headers
Paul Jenkins | 1 Oct 2009 13:30
Favicon

RE: Securing fiche - Limestone Mines

Salt mines? Really? I can only imagine how much they would have to seal
the walls to keep the salt out of the air. A better option would be
limestone, Iron mountain has one in PA, and there's another I'm told in
?Michigan?. Limestone mines like these are used by lots of Companies as
well as Government institutions. Actually there has been an increased
presence of data centers in the mines as well, due to the security and
environmental stability. 

Food for thought.

-----Original Message-----
From: listbounce <at> securityfocus.com [mailto:listbounce <at> securityfocus.com]
On Behalf Of Ducommun, Jon
Sent: Wednesday, September 30, 2009 10:42 AM
To: security-basics <at> securityfocus.com; s0h0us <at> yahoo.com
Subject: RE: Securing fiche

Have you thought about underground salt mines?  You can purchase
secured, naturally climate controlled space for a few hundred a year.
This is also considering that your company doesn't need to access their
micro fiche daily.  :)

http://www.undergroundvaults.com/offerings/securestoragefacilities/under
groundstorage.cfml

Jon Ducommun

-----Original Message-----
From: listbounce <at> securityfocus.com [mailto:listbounce <at> securityfocus.com]
On Behalf Of s0h0us <at> yahoo.com
(Continue reading)

Permalink | Reply | 0 comments |
headers
jcoyle | 1 Oct 2009 15:54

Physical Access Cards

Good Morning,

Do you have reservations about printing the company logo on building access
cards?
If so, what are they?

Sincerely,
Jeffrey Coyle

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Permalink | Reply | 11 comments |
headers
Paul Jenkins | 1 Oct 2009 18:56
Favicon

RE: Encrytped USB Key quick win solution‏

At last years GovSec/Fose there were numerous solutions for exactly what you are describing most had
hardware encryption on the USB key, and they also has solutions for encryption key management to include a
master(admin) key for the eventuality that a DFO loses the password for it. To bad I forget the products,
left all the literature at my last job.

Though it's missing the key management I love my Cruiser Titanium, it uses U3 and hardware encryption, with
no admin level access needed. However most of the places I work now forbid such devices, and have disabled
autorun on USB.

Good luck.  

-----Original Message-----
From: listbounce <at> securityfocus.com [mailto:listbounce <at> securityfocus.com] On Behalf Of Secure Net
Sent: Wednesday, September 30, 2009 5:12 PM
To: security-basics <at> lists.securityfocus.com
Subject: Encrytped USB Key quick win solution‏

Hi,

I'm working in a large enterprise that will look next year for an "enterprise class solution" that can
handle all the life cycle of USB key that use encryption.

But now, we have to find a quick win solution that we can put in production shortly with a limited budget.

I personally used Truecrypt for several years but here the reason why I don’t want to use it for an
enterprise solution:

1-If the user lost the password of his USB key, you are dead
2-If the user go on a computer that don't already have Truecrypt installed, you need administrative privilege
(Continue reading)

Permalink | Reply | 0 comments |
headers
Roger | 1 Oct 2009 18:59
Picon

Deploying php/apache/mysql application for off-line usage.

Hello all,

I need to deploy a php/apache/mysql application so that it can be used
off-line while preventing data to be tempered with (unless the
application has a flow that allows that to happen). In other words, my
biggest concern is the protection of the database and php scripts from
direct access so that the user cannot gain access to the database and
modify the data. Here is what I have came up with so far:

* Password protect the BIOS.
* Disable booting from a CD.
* Install a Linux distribution (Windows? No IT support if the OS is
not Windows) and have an account without password(maybe with password)
to have a very limited desktop with the  only option being accessing
the local web application.
* No permission to access any files outside their home directory other
than the necessary ones.

Once again the main goal is to prevent the user to gain access to the
scripts and the database and then having the ability to put anything
in the database.

Do you have any suggestions that could help? Anything would be
welcomed. Thank you very much for your time,

Roger

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
(Continue reading)

Permalink | Reply | 2 comments |
headers
jcoyle | 1 Oct 2009 19:27

RE: Physical Access Cards

The question arose when our security vendor visited our office.
His card(s) all had the company logo on them.
We liked the look, but concerned about volunteering information on a lost
card.

Sincerely,
Jeffrey Coyle
Information Security
WinWholesale Inc.
937-531-6308 Work
937-621-0868 Mobile
jcoyle <at> winwholesale.com

|------------>
| From:      |
|------------>
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
  |"Howe, Paul H" <paul.howe <at> delta.com>                                                                                                              |
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| To:        |
|------------>
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
  |"'jcoyle <at> winwholesale.com'" <jcoyle <at> winwholesale.com>, "security-basics <at> securityfocus.com"
<security-basics <at> securityfocus.com>                    |
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Date:      |
|------------>
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
(Continue reading)

Permalink | Reply | 0 comments |
headers
Robin Wood | 1 Oct 2009 19:48
Picon

Re: Physical Access Cards

2009/10/1  <jcoyle <at> winwholesale.com>:
> Good Morning,
>
> Do you have reservations about printing the company logo on building access
> cards?
> If so, what are they?
>

I'd say the obvious one is if someone finds it in the street then they
know which doors to try the card on. Check out Johnny Longs stuff on
no tech hacking for more info on things like this.

Robin

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Permalink | Reply | 0 comments |
headers
Howe, Paul H | 1 Oct 2009 19:17
Favicon

RE: Physical Access Cards

We don't.  They are too cheap to worry about getting them back, and there is no point in advertising whose door
they open.  Do you add the company logo to physical keys?

-----Original Message-----
From: listbounce <at> securityfocus.com [mailto:listbounce <at> securityfocus.com] On Behalf Of jcoyle <at> winwholesale.com
Sent: Thursday, October 01, 2009 8:54 AM
To: security-basics <at> securityfocus.com
Subject: Physical Access Cards

Good Morning,

Do you have reservations about printing the company logo on building access
cards?
If so, what are they?

Sincerely,
Jeffrey Coyle

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

------------------------------------------------------------------------
(Continue reading)

Permalink | Reply | 2 comments |
headers
Smith, Ryan | 1 Oct 2009 20:05
Favicon

RE: Encrytped USB Key quick win solution‏

I personally haven’t used FreeOTFE Explorer, however you may want to check out Iron Key. It isn't
freeware or opensource but it is a rock solid product.  I personally use them here at our organization. The
enterprise version allows everything you are looking for and more.

https://www.ironkey.com/enterprise

Ryan

-----Original Message-----
From: listbounce <at> securityfocus.com [mailto:listbounce <at> securityfocus.com] On Behalf Of Secure Net
Sent: Wednesday, September 30, 2009 5:12 PM
To: security-basics <at> lists.securityfocus.com
Subject: Encrytped USB Key quick win solution‏

Hi,

I'm working in a large enterprise that will look next year for an "enterprise class solution" that can
handle all the life cycle of USB key that use encryption.

But now, we have to find a quick win solution that we can put in production shortly with a limited budget.

I personally used Truecrypt for several years but here the reason why I don’t want to use it for an
enterprise solution:

1-If the user lost the password of his USB key, you are dead
2-If the user go on a computer that don't already have Truecrypt installed, you need administrative privilege

I did some search and I tried FreeOTFE (http://www.freeotfe.org/)

It does what I wanted to:
(Continue reading)

Permalink | Reply | 4 comments |
headers
Paul Jenkins | 1 Oct 2009 20:05
Favicon

RE: Physical Access Cards

My reservation would be if the building access was a badge-in only, if
it's a badge-and-pin I don't see that as to big an issue. However my
question is do you have Photo badges, and are those badges on the same
clip as the access card, see where I'm headed?

-Paul

-----Original Message-----
From: listbounce <at> securityfocus.com [mailto:listbounce <at> securityfocus.com]
On Behalf Of jcoyle <at> winwholesale.com
Sent: Thursday, October 01, 2009 1:28 PM
To: Howe, Paul H
Cc: security-basics <at> securityfocus.com
Subject: RE: Physical Access Cards

The question arose when our security vendor visited our office.
His card(s) all had the company logo on them.
We liked the look, but concerned about volunteering information on a
lost
card.

Sincerely,
Jeffrey Coyle
Information Security
WinWholesale Inc.
937-531-6308 Work
937-621-0868 Mobile
jcoyle <at> winwholesale.com

|------------>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Ben Chapman | 1 Oct 2009 22:53
Gravatar

Re: Encrytped USB Key quick win solution‏

Are there any options like this that work on Apple Mac OS X and
Windows? I use both frequently and find it awkward because I cannot
use the same machine to whole time.

Thanks,
Ben

2009/10/1 Smith, Ryan <rsmith <at> cff.org>:
> I personally haven’t used FreeOTFE Explorer, however you may want to check out Iron Key. It isn't
freeware or opensource but it is a rock solid product.  I personally use them here at our organization.
The enterprise version allows everything you are looking for and more.
>
> https://www.ironkey.com/enterprise
>
> Ryan
>
> -----Original Message-----
> From: listbounce <at> securityfocus.com [mailto:listbounce <at> securityfocus.com] On Behalf Of Secure Net
> Sent: Wednesday, September 30, 2009 5:12 PM
> To: security-basics <at> lists.securityfocus.com
> Subject: Encrytped USB Key quick win solution‏
>
>
> Hi,
>
> I'm working in a large enterprise that will look next year for an "enterprise class solution" that can
handle all the life cycle of USB key that use encryption.
>
> But now, we have to find a quick win solution that we can put in production shortly with a limited budget.
>
(Continue reading)

Permalink | Reply | 1 comment |

Gmane