LinkBack URL
About LinkBacksRead more.ViaSat reveals the Eclypt Nano range for corporate, public sector and government use.
Read more.ViaSat reveals the Eclypt Nano range for corporate, public sector and government use.
If you're walking around with top secret material under your arm, you've just failed at security. If you're walking around with top secret material in your pocket, you've really failed at security. This stuff just shouldn't leave government offices, ever, period.
Well since it seems to regularly leave in plaintext, I'd rather have it properly encrypted than the way it is now. I really don't know how the idiots get a job involving such sensitive data in the first place! But this drive is nothing new; well thought out drives like the Ironkey have been around for years so not having the kit available is no excuse.
I suspect that you won't be able to decrypt on Linux or Mac computers, further locking the UK guvernment into a microsoft balls-grip
Does it pass the 'scissors next to the testicles' test.
No, hence insecure.
I know the Ironkey does support other OSes, it didn't originally but support was added later.Originally Posted by bobharvey
Simple, don't give the carrier the key. Following proper security practice, you don't have the key material and the ciphertext in the same place, i.e. biometrics, keyfile and passphrase are of limited use if they all belong to the carrier...
By definition someone has to have access to the data. If not the data is by definition neither secure or insecure.
Security by definition is trust and audit.
Of course, but that someone shouldn't be the person who's carrying it, key and ciphertext should be kept far apart and have no knowledge of each other ideally. If you're relying on one person to carry top-secret data on a £100 flash drive whilst memorising the key you're doing something badly wrong. If an adversary found such a situation they'd be very suspicious of the legitimacy of the data - being handed to them so easily it's probably a decoy.
But we know in reality this just wont happen. If all the data holder is doing with the data is transporting it from A->B, the government has way more secure dedicated line data transmission methods available, even over VPN is far safer. These sneakernet solutions are about out of office working on the data, and that just shouldn't happen.
I agree, but I doubt most of it is authorised. But in cases like the one where some idiot lost 2 CDs' worth of social security numbers (IIRC), that would have been much better even if something free like Truecrypt was used.
Right, but government clerks shouldn't even have the capability of copying data in the first place. If legitimate employees can copy it at ease, spies can do it, too. It's a massive gaping hole in security.
do they have a loud whistling function that operates after being left unattended on a train?
It may be different in civil service but I thought anything above "Restricted" (although they may have different names for classifications), e.g. Secret, Top Secret is not allowed to be copied or even allowed to be removed from the room/premises it is in. At least that's how it was at the nuclear place I briefly worked in. I'm pretty sure if the civil servants (and mainly ministers from the headlines) simply followed existing procedure there wouldn't be a requirement for such extreme measures anyway. I'm pretty sure in many of the headline cases of data loss by civil servants etc they weren't actually following their own rules.
Yeah that's my thinking too, but the penalties don't seem to be enough of a deterrent for breaking the rules, unfortunately. I know of someone who worked in the nuclear industry and made a simple mistake on some paperwork and immediately lost his job. I mean what he did wasn't dangerous in itself but measures like that tend to stop carelessness in the first place.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote