Securing Content using File or Disk encryption

Similar Messages

• Bit locker security issues (easy to crack) disk encryption?

  Bit locker security issues (easy to crack) disk encryption?
  Problem 1: When the PC run I think its too easy to get  malicious users (with usb pendrive) or spyware to get the encryption key (fast and easy)
  youtube.com/watch?v=0npTlOq6q_0
  Problem2:not resistant with bruteforce attacks
  youtube.com/watch?v=zvaJxnvbGic
  Problem 3: not resistant with boot hacking
  Im using DriveCrypt plus pack and searched security issues in bit locker.The bit locker allow you the bruteforce/dic attack easy.I think  It would be much safer 1. (I think the keys stored somewhere that is easily read) 2. Do not just be enough password
  need a password+file combination to decrypt the disk. DriveCrypt plus pack use a file+password combination if you know the password but you wont have the file you can not decrypt the disk (protect with bruteforce attack).On system boot protected bruteforce
  attak you can crash the (boot).If the boot system crash you can not decrypt the disk just the password you need the file+password combination plus to decrypt it. I am not a programmer but I see the BitLocker ( easy security catches to crack the disk encryption).Im
  tested DriveCrypt and I can not get the key that easy (Problem 1). I have not tested it in greater depth just trying to (catches to crack software encryption).

  Where is your question, sir?
  If the question were "is it easy to crack", the answer is "no". Your videos make use of several assumptions and ingredients and permissions that a normal attacker does not have.
  "Problem 3" is not clear, please describe what scenario you are talking about.

• File vault disk encryption

  I am trying to upgrade  to yosemite and I have submitted for the file vault disk encryption. It has been almost 10 hours from the time it has stated to encypt and it is still going on. So how long it will take generally to encrypt everything on the mac.I dont have much files on my disk. I got stuck up at the below stage from the last 10hrs

  Check the progress of the conversion in the Security & Privacy preference pane.

• Anyone using SecureDoc Full-Disk Encryption for Mac from WinMagic?

  Currently I am using Mac OS X v10.5 on a MBP and want to upgrade to Snow Leopard. I use PGP full disk encryption.
  I do not want to wait anymore for PGP v10 before I can upgrade to Snow Leopard. In my search for a replacement for PGP I found SecureDoc Full-Disk Encryption for Mac from WinMagic.
  https://www.winmagic.com/products/full-disk-encryption-for-mac
  They claim to be Snow Leopard compatible
  https://www.winmagic.com/kw/download.php?url=/datasheets/securedocmac_brochure20090925a.pdf
  I have two questions:
  1) Does anyone have experience with SecureDoc Full-Disk Encryption for Mac from WinMagic?
  2) Where can I buy one? PGP has a store where I ordered my copy of the software. But I can't find a store anywhere for SecureDoc. With some trouble I found a reseller in the Netherlands, but they don't reply to any questions.

  I am currently testing a trial license from Checkpoint Full Disk Encryption.
  http://www.checkpoint.com/products/datasecurity/pc/index.html
  The company where I work is a Checkpoint reseller, and normally only has dealings with other companies, not end users. But we arranged a trial license and I can buy a single user license Checkpoint Full Disk Encryption if the test proves Checkpoint Full Disk Encryption is a good solution.
  I created a bootable usb disk with Snow Lepoard on it. But I was unable to install FDE on it. After reboot I only get a blank screen, that's it. Probably it isn't supported to boot from a full disk encrypted removable drive, I can understand that.
  I can't create a virtual Snow Leopard machine (legal reasons) to test it on. And all FDE solutions I found aren't compatible with Mac Server, which is a shame because you can virtualize Mac Server legally.
  So now I am planning to change the hard-disk of my MBP this evening with another hard-disk to test Checkpoint FDE there. I don't want to upgrade my current Leopard installation to Snow Leopard only to discover it doesn't work as expected. I could of-course use my current installation and when it doesn't work rollback to a timemachine backup, but before that I have to decrypt my disk and uninstall PGP witch will take 1-2 days, and encrypt again when the test is over. Not pratical.
  I will let you know how the test with Checkpoint Full Disk Encryption went!

• UCM 11g - how to accessing secured content using open WCM service

  Hi All,
  Does any one has an idea on how to access the contents that are checked in with security groups as "Secured". If the contents are checked in as "Public" then, we can easily access the same with the following open WCM servervice:l
  http://<ucm_server>:16200/cs/idcplg??IdcService=WCM_PLACEHOLDER&dataFileDocName=<data_file_name>&templateDocName=<region_template_name>
  Regards,
  Sanjay

  Hi Donato,
  Did you ever get an answer for this issue? I'm trying to get a similar case working and would be curious on how you ended up doing this...
  For what I know so far, this may help you:
  1) The trigger-EBSProfile requires you to pass th afGuid value, this value, is created automatically by the IPM process, basically, when you click the MA button in EBS, the SOA call to IPM does 2 things:
  First, it creates a row in the AFGRANTS table in the WCContent DB, this basically overwrites UCM security and give the user access to the documents, this table has the information of the EBS record (Business Object, and Primary Key) as well as the auto generated afGuid
  Second it sends back the URL to WCContent, mainly "/cs/idcplg/_p/min/af/trigger-EBSProfile?IdcService=GET_SEARCH_RESULTS_FORCELOGIN" and passes the afGuid created in the first step, which identifies the EBS record.
  So if you need to make direct calls to UCM under the trigger-EBSProfile you will need to manually (custom) add the afGuid and details of the EBS record to the table, the entries in this table get removed automatically based on the dexpirationdate value
  2) While the IPM SOA call overwrites the UCM security, if you have implemented your own security structure (assign a different security group to the documents and give the users access to it) you could make calls directly to UCM bypassing the "trigger-EBSProfile"..
  for example, in the call you were trying to make originally to DOC_INFO, if you know the dDocName of the document, you can simply call the service as "/cs/idcplg?IdcService=DOC_INFO_BY_NAME&dDocName=POC2001" (I use DOC_INFO_BY_NAME because you need to know the dDocId for DOC_INFO)
  You can do the same with other services like checkin/checkout etc, (for checking you will need to pass the additional parameters dfBusinessObejct, dAFBusinessObject and dfApplication to link the document to the EBS record)
  Regards,
  Juan Becerra

• Firefox cannot load a directory content using file:///...

  I'm currently using Firefox 3.6.12 on Windows server 2003 64 bits.
  When browsing a smb share mounted on windows with an URL like:
  file:///L:/dossiers_techniques/bugs/I18n_Ndmp/dir-utf8/Mus-%F0%9D%84%9E
  (NB: it's displayed without the %xy stuff but using the appropriate font and glyph)
  I simply obtain the following error page:
  XML Parsing Error: reference to invalid character number
  Location: file:///L:/dossiers_techniques/bugs/I18n_Ndmp/dir-utf8/Mus-%F0%9D%84%9E
  Line Number 184, Column 76:<title>Index of file:///L:/dossiers_techniques/bugs/I18n_Ndmp/dir-utf8/Mus-&#xd834;&#xdd1e;</title>
  ---------------------------------------------------------------------------^
  NB: I've crafted this folder and its content for I18N test purposes in the applications I'm working on.
  And this specific Firefox test was triggered by a more complex configuration involving Flex and Java which thrown an exception (java.io.UTFDataFormatException).
  As a matter of fact, using Firefox 3.0.8 running on linux, I can browse the same directory (shared and mounted through nfs) with just the small graphical issue that the single G CLEF glyph is displayed as two unknown glyphs:
  Index of file:///usr/people/lps/dossiers_techniques/bugs/I18n_Ndmp/dir-utf8/Mus-��
  I've uploaded the same "dir_utf8" content on a web server, (see URL given in the "URL of affected site" which is NOT affected): it works pretty find, if the character encoding is manually set to "Unicode (UTF-8)".
  Hence it does seem that this issue is Windows or cifs or file: protocol related.

  Clear the cache and the cookies from sites that cause problems.
  "Clear the Cache":
  * Tools > Options > Advanced > Network > Offline Storage (Cache): "Clear Now"
  "Remove Cookies" from sites causing problems:
  * Tools > Options > Privacy > Cookies: "Show Cookies"
  Start Firefox in <u>[[Safe Mode]]</u> to check if one of the extensions or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox (Tools) > Add-ons > Appearance/Themes).
  *Don't make any changes on the Safe mode start window.
  *https://support.mozilla.com/kb/Safe+Mode

• File Vault Disk encryption questions

  I want to enable filevault 2. I read that with filevault 2 I no longer need to log out for time machine backups to work hourly. Will I need to enable the encrypt disk feature in time machine in order for my backup to be encrypted also? Or do I just encrypt my whole drive with filevault and let time machine back it up as normal.

  You need to enable the encrypt disk feature in TImeMachine if you want your backup also encrypted.  FileVault only encrypts your local drive when you enable it.  TimeMachine backups are completely separate from FileVault.

• Encrypt Data using File Receiver Adapter

  Dear All,
  How to encrypt file content using file receiver adapter?
  Any suggestions would be of great help.
  Thanks and Regards
  Bhasker

  Hi,
  U can also develop custom adapter module code. For more reference plz have a look:
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/f0ac06cf-6ee2-2c10-df98-e17430ca5949?quicklink=index&overridelayout=true
  Re: Encyprtion in XI.
  Thanks
  Amit

• Encrypt a file in PI using file adapter.

  Hi,
          I need to Encrypt a flat file and ftp it. Since the target server is a bank, the data after been placed there should be decrypted. How can i achieve this?

  Hi
  In case you are using a file adapter then you can use Operating system command after and before execution. in which before processing you can decrypt the file using some decrypting command line tool and after execution you can use command line command to delete the file. and after decryption and before deletion of file you can use file content conversion
  Or else you have to write a module processor for File adapter which will decrypt the message.
  These may help you
  How XML Encryption can be done using web services security in SAP NetWeaver XI
  How XML Encryption can be done using web services security in SAP NetWeaver XI
  How to achieve encryption in XI
  This thread is similar to your question and his question is solved. Please go through it.
  triggering encryption script with XI
  Hope this is usefull
  Thanks
  Saiyog
  Edited by: Saiyog Gonsalves on Jul 16, 2008 10:16 AM

• Unable to delete files from encrypted external SD Card using File Commander

  I've run into some trouble trying to delete the directory com.spotify.music from my external SD Card (encrypted) after a hard reboot using the reset button next to the sim card.
  I need to do this for the Spotify app to work (FC on starting it) and I'm currently unable to delete the folder and its contents from Sony provided file explorer(FC File Commander).
  Is there a way to delete this app from adb or other command line tool or how should I go about this? Developer options are enabled because I'm learning to develop apps. Not particularly keen on rooting or otherwise format my SD Card but it's an option if there are no other ways to do it. 
  I can see the contents of my card using File Commander just fine. Spotify app is uninstalled, I tried remove cache and data before uninstall also.

  Thommo wrote:
  Are you able to delete files via your Pc or are you able to remove the card from your phone and connect it to a Pc for file deletion - There is a free program called Unlocker currently on version 1.9.2 which is excellent at deleting files that don't want to be deleted - You would install the program then right click the file and choose Unlocker and then when the program starts choose delete
  I guess he will not be able to move the SD card to the computer since it's encrypted and is working only with that particular device, but he should be able to access it via PC.
  If you can try to uninstall Spotify from your phone. I assume Spotify is not working due to some rubbish inside it's directory, but on the other hand you can't delete the folder because it may be used by Spotify. If you uninstall app folder may be unlocked.
  Best regards,
  Sergio PL
  Xperia Z1 / Nexus 7 (2012)

• I tried to encrypt using file vault but it froze slowing my macbook pro, how can i get things moving or stop the encryption

  i tried to encrypt using file vault but it froze slowing my macbook pro, how can i get things moving or stop the encryption

  Back up all data before proceeding. There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
  Start up in Recovery mode. When the OS X Utilities screen appears, select Disk Utility.
  In the Disk Utility window, select the icon of the startup volume from the list on the left. It will be nested below another disk icon, usually with the same name. Click the Unlock button in the toolbar. When prompted, enter the login password of a user authorized to unlock the volume, or the alternate decryption key that was generated when you activated FileVault.
  Then, from the menu bar, select
            File ▹ Turn Off Encryption
  Enter the password again.
  You can then restart as usual, if the system is working. Decryption will be completed in the background. It may take several hours, and during that time performance will be reduced.
  If you can't turn off encryption in Disk Utility because the menu item is grayed out, you'll have to erase the volume and then restore the data from a backup. Select the Erase tab, and then select
            Mac OS Extended (Journaled)
  from the Format menu.
  You can then quit to be returned to the main Recovery screen. Follow these instructions if you back up with Time Machine. If you use other backup software, follow its developer's instructions.
  Don't erase the volume unless you have at least two complete, independent backups. One is not enough to be safe.

• How to read contents of files that do not fall under public security group?

  Hi,
  I need to read the contents of a WCM based xml file that does not fall under public security.
  The process is like this:
  First the user makes chnages to the content.
  The workflow will be triggred based on the security group metadata that is associated with the content.
  Once the content is finally approved our workflow calls a custom idoc script.
  First we tried directly reading the xml contents from the idoc script which was still in the context of workflow. But since content item is still in workflow I was not able to read the changes. So I created a separate content publisher thread and read the DOC_INFO and checked for the dStatus value. If the value is RELEASED then I reading contents by calling ssIncludeXml idoc script.
  This was working fine for public content. But now the requirement is that all content cannot be public. Content authors should not be able to edit the content that does not belong to their group, So we created security groups (and roles) and are associating that groups to the relavent content.
  Beacuse of this change I am not not able to read the non public content. The call to DOC_INFO_BY_NAME service, which gives all the content files' metadata, is expecting the user to be logged in to give the details.
  I tried calling the CHECKIN service with sysadmin and captured the cookies returned by that service and use cookies for the DOC_INFO_BY_NAME service call. But the service call was faling. It is throing the 401 forbidden error with the message that user needs to be logged in to get the details.
  How to address this problem. Someone please help.
  Note: I also tried using ridc for this. I was able to get it working but since it is executing in the context of server ridc api is changing server's environment properties like HTTP_HOST, HTTP_CGIPATHROOT etc. It also seemed like system was becoming non functional after using ridc. When I called check-in the system metadata values like security group are no more loading. Not sure if ridc is the culprit here but worried that it might be causing this issue.
  Regards,
  Pratap

  Sorry, I posted too much details while posting this question. I was saying "not able to read *non* public content".
  Anyway, I was able to resolve the issue. I was able to authenticate with sysadmin credentials in the request to service using basic authentication and was able to read doc info with that credential.
  But I realized there is more than option for reading secure content.
  - I could set user name as sysadmin in the m_environment (if I am in the context of a service) and the call the DOC_INFO_BY_NAME service.
  - I can post an HTTP request to DOC_INFO_BY_NAME service with sysadmin credentials and do basic authorization via the connection. (This is what i have done successfully as of now )
  - I could add guest role to all security groups with R (read) privileges.
  I will look into all options and implement the one which is more apt.
  Regards,
  Pratap

• How does one save new files to an encrypted disk image?

  I encrypted a particular folder, and used a sparse image to leave plenty of room, as well as using read/write permissions, but I don't see how to save new files to the encrypted folder.

  So, I guess you have to save the file to the desktop and then drag it to the mounted disk?
  No, you should be able to save directly to a mounted disk image via a dialogue box. There is no need for an intermediate step. As long as the encrypted disk image is mounted, it is open and appears to be just another folder.
  As an experiment, open a Textedit document and save it to the mounted (open) disk image via Save As in Textedit. It should be able to do that.

• Can host hacker break into guest that uses full disk encryption?

  I know it is unlikely but let us say host has got owned, ie a hacker has managed to break into the host.
  How would they go about breaking into a linux VM that uses full disk encryption?
  They can't mess with the .vmdk without damaging it - it is encrypted by the guest.
  They can't use vmrun because they do not know the guest passwords.
  They can't attach to processes in the guest with debugging tools because they cannot see individual guest processes.
  What can they do?  And crucially, what can I do as a countermeasure?

  What really matters is WHERE you do the encryption. If the encryption is too low, data in the guest appears unencrypted. If it is in the guest, then the keys live in the guest and since SGX is not around at the moment, keys are somewhere in guest memory even for a little bit of time.
  So the real question is what are you trying to achieve?
  If you are trying to meet encryption at rest requirements then it makes no difference where you encrypt as the data on the disk will be encrypted and without the key no one can decrypt it. Now if you have keys generated within a VM without using DRNGD or some other high quatlity randomness source, then your keys could be predictable and you need to guard against making it easy for a brute force attack.
  If you need to encrypt data in motion?
  Then you need to consider how the VM is protected itself, how an application interacts with data to determine during 'motion' if someone should not be accessing the data even though they are already supposedly allowed to do so. Keys are in memory, so therefore you need to guard memory access for those keys to only the application in question. This is the hard part, and requires you to think seriously about logging, key management, etc.
  So really what are you trying to achieve?
  Best regards,
  Edward L. Haletky
  VMware Communities User Moderator, VMware vExpert 2009-2015
  Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.
  Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast

• Hard disk encryption/Using mac in NHS?

  Hi,
  Does anyone have any experience using a mac (legally) in the NHS? I have been in touch with the IT dept at the Trust I work in, and have been told "they don't support macs". Apparently whole disk encryption is required. It seems the MacAffee encryption software that the NHS uses does not work on macs. I have tried to find mac encryption software on the CESG and under the Common Criteria to argue my case, but haven't been successful. Surely it's possible to encrypt a mac and use in the NHS (I don't even need to connect to the netowrk, just work with the odd bit of patient information)????? I'm sure there must be other mac users who have experienced similar problems, but haven't been able to find any entries in the forums - apologies if I have missed the blindingly obvious.
  Any advice gratefully received!

  Thank you for your responses. Unfortunately the Mac disk utility is not sufficient, as it is not whole disk encryption. I have looked at PGP and truecrypt, which I'm sure would do the job, but I have been told "no, get a windows-based computer". I have contacted the CESG, which advises on such matters, but apparently they don't have any Mac approved software either, and can't advise on an appropriate level of security. This is apparently up to the individual trust, who need to do an impact assessment (but it is clearly much easier just to say no!)....If anyone has had any luck getting their Mac approved for hospital use, I'd be interested to hear. Surely someone in the world's third largest employer uses a Mac at work