Coffeehouse Post

Single Post Permalink

View Thread: Autosave is unsecure - UK Government
  • User profile image

    , evildictait​or wrote


    But without encryption, the pagefile, any syncronised documents and the VPN keys are all recoverable Perplexed

    1) I'm not suggesting they don't encrypt, I'm just suggesting that they shouldn't be relying on encryption. If I ask how I know my data is safe and they say encryption I won't be satisfied (although I will be less dissatisfied than I am at the moment).

    2) I'm precisely suggesting they wouldn't sync the documents. They'd log onto the database, say via SSH, view what they needed to, change what they needed to and be done with it. There may be cases where a specific individuals files are required offline and they have to keep them locally, but that should never need to be more than a handful of individuals in one go. That's just an unavoidable risk. Yes, encrypt but don't have a false sense of security. Work in a remote/virtual desktop on the server if needs be.

    3) The VPN keys are hopefully password protected. That user's keys should be revoked and replaced as soon as the laptop is lost. Even better your logs will help you know if any data has been compromised, who's data and even some clue as to by whom.

    4) The pagefile: Not my area of expertise. But your complete database with millions of people's records won't be in there, right? Regardless, you've made the bad guys' job harder.

    If you work for a company, and you don't have encryption on your work tablet/laptop then you shouldn't be allowed to take it outside. And even if you didn't want to ever take it outside, encryption won't hurt.

    Bitlocker everything, do it now. Now add two-factor auth and swipe access to your offices. Until you've done that, everything else is just pretending you've got security.

    I'm not disagreeing. But I don't think "it's encrypted" is an excuse for having that stored locally data on a portable device. And it's only cold comfort - after all you have to assume that once an attacker has physical access to a machine it's compromised (sure, it helps that you probably won't get it back so surreptitiously sticking a key logger in there won't help them but I'd argue that the point still stands).