[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ubuntu-devel-discuss
Subject:    USB Stick security
From:       modern_ronin () web ! de (Thorsten sick)
Date:       2007-07-06 21:54:59
Message-ID: 1183758899.10164.9.camel () DeepBlue
[Download RAW message or body]

Hello list

I am Thorsten Sick and develop for a German security company. Writing
detections for Windows malware all the day I am thinking about how to
create a more secure system. Hardening Linux is an important thing, but
IMHO it is still (wait till there are more Linux Viruses) more important
to help people handling their system a secure way just by using it. 

I want to share my ideas with you and hope for feedback.
And before I forget: Thanks for writing Ubuntu. I am using it since
Badger.

Idea 1)
USB stick security
******************
USB memory sticks can be lost. The danger is 
a) Data stored only on the stick is gone
b) Other people have access to the data

Ubuntu can help. As soon as a stick is attached for the first time, the
user is asked:
"There is a new USB Stick. If this is yours you may want to"
[ ] Back it up every time it is attached. If the stick is lost, the data
is not.
[ ] Encrypt it. If the stick is lost or stolen, no one else can access
the data on it.

Back up: The Stick is added to the normal backup schedule. 
Encrypt: A bit more difficult. A Truecrypt file is created. The user
enters a password for it. This password can be stored in the Ubuntu
password safe. If there was any data on the stick before, it is moved
into the truecrypt file. This file can be auto-mounted as soon as the
stick is mounted by Ubuntu. So this is transparent to the user. 
The special trick: Sticks are used for data transfer. As long as there
is Microsoft Windows, it would be good to add the windows binary of
truecrypt to the stick. The stick will contain the encrypted folder, and
the Installer for Truecrypt. If the user wants to transfer files to a
Windows PC, he has everything he needs.
An Ubuntu PC will have truecrypt installed by default.
Optional there can be a "encrypted" and an "unencrypted" folder on the
stick. 

The other ideas need a lot of thinking on my side before I post them.

Thanks
Thorsten

-- 
Thorsten Sick

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20070706/2755ce3b/attachment.pgp \



[prev in list] [next in list] [prev in thread] [next in thread]