US Government technology professionals are invited to visit Kanguru at FOSE 2011 next week at the Washington Convention Center (Booth # 800). Come learn more about the Kanguru RocIT Defender Elite – our bootable, virtual PC on a flash drive. The device features FIPS 140-2 encryption and DoD-tested virtual runtime environment.
We’ll also be displaying our Hard Drive, DVD and USB Duplication Equipment, as well as our next generation Secure USB storage products. While you’re there, join our email list and receive a FOSE discount.
Register for an Expo Pass here.
Events, Government
A great little story came out a couple of weeks ago regarding the Federal Information Processing Standards (FIPS) Validation process which definitely bears repeating. In the article, the author compares not using FIPS Validated cryptography to “opening a savings account at a bank without the FDIC’s $250K-per-account guarantee. You could do it, and it might work, but why take the risk when a safer option is available for no extra charge?” Read more…
Data Security, Government
Secret KGC Recipe Stored on Encrypted Flash Drive
A recent press release from KFC notes that “the original copy of the KGC secret recipe is kept on an encrypted computer flash drive and safely stored in the high-security KFC vault – right next to Colonel Sanders’ handwritten Original Recipe.”
Government secrets, financial information, medical info, PII, and now secret recipes… What sort of confidential info do you store on your encrypted flash drive?
Data Security
Co-authored by Nate Cote and Emmett Jorgensen
Too often we, as security professionals, aren’t asking all of the right questions when evaluating a new product or service. We’ve all heard of “256-bit AES” encryption and products secured with RSA keys of “x” size. Encryption key sizes have become commonplace metrics for evaluating security products utilizing cryptography – and many times become one of the primary pieces of information that drives product adoption by an organization. A serious question we should be asking about cryptographic products, however, is related to the effectiveness of the Random Number Generator (RNG).
How many people truly gather any information on the randomness of the cryptography implemented in a product or module? More specifically, is there any analysis of the effectiveness of the RNG? This is, after all, the engine of the entire process and perhaps the most critical piece of a product using cryptographic functionality. Unfortunately, this information is nearly never discussed since most people don’t understand the importance of RNG quality, and therefore don’t ask about it. Read more…
Data Security
Electronic medical records are the future, and the government is encouraging their adoption through the HITECH act. InfoSecurity.com has analysis of the first phase of HITECH:
Phase I implementation (2011–2014) provides a graduated series of financial incentives to physicians and hospitals. At the same time, certain information security measures must be implemented along with the expanded use of electronic health records and information exchanges.
For healthcare facilities, these security measures include implementation of access control; data integrity; emergency management; encryption of data at rest, in motion, and removable media; identity proofing; log analysis and management; and system timeout.
Healthcare organizations are advised to use an encryption algorithm that meets FIPS 197 standards or better. It’s important to ask your vendor about their encryption certifications, as not all password-protected devices are truly secure.
Data Security, Healthcare
Kanguru’s own Matthew Losanno and Emmett Jorgensen contributed this article to Infosec Island outlining the importance of secure password storage. A few excerpts:
Essentially there are two versions to every password; the password that the user enters at the login screen, and the password stored on the website/server for authentication.
This, of course, begs the question; how secure is the location of the password stored for authentication?
As the recent Sony breach demonstrates, securely storing the password is just as, if not more, important than the strength of the password itself. In this article recently posted by CNET, Lulzsec, the group claiming responsibility for the most recent breach states, “This target gave us LOLs as it provided internal release dates of records, barcodes, sales reports, and plaintext Sony employee passwords.”
Read the full article here.
Data Security
Convenience or Security? It’s a dilemma encountered by IT professionals every day.
Smart phones, flash drives, and other personal mobile devices have become the norm within business environments today. Each brings unique features that contribute to business productivity and many professionals will tell you they are indispensable in their everyday activities.
So how can infosec professionals deal with the plethora of devices out there?
Ban them altogether and there is a very real risk that productivity will suffer. Allow them without having some sort of management plan in place and a costly data breach could be in your future. So, can mobile devices be managed without severely limiting their functionality and convenience? Read more…
Data Security
Today on InfoSec Island, you can read a new article by Kanguru contributors regarding the security of Solid State Drives (SSD). New technologies used in SSD’s makes it difficult to sanitize the drives of sensitive information.
Due to the difference in technology between flash based SSD’s and platter based HDD’s, currently accepted methods for sanitizing HDD’s such as multiple pass disk wipe and degaussing are not effective for securely removing data from SSD’s.
The difficulty in safely wiping SSD’s stems from the fact that SSD’s, and their cousin the flash drive both utilize solid state memory and a data writing technique known as wear-leveling. Wear-leveling is a method of controlling which flash cell has data written to it.
The article points out an effective method of ensuring that sensitive information can never be recovered by the wrong person.
A simple yet effective way to make sure that data is unrecoverable from an SSD is to utilize encryption. Using full disk encryption has a twofold effect. The first obvious effect is it will secure the contents of the data on the SSD.
Adding encryption, preferably at the hardware level, adds a layer of security to all your data and is a step towards meeting many of the security requirements currently needed in the financial, healthcare and public sectors.
Second, and equally important, when it comes time to retire the drive, the encryption key can be deleted, leaving the data inaccessible.
Read the full article here.
Data Security
State legislatures around the country continue to enact stronger and stronger data breach laws to protect their citizens against unlawful use of personal information. The two latest actions are in California and Massachusetts. See the Workplace Privacy Report to learn more about the new bills.
Massachusetts already has one of the toughest data security laws. Most other states have regulations that require public notification of data breaches and allow for civil or criminal penalties. Many, but not all of them, provide safe harbor from penalties if the data was properly encrypted.
Data Security
Kanguru is pleased to announce that we have been chosen to provide a major healthcare provider in Maryland with secure flash drives and remote management software. Our encrypted flash drives will help keep their patient data safe and secure, and also help them meet HIPAA regulations relating to data security and privacy.
This is the latest of several secure flash standardizations Kanguru has recently been involved with across the government, healthcare, and financial industries. Healthcare providers have been under increasing scrutiny lately as the Dept of Health & Human Services has stepped up enforcement of HIPAA privacy rules. Kanguru’s remote management platform provides security against data breaches as well as audit logs for proof of compliance.
Data Security, Healthcare, Portable Storage
Follow us on Twitter