extremely low latency and the opposite occurs. NCQ ensures that a SSD has commands to process while the host system is processing CPU tasks.

-          TRIM: NAND flash memory cells are grouped into 4kB pages, which are then further grouped into 512kB blocks. Cells can only be written to if they are empty, and though write operations can occur on the page level, erase commands affect entire blocks. So in order to overwrite a page, the contents of the entire block have to be moved to cache before the block can be erased, and then rewritten. This causes a dramatic decrease in write performance when pages need to be overwritten. The TRIM command allows the SSD to handle garbage collection overhead in advance.

Power Consumption

Without any moving parts, SSDs provide an enormous advantage over HDDs in power efficiency. This is especially beneficial for road warriors who are looking for ways to squeeze more life out of their laptop battery. Although an SSD actually increases system power consumption, since the CPU and memory utilization rises in response to increased I/O activity, an SSD based system will always finish operations faster and ultimately will allow you to go longer without having to plug in.

Price

At the end of the day, price is what your typical consumer looks at when looking to update their computer. However you cannot base the total cost of an SSD on price per GB alone. For businesses, upgrading to SSDs in your workstations means faster system boot up times which allows your employees to spend less time waiting for their systems to start and more time working. Then there is time saved waiting for applications to load, reduced deployment time and less downtime for IT support. When you factor in all these variables, you can see how an SSD is an investment that pays off over time.

The future of data storage is solid. Although the technology has needed time to work out the kinks, we are now witnessing an evolution in the way we process data. The time of mechanical, spinning hard drives is drawing to an end, and I for one welcome the change. Wide spread adoption of solid state drives will bring computing advancements to the next level and you would be well advised not to get left behind.

One of the obstacles we often face when selling encrypted flash drives involves the “ease of use” argument.  Companies want to add security, but are reluctant to inconvenience their users or add costly infrastructure.  It’s understandable; if a solution is difficult to utilize, users won’t use it (or won’t use it correctly).

We’ve all seen those Geico commercials where the offended Neanderthal storms off over his portrayal as a simpleton.  We chuckle; maybe think of someone we know that fits that description, then don’t give it much of a second thought.

The truth is, this is how IT Admins often treat their users.  Maybe it is an elitist view or maybe they don’t want to burden their workforce with a cumbersome product that is going to require additional infrastructure and make their already hectic work more complicated.

Which leads me back to encryption and the perception surrounding secure or encrypted products.  There is generally a view that if a product utilizes encryption it is complicated, time consuming or a general hassle to use.  While this may have been the case ten years ago, modern encryption is an easy to use feature these days.

A recent article in Healthcare Info Security entitled “Encryption: Overcoming Resistance” discusses this perception.  According to security expert Melodi Mosely Gates, “information technology specialists have outdated perceptions about the technology”.  The article goes on to state that “As a result, Gates advises security specialists to launch small-scale pilots of encryption to demonstrate the technology is now practical and affordable.”

While it is true encryption has come a long way in the last few years, not all solutions are created equal.  Some things to look for in an encrypted product:

Ease of Use (User Side)

-          Is it hardware encrypted or is there software that needs to be installed?

-          How is the product or solution going to impact performance?

-          Can it be managed relatively easily?

Ease of Use (Administrator Side)

-          Can you manage keys

-          Can you easily reset passwords if necessary

Security Features

-          Encryption: Is it hardware or software encrypted (see below)

-          Has it been certified by an independent entity on its security features?

-          Is it manageable: can you exercise some level of control when it is not directly in front of you?

Regarding the encryption bullet; there needs to be a distinction made between software based encryption and hardware based encryption.

Current hardware based encryption products hold several distinct advantages over software encryption.

1.)    Performance - Hardware based encryption is significantly faster than software encryption.

2.)    Security - Hardware based encryption is generally more difficult to break or find vulnerabilities than software based encryption.

3.)    Ease of Use - Hardware encryption generally require no administration rights to use, has no software to install, and has less software conflicts.

These are all important things to take into consideration when evaluating the security of product or service.

Adding encryption is a relatively easy and cost effective way to secure your organizations data without adding significant cost or complexity. For organizations dealing with confidential information (healthcare, banking, government) it should be mandatory.

If you haven’t looked into it recently, investigate some of the options out there.  You might be pleasantly surprised.

So, you are charged with selecting the best IT product to implement into your organization’s infrastructure, but which product should you purchase?  Of course there are the straight-forward items that need to be addressed such as performance, compatibility, price, and support.

But what about the actual “guts” of the product?

As the incidence of cyber warfare expands, whether it is supported by nation-states, ethically challenged corporations, or hackers, it becomes increasingly important to trust the products that we are relying on to keep the “bad stuff” out.  There have been numerous reports of rootkits and trojans that have been installed on component level chips designed to infiltrate networks from the inside.  Government agencies have stepped up their diligence regarding what products are allowed to protect infrastructure at high security levels.  But, commercial businesses and end users do not always have access to the same type of information or resources that government agencies do.

While it is difficult to really understand how well a product company in the IT space secures their supply chain to prevent malfeasance, there are a few reasonable steps that can be taken to at least improve the chances that the product is secure.  The most straight-forward is to stick with a company that has a solid reputation and customer list that includes organizations that take their security seriously (government agencies, financial institutions, etc).  The thought here is two-fold: 1) The organization has a great deal to lose if they compromise their customer’s trust so there should be adequate supply chain measures put in place on their end.  2) Piggyback on the due diligence of peers to help validate your own independent research.

Another step is to inquire as to whether the organization has undergone any independent testing which requires an in-depth analysis of supply chain management, such as Common Criteria.  One of the typical requirements in Common Criteria is to outline supply chain integrity from the component level, to production, integration, loading, and ultimate delivery through the distribution network and the end user.

The third step is to simply ask the vendor.  Depending on what the request is, a vendor may be willing to disclose certain facts about supply chain and put something in writing as part of a contract negotiation.  It can never hurt to ask.

Following these steps is a relatively easy way to glean additional insight into the overall security of a product and/or vendor.  A little due diligence can go a long way to help identify weaknesses within the supply chain and provide you with additional peace of mind.

Here is a good link from CSO Online to some tips for safe online shopping:

FBI’s Holiday Online Shopping Tips

Have a safe and happy Thanksgiving!

It also describes the rise of security audits and how recent data breaches have been a boon for IT security consultants.

“Performing security audits is now a specialty within information technology consulting,” said Isaac Cheifetz, an IT recruiter with Open Technologies Consulting Co. Security “is no longer simply about making sure the network firewall is up.”

For the full story, click here.

When the integrity of your system and network is at stake, neglecting a critical software update is the last task that should be placed on the back burner.

According to an article posted on Dark Reading over the summer “Six out of every 10 users of Adobe Reader are running unpatched versions of the program, leaving them vulnerable to a variety of malware attacks, according to a report…”

All software updates, although seemingly trivial, can offer protection against a variety of vulnerabilities. Most of us will readily update our anti-virus software; we all understand that it can prevent a virus from taking control of our computer or deleting our data. While the antivirus software actively scans incoming files/emails, AV software is similar to a last line of defense; it is there when your computer has already been the target of an exploitation.

It is really the everyday applications such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office that are prime candidates for exploitation by hackers if left unpatched.

Unbeknownst to many of us, there is software that can scan your computer and network and check for these un-patched systems. The software can report back exactly which software updates are missing, and then use another tool to actually exploit those vulnerabilities.

Depending on the severity of the security hole, an attacker could take complete control of your computer. An attacker could literally remote connect and disable the physical keyboard and mouse, leaving you to watch them do as they wish. Granted, you could unplug the Ethernet port or power off the computer, but still terrifying to think about if you have confidential or proprietary data on your system.

Reportedly, the RSA hack that occurred earlier this year used Microsoft Excel to execute a VBA script to exploit an Adobe Flash vulnerability. The Excel script put a backdoor on the computer that allowed the attacker full access to the machine, as well as the networks the user had access to.

While an operating system update is annoying, having to install and restart your system in the middle of the day, they are critical at times. Patching your email, instant messenger, web browser, etc, should be a top priority.

In fact, any software that is used around sensitive information should be regularly updated. Most, if not all, software that runs on your operating system will regularly check for updates. However, make sure to check that any hardware peripheral devices that have software applications on them, such as a secure USB/HDD drive also automatically checks for its own software updates.

The article has an infosec focus on newer developments in flash drive security including remote management, on-board anti-virus and more.  Here is a short excerpt:

“Remote management is really the most advanced development in flash drive security over the past few years. With remote management, organizations can centrally manage their flash drives anywhere in the world, via the Internet.

One of the main features of remote management is the ability to disable or delete lost or stolen devices. This is an incredibly powerful feature that acts as an additional safeguard for organizations that handle sensitive data. A lost drive can be reported to an IT administrator and, if not recovered in a reasonable amount of time, be scheduled for deletion to insure that the data won’t be compromised.”

For the full GSN article, click here.

For more on securing thumb drives, checkout these past posts:

Securing Flash Drives within the Enterprise

Customize Your Flash Drive - Infosec Style

11 Questions to Ask When Buying a Secure Flash Drive

For information on Kanguru’s secure flash drives, checkout the following pages:

Which Secure Flash Drive is Best for Me?

Kanguru Defender Elite