resources and events that can help you keep your security knowledge
and skills up to date and keep your Windows and other systems secure.
=== SECURITY Q&A ===============================================
by Randy Franklin Smith, rsmith@ultimatewindowssecurity.com
Q: Why is hardware-based disk encryption that uses Trusted Platform
Module (TPM) technology stronger than encryption that uses Windows'
Encrypting File System (EFS)?
A: More and more laptops now have a built-in TPM chip as a security
feature, and this is a good step forward in protecting the confidential
data of mobile users. EFS is a pretty good balance between security,
stability, and usability because it's implemented in the OS and has so
little effect on the user and doesn't introduce stability problems.
Third-party encryption products I've looked at either made life
difficult for users by saddling them with key management and
encryption/decryption tasks or caused stability problems.
However, EFS is vulnerable to sophisticated attackers who gain physical
access to the computer, provided they're skilled enough to tamper with
the OS. EFS encryption keys are stored by the OS in the registry, where
despite some imaginative and innovative protection methods, they're
vulnerable--especially when they're owned by local accounts on
computers that don't belong to a domain.
TPM, on the other hand, stores encryption keys in a tamper-resistant
chip similar to an internal smart card. The key never leaves the chip;
all encryption and decryption operations are carried out on the chip
itself. This significantly raises the bar on the sophistication and
equipment required to steal the key. Of course, authentication to the
TPM is just as important as protecting the key itself, and most laptops
today let you use a fingerprint, smart card, or token to authenticate.
TPM and Windows XP can coexist effectively, but Windows Vista has
features specifically built to add value to TPM--such as full-volume
encryption integrated with TPM.
(This Security Q&A originally appeared in Security Pro VIP's
Access Denied column.)
=== SECURITY RESOURCES =========================================
The following security-related resources are brought to you by Windows
IT Pro. For additional resources and information, visit
http://list.windowsitpro.com/t?ctl=55164:4160B336D0B60CB11B86DF2B9C594DEE
Join Paul Thurrott for a deep dive into administering Windows Vista's
new security features with an emphasis on the new Group Policy settings
that are exposed by this release including USB device blocking and the
new Microsoft Desktop Optimization Pack. On-Demand Web Seminar
http://list.windowsitpro.com/t?ctl=5515C:4160B336D0B60CB11B86DF2B9C594DEE
How will compliance regulations affect your IT infrastructure? Help
design your retention and retrieval, privacy and security policies to
make sure that your organization is compliant.
http://list.windowsitpro.com/t?ctl=5515E:4160B336D0B60CB11B86DF2B9C594DEE
Combat phishing and pharming with complete protection against complex
internet threats by filtering at multiple points on the gateway,
network, and endpoints.
http://list.windowsitpro.com/t?ctl=5515D:4160B336D0B60CB11B86DF2B9C594DEE
================================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://list.windowsitpro.com/t?ctl=55161:4160B336D0B60CB11B86DF2B9C594DEE
http://list.windowsitpro.com/t?ctl=55163:4160B336D0B60CB11B86DF2B9C594DEE
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=55160:4160B336D0B60CB11B86DF2B9C594DEE
Unsubscribe by clicking
http://list.windowsitpro.com/u?id=4160B336D0B60CB11B86DF2B9C594DEE
Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=55162:4160B336D0B60CB11B86DF2B9C594DEE
About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://list.windowsitpro.com/t?ctl=5515F:4160B336D0B60CB11B86DF2B9C594DEE
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2007, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment