Upload File

fortress - the debate continues

2
Vol. 9, No. 7, Page 10 FORTRESS - THE DEBATE CONTINUES Martin Kochanski's headline-grabbing activities in cracking file-encryption software (see "Martin Kochanski cracks Fortress" in the April issue of Computer Fraud & Security Bulletin) demonstrate a common misunderstanding that security professionals continually strive to overcome. Properly constituted computer security does not rely on one single mechanism (for example encryption), but encompasses multiple layers of access control to deter unauthorized users of a system, and to limit the activities of authorized users. Of course, Kochanski has not cracked Fortress, he has merely achieved what any authorized user might obtain from his own files. He has only attacked one aspect of an access control system. A criminal, intent on stealing readable information from a microcomputer protected by access controls, first has to breach any physical barriers. We advise our clients to site machines sensibly in order to limit access to them. Locked doors or keyboards are simple but effective deterrents. However, we must assume that at some times doors will not be locked and machines will be unattended. The next step is to switch on the machine. The criminal should be faced with a sign-on screen which requires the entry of a system password. If he successfully enters the system password, he should then need to identify himself with a user-id and password. Any good access control software should then present him with a menu which allows access to the particular programs and files that the user is allowed to deal with. Some of the options on the menu may also be password-protected. If encryption is incorporated as a feature, then we would expect it either to encrypt all files, or to be under the control of security administrator. We would not expect users to be faced with deciding whether or not to encrypt individual files. To guard against machines being left on and unattended, we would expect to see software-driven terminal time-out procedures, Of course, passwords are like physical keys, and people can leave them lying around. But all that any reasonable security function (whether it is mainframe- or micro-oriented) can do is:- a. Educate people in password and key security. b. Ensure that the access control software forces users to change their passwords. C. Establish access menus which limit users to their authorized tasks. Instead of trying to work through the access control layers, can the criminal use any other routes to information? An obvious method would be to reboot DOS from drive A to access the hard disk. Access control software should either lock out drive A for booting, or should ensure that programs cannot act on data on the hard disk 0 1987 Elsevier Science Publishers B.V., Amsterdam./Bi’/$O.OO + 2.20 No part of this publication may be reproduced. stored in a retrieval system, or transmitted by any form or by any means. electronic, mechanical, photocopying. recording or otherwise, without the prior permission of the publishers (Readers in the U.S.A. - please see special regulations listed on back cover.)

Upload: john-high

Post on 19-Nov-2016

216 views

Category:

Documents


3 download

Report

TRANSCRIPT

Page 1: Fortress - the debate continues

Vol. 9, No. 7, Page 10

FORTRESS - THE

DEBATE CONTINUES

Martin Kochanski's headline-grabbing activities in cracking

file-encryption software (see "Martin Kochanski cracks Fortress"

in the April issue of Computer Fraud & Security Bulletin)

demonstrate a common misunderstanding that security professionals

continually strive to overcome. Properly constituted computer

security does not rely on one single mechanism (for example

encryption), but encompasses multiple layers of access control to

deter unauthorized users of a system, and to limit the activities

of authorized users.

Of course, Kochanski has not cracked Fortress, he has merely

achieved what any authorized user might obtain from his own

files. He has only attacked one aspect of an access control

system. A criminal, intent on stealing readable information from

a microcomputer protected by access controls, first has to breach

any physical barriers. We advise our clients to site machines

sensibly in order to limit access to them. Locked doors or

keyboards are simple but effective deterrents. However, we must

assume that at some times doors will not be locked and machines

will be unattended.

The next step is to switch on the machine. The criminal

should be faced with a sign-on screen which requires the entry of

a system password. If he successfully enters the system password,

he should then need to identify himself with a user-id and

password. Any good access control software should then present

him with a menu which allows access to the particular programs and

files that the user is allowed to deal with. Some of the options

on the menu may also be password-protected.

If encryption is incorporated as a feature, then we would

expect it either to encrypt all files, or to be under the control

of security administrator. We would not expect users to be faced

with deciding whether or not to encrypt individual files. To

guard against machines being left on and unattended, we would

expect to see software-driven terminal time-out procedures,

Of course, passwords are like physical keys, and people can

leave them lying around. But all that any reasonable security

function (whether it is mainframe- or micro-oriented) can do is:-

a. Educate people in password and key security.

b. Ensure that the access control software forces users to

change their passwords.

C. Establish access menus which limit users to their authorized

tasks.

Instead of trying to work through the access control layers,

can the criminal use any other routes to information? An obvious

method would be to reboot DOS from drive A to access the hard

disk. Access control software should either lock out drive A for

booting, or should ensure that programs cannot act on data on the

hard disk

0 1987 Elsevier Science Publishers B.V., Amsterdam./Bi’/$O.OO + 2.20 No part of this publication may be reproduced. stored in a retrieval system, or transmitted by any form or by any means. electronic, mechanical, photocopying. recording or otherwise, without the prior permission of the publishers (Readers in the U.S.A. - please see special regulations listed on back cover.)

Page 2: Fortress - the debate continues

Vol. 9, No. 7, Page 11

If the UK's Ministry of Defence had installed access control

software on the machines which they subsequently sold, they would

not have been embarrassed by the recent headlines about secret

information found on one of their computers bought from an Oxford

Army Surplus shop.

Another route would be for the criminal to steal backup

diskettes. If the user has not physically secured his diskettes,

then this is a possibility. How will the criminal decrypt a

backup diskette? Clearly he could do what Martin Kochanski has

done - but then he needs to be an authorized user of the access

control software. Last month's article stated, "However elaborate

a package's use of passworks, if the encryption is not secure,

then someone can read the disk." I don't think that many

administrators of PACF, ACF2, etc., would agree.

John High, Deloitte, Haskins and Sells, London.

Martin Kochanski replies:

John High defends Fortress by saying that the encryption

algorithm is just a small part of the whole system, and so its

strength does not really matter. In that case, I feel it would

have been preferable to have omitted encryption from Fortress

altogether, rather than to include an easily-broken algorithm to

give an (according to High) unnecessary air of extra security.

I, on the other hand, would assert that microcomputer

security is not the same as mainframe security (Is Data Security

Possible on Microcomputers? European Computer Systems Security

Forum, published by Online, London 1984), and that encryption is

an indispensable foundation to any microcomputer security system.

However impressive a system of passwords and access controls one

installs, a medium which contains sensitive data (e.g. a

microcomputer disk) remains easily portable and easily stolen, and

the elaborate physical security precautions that surround

mainframes are impossible or impractical in a microcomputer

environment.

The Fortress manual itself states that "even if a thief

succeeds in stealing the machine, the data on the hard disk is

still secure" and that "a disk encrypted using Fortress can safely

be allowed to leave the premises for repair". In both these

cases, the encryption algorithm is the only thing that can stop a

thief from reading the data.

Commenting on my attack on the encryption algorithm, John

High draws comfort from the fact the thief would have to be an

authorized user of Fortress. Since, given access to only one copy

of Fortress, my analysis can be used to read files produced by any

other copy, the whole security of Fortress relies on Deloitte's

scrutiny of all purchasers' credentials to ensure that no one with

potentially sinister intentions will ever get hold of a copy.

Martin Kochanski, Business Simulations Ltd.

@ 1997 Elsevier Science Publishers B.V., Amsterdam./87/$0.00 + 2.20

COWPUIEBF~~D& No part of this publication may be reproduced, stored in a retrieval system, or transmitted by any form or by any

sEcuRn7BvLLglp

means, electronic. mechanical, photocopying, recording or otherwise, without the prior permission of the publishers (Readers in the U.S.A. - please sea special regulations listed on back cover.)


th July 2020 - Fortress Energy – Fortress Energy

fortress interlocks brochure - hmbeng.com.au Interlocks/Fortress... · technical information including 2D autocad ... fortress interlocks brochure ... The system features patented

CRUISING DANUBE THROUGH HISTORY NATIONAL … · the largest lowland fortress in Europe. Cruising continues by passing near medieval fortress Ram, in the area where the Danube is the

Fortress Academy

Introduction - Augsburg Fortress · Introduction - Augsburg Fortress ... ,d] ] ]

Fortress fotoshoot

Fighting fortress

Fortress family astor

Smederevo fortress

Standards The Achievement Gap The Debate Continues

Data Fortress - Living Worlds Gameslivingworldsgames.com/.../11/Data-Fortress...Rules.pdfData Fortress A game by Nicholas Vitek Play Test Rules – 08/01/2010 Data Fortress represents

Team Fortress 2

fortress restoration_1A

FORTRESS GLOBAL ENTERPRISES INC. · Fortress Global Enterprises Inc. (formerly Fortress Paper Ltd.), (“we”, “our”, “us”, “Fortress” or the “Company”) is dated

Fortress Cuisine 03

Debate continues over Kensington Rune Stone / Russell W ...collections.mnhs.org/MNHistoryMagazine/articles/45/v45i04p149-151.pdfDebate Continues Over Kensington Rune Stone Russell

Fortress - Songbook

Death Fortress : Apocalypse

Fortress Square

Home | UMass AmherstTitle: Laozi Debate Continues Created Date: 20191007184338Z

Fortress Insurance Presentation

Fortress of_the_muslim_bangla

Gas versus charcoal barbecues – the debate continues

e intergenerational fairness debate continues Millennials could …cafinancial.co.uk/sites/default/files/clients/108/Your... · 2020-01-20 · e intergenerational fairness debate

fortress restoration_0

Digital fortress presentation

Fortress Programming Language Tutorial - Freestephane.ducasse.free.fr/.../Fortress-PLDITutorialSlides9Jun2006.pdf · Fortress Programming Language Tutorial Guy Steeleand Jan-Willem

chronic head trauma in athletes: the debate continues

New Yorkers Lost $2.2 Billion Because of NYISO Practices: The Debate Continues

Fortress Babel

Fortress Presentation

Fortress Jordan

Julie Nepveu - Dis. Impact the debate continues

Fortress D2L

The Debate Continues: Does the US Need a Strong Dollar Policy?