מצגת לכנס הביקורת הפנימית מרצה :  ד " ר אורן איתן מאי  2010
Non-Secure USB Drives -  Threats <ul><li>High Risk </li></ul><ul><ul><li>51% of enterprise users stored confidential data ...
The USB Problem:  Nearly 100 Million Flash Drives in Businesses  DataCrypto © 2009, All rights reserved. <ul><li>350 milli...
Typical users of DOK <ul><li>Federal Government </li></ul><ul><li>Financial Services </li></ul><ul><li>Healthcare and Phar...
10 Required Security Features <ul><li>Automatic, Hardware-based   Not optional and   much more secure & faster than softwa...
10 Required Security Features  (cont’) DataCrypto © 2009, All rights reserved. <ul><li>Policy control and enforcement </li...
Additional requirements DataCrypto © 2009, All rights reserved. <ul><li>Secure Device Recovery & Password Reset </li></ul>...
FIPS 140-2 Standard DataCrypto © 2009, All rights reserved. <ul><li>Issued by National Institute of Standards and Technolo...
FIPS 140-2 Standard DataCrypto © 2009, All rights reserved. <ul><li>Level 1 - very limited requirements. </li></ul><ul><li...
Common Criteria Standard DataCrypto © 2009, All rights reserved. <ul><li>Issued by the International Standard Organization...
DataCrypto © 2009, All rights reserved. Common Criteria Standard <ul><li>Seven levels of evaluation. Level 1 is the lowest...
DataCrypto © 2009, All rights reserved. Common Criteria Standard <ul><li>Confidence that the system's principal security f...
<ul><li>Most secure encryption technologies. </li></ul><ul><li>Onboard Crypto chip. </li></ul><ul><li>Encrypted in hardwar...
World's Most Secure Flash Drive An ultra-secure encrypted USB flash drive, ideal for military and commercial customers. FI...
www.toyoram.co.il www.datacrypto.com [email_address] Thank YOU !
Upcoming SlideShare
Loading in …5
×

אבטחת מידע באמצעי תקשרות נתיקה - דרכים לפתרון

644 views

Published on

הרצאה של ד"ר אורן איתן, במסגרת כנס הקיץ (2010) של לשכת המבקרים הפנימיים ישראל שהתקיים ב 26/27.5.2010 בתל-אביב

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
644
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
14
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Enterprises are becoming acutely aware of the risks posed by mobile storage devices. New incidents are constantly reported . Here are a few examples all over the world from last year. These incident reports can be found online at the following locations: BBC News Online: British Ministry of Defense loses secret data - http://news.bbc.co.uk/2/hi/uk_news/7514281.stm USA Today: Small drives cause big problems - http://www.usatoday.com/tech/news/computersecurity/2006-08-15-thumbdrives-stolen_x.htm Government Technology: Confidential data lost by USB - http://www.govtech.com/gt/103606?topic=117671 Futuregov: USB drive with patient data mising - http://www.futuregov.net/articles/2009/mar/26/usb-drive-patient-data-missing/ IronKey recently commissioned some research from an organization called the Ponemon Institute that shows just how prevalent the problems has become. Some companies have tried to limit the risk by banning flash drives. But this often proves impractical and impossible to enforce. Bans can be harmful to productivity. Plus, when they are banned users often resort to other resources for transferring data – such as sending it through a personal email account. This is usually a worse outcome because then the data is on the email service somewhere.
  • Enterprises are becoming acutely aware of the risks posed by mobile storage devices. New incidents are constantly reported . Here are a few examples all over the world from last year. These incident reports can be found online at the following locations: BBC News Online: British Ministry of Defense loses secret data - http://news.bbc.co.uk/2/hi/uk_news/7514281.stm USA Today: Small drives cause big problems - http://www.usatoday.com/tech/news/computersecurity/2006-08-15-thumbdrives-stolen_x.htm Government Technology: Confidential data lost by USB - http://www.govtech.com/gt/103606?topic=117671 Futuregov: USB drive with patient data mising - http://www.futuregov.net/articles/2009/mar/26/usb-drive-patient-data-missing/ IronKey recently commissioned some research from an organization called the Ponemon Institute that shows just how prevalent the problems has become. Some companies have tried to limit the risk by banning flash drives. But this often proves impractical and impossible to enforce. Bans can be harmful to productivity. Plus, when they are banned users often resort to other resources for transferring data – such as sending it through a personal email account. This is usually a worse outcome because then the data is on the email service somewhere.
  • IronKey has thousands of customers in numerous market segments.
  • Always-on hardware encryption means that anything put on the device is encrypted – this helps people stay compliant with privacy and security regulations Encryption keys are created on the device – not injected in a chip factory outside the US. No one has a list of the encryption keys used by the IronKey.
  • Always-on hardware encryption means that anything put on the device is encrypted – this helps people stay compliant with privacy and security regulations Encryption keys are created on the device – not injected in a chip factory outside the US. No one has a list of the encryption keys used by the IronKey.
  • Always-on hardware encryption means that anything put on the device is encrypted – this helps people stay compliant with privacy and security regulations Encryption keys are created on the device – not injected in a chip factory outside the US. No one has a list of the encryption keys used by the IronKey.
  • Always-on hardware encryption means that anything put on the device is encrypted – this helps people stay compliant with privacy and security regulations Encryption keys are created on the device – not injected in a chip factory outside the US. No one has a list of the encryption keys used by the IronKey.
  • Always-on hardware encryption means that anything put on the device is encrypted – this helps people stay compliant with privacy and security regulations Encryption keys are created on the device – not injected in a chip factory outside the US. No one has a list of the encryption keys used by the IronKey.
  • Always-on hardware encryption means that anything put on the device is encrypted – this helps people stay compliant with privacy and security regulations Encryption keys are created on the device – not injected in a chip factory outside the US. No one has a list of the encryption keys used by the IronKey.
  • Always-on hardware encryption means that anything put on the device is encrypted – this helps people stay compliant with privacy and security regulations Encryption keys are created on the device – not injected in a chip factory outside the US. No one has a list of the encryption keys used by the IronKey.
  • Always-on hardware encryption means that anything put on the device is encrypted – this helps people stay compliant with privacy and security regulations Encryption keys are created on the device – not injected in a chip factory outside the US. No one has a list of the encryption keys used by the IronKey.
  • אבטחת מידע באמצעי תקשרות נתיקה - דרכים לפתרון

    1. 1. מצגת לכנס הביקורת הפנימית מרצה : ד &quot; ר אורן איתן מאי 2010
    2. 2. Non-Secure USB Drives - Threats <ul><li>High Risk </li></ul><ul><ul><li>51% of enterprise users stored confidential data on flash drives </li></ul></ul><ul><ul><li>61% disclosed they had lost data bearing devices – Ponenmon Institute. 2009 </li></ul></ul><ul><li>Bans often impractical </li></ul><ul><ul><li>Harms productivity </li></ul></ul><ul><ul><li>Too ubiquitous </li></ul></ul><ul><ul><li>Alternatives are equal or higher risk </li></ul></ul>DataCrypto © 2009, All rights reserved. Great for convenience and mobility but…
    3. 3. The USB Problem: Nearly 100 Million Flash Drives in Businesses DataCrypto © 2009, All rights reserved. <ul><li>350 million USB drives in use worldwide </li></ul><ul><ul><li>25% used in the enterprise </li></ul></ul><ul><li>86% of enterprises use USB flash drives to store and exchange data. </li></ul><ul><li>83% of IT workers have USB drives </li></ul><ul><ul><li>2/3 not encrypted </li></ul></ul>Sources: Forrester Consulting, Credant, InformationWeek, TechWorld, Ponemon
    4. 4. Typical users of DOK <ul><li>Federal Government </li></ul><ul><li>Financial Services </li></ul><ul><li>Healthcare and Pharmaceutical </li></ul><ul><li>Technology </li></ul><ul><li>Energy and Utilities </li></ul><ul><li>Law Enforcement and State or Local Agencies </li></ul><ul><li>… and more… </li></ul>IronKey– © 2009 All rights reserved.
    5. 5. 10 Required Security Features <ul><li>Automatic, Hardware-based Not optional and much more secure & faster than software encryption </li></ul><ul><li>Strong Key Protection Keys are stored on the device & managed in Cryptochip (hardware) </li></ul><ul><li>Highest level of certification </li></ul><ul><li>Always look for FIPS 140-2 or CC highest grades </li></ul><ul><li>Self-defending capabilities </li></ul><ul><li>To prevent physical, software and malware attacks </li></ul><ul><li>Secure Mode of AES Uses Cipher Block Chaining (CBC) not Electronic Code Book (ECB) </li></ul>DataCrypto © 2009, All rights reserved.
    6. 6. 10 Required Security Features (cont’) DataCrypto © 2009, All rights reserved. <ul><li>Policy control and enforcement </li></ul><ul><li>Remote management </li></ul><ul><li>Extends control even to devices in the field </li></ul><ul><li>Trusted Updates </li></ul><ul><li>Allows devices to be maintained and upgraded safely </li></ul><ul><li>Access control and Silver Bullet Service </li></ul><ul><li>Ensures security even if lost </li></ul><ul><li>Secure manufacturing and provisioning process </li></ul><ul><li>allows customers to trust the supply chain and management workflow. </li></ul>
    7. 7. Additional requirements DataCrypto © 2009, All rights reserved. <ul><li>Secure Device Recovery & Password Reset </li></ul><ul><li>Read-only Mode </li></ul><ul><li>Onboard Anti-Malware Scanning </li></ul><ul><li>Secure AutoRun Protects Against Worms </li></ul>
    8. 8. FIPS 140-2 Standard DataCrypto © 2009, All rights reserved. <ul><li>Issued by National Institute of Standards and Technology (NIST). </li></ul><ul><li>The Federal Information Processing Standardization 140 (FIPS 140) coordinates the requirements and standards for cryptographic modules which include both hardware and software components for use by departments and agencies of the US federal government. </li></ul><ul><li>Current standard FIPS 140-2. </li></ul><ul><li>Four levels FIPS 140-2 level 1 to level 4. Level 1 is the lowest. </li></ul>
    9. 9. FIPS 140-2 Standard DataCrypto © 2009, All rights reserved. <ul><li>Level 1 - very limited requirements. </li></ul><ul><li>Level 2 - physical tamper-evidence and role-based authentication. </li></ul><ul><li>Level 3 - physical tamper-resistance, identity-based authentication and physical or logical separation between interfaces. </li></ul><ul><li>Level 4 - physical security requirements more stringent and requires robustness against environmental attacks. </li></ul>
    10. 10. Common Criteria Standard DataCrypto © 2009, All rights reserved. <ul><li>Issued by the International Standard Organization (ISO/IEC 15408) for computer security certification. </li></ul><ul><li>Common Criteria (CC) for Information Technology Security Evaluation. </li></ul><ul><li>Current standard version 3.1. </li></ul><ul><li>Assures that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard manner. </li></ul>
    11. 11. DataCrypto © 2009, All rights reserved. Common Criteria Standard <ul><li>Seven levels of evaluation. Level 1 is the lowest. </li></ul><ul><li>Evaluation Assurance Level (EAL). </li></ul><ul><li>EAL1: Functionally Tested </li></ul><ul><li>EAL2: Structurally Tested </li></ul><ul><li>EAL3: Methodically Tested and Checked </li></ul><ul><li>EAL4: Methodically Designed, Tested, and Reviewed </li></ul><ul><li>EAL5: Semi formally Designed and Tested </li></ul><ul><li>EAL6: Semi formally Verified Design and Tested </li></ul><ul><li>EAL7: Formally Verified Design and Tested </li></ul>
    12. 12. DataCrypto © 2009, All rights reserved. Common Criteria Standard <ul><li>Confidence that the system's principal security features are reliably implemented. </li></ul><ul><li>The EAL level does not measure the security of the system itself, it simply states at what level the system was tested. </li></ul>
    13. 13. <ul><li>Most secure encryption technologies. </li></ul><ul><li>Onboard Crypto chip. </li></ul><ul><li>Encrypted in hardware using AES CBC-mode encryption. </li></ul><ul><li>All data written to your drive is always encrypted. </li></ul><ul><li>Dual channel SLC Flash. </li></ul><ul><li>FIPS 140-2 level 3 compliant. </li></ul><ul><li>True Random Number Generator. </li></ul><ul><li>Physically hardened metal casing. </li></ul><ul><li>Epoxy layer prevents reverse engineering. </li></ul><ul><li>Waterproof and tamper resistant. </li></ul>The IronKey
    14. 14. World's Most Secure Flash Drive An ultra-secure encrypted USB flash drive, ideal for military and commercial customers. FIPS 140-2 Validated. SDV ® World's top encryption Hard Drive Hardware based disk encryption – secure your data and eliminate data/identity theft Smart Card MicroSD/MMC Secure MicroSD/MMC storage platform, with integrated Smart Card functionality for mobile applications with high security demands. KoolSpan Secure Voice - end-to-end GSM voice encryption solution The ultimate cost-effective solution for documentation and Email classification Hitachi VeinID Hitachi's Finger Vein attesting technology identifies finger vein patterns that exist inside the human body
    15. 15. www.toyoram.co.il www.datacrypto.com [email_address] Thank YOU !

    ×