According to the Computer Security Institute's 2003 Computer Crime and Security Survey, theft of private or proprietary information created the greatest financial losses for the survey respondents. If you are a medical institution, government agency, or financial institution, information theft can result in violation of patient privacy regulations, loss of customer credit card numbers, unauthorized financial transactions, or disclosure of national security secrets.
While all computers are vulnerable to information theft, laptops are particularly vulnerable due to their portability and ease of theft. Most servers are locked in racks in data centers, however laptops are typically left out on desks where access is easy. If an office visitor walked out of the office with a laptop under his or her arm, an unknowing receptionist would likely expect that it was the visitor's own laptop and not question it. If your laptop was stolen, you'd want it back. The CyberAngel�, made by CyberAngel Security Solutions (CSS), is a product that claims to locate stolen laptops and return them to you. Their recovery rate on returning stolen and lost laptops to folks who have licensed their software is 88 percent. Relevant Technologies took the CyberAngel� into our labs to see if version 3.0 qualified for our acceptability rating.
The CyberAngel was easy to install, and the entire installation took less than ten minutes, including the time it took to reboot the test system. With version 3.0, the CyberAngel includes a new stealthy, secure drive that is protected by strong encryption. The secure drive is a logical drive protected by strong encryption where you can put all your confidential and classified information. During the installation process, you are prompted to select an encryption algorithm to use to protect your secure drive. The choices available are:
* Rijndael 128 bit
* Rijndael 256 bit
* Blowfish 128 bit
* Blowfish 448 bit
* Twofish 128 bit
* Twofish 256 bit
* DES 128
* DES 56
The nice thing about the installation program is that it provides you with background information on each of the encryption algorithms to better assist you in making your decision on which one to select. Government agencies will like the fact that the NIST AES standard is supported.
After the CyberAngel finished installing, we began testing the secure protected drive by inserting some would-be confidential information (a spreadsheet called PatientRecords.xls), to see if an unauthorized user could access it. To pose as an unauthorized user, we rebooted the system, and failed to provide the correct logon password after reboot. The secure drive was not visible in any way, and when we poked around on the laptop to try to find it, we couldn't find any signs of it, or the spreadsheet dubbed PatientRecords.xls. We then rebooted the system and inserted the correct password, and voila, our secure drive and spreadsheet was back. Between when we inserted the wrong password, rebooted, and inserted the right password, an alert had already been e-mailed to us notifying us that someone had attempted to use the test laptop without proper authorization. We were sent the 24 x 7, 800 number to call at the CyberAngel Security Monitoring Center if we suspected that the laptop had been stolen.
When the alert e-mail was mailed to us, it included a "Created" timestamp, but not a "Sent" timestamp. We're not sure why the CyberAngel monitoring server did not register a "Sent" timestamp with the messaging server, however, in the body of the e-mail, it did include a correct timestamp of the unauthorized access. This seems to be a problem that is trivial at best, though we'd like to see it fixed in the next version.
When using the secure drive, you need to actually "move" your files into the drive to make them secure. Leaving a copy of the file on your insecure drive will defeat the purpose of using the secure drive. For documents that you'd like to keep secret, you'll have to be sure that temporary and recovery files are also kept in the secure
drive. For Microsoft Word or Excel, this is easy enough to do by going into the Tools ? Options menu and modifying the default path for the AutoRecover and Documents directories.
Table 1. Corporate Information
| Vendor | CyberAngel Security Solutions, Inc. |
| Headquarters | 475 Metroplex Drive, Suite 104, Nashville, TN 37211 |
| Product | The CyberAngel |
| Customer Scope | Financial, Government Agencies, Medical Establishments |
| Industry Focus | Security for laptops and confidential information |
| Key Features | Laptop recovery software, secure encrypted drive, 24 x 7 unauthorized access alert service, configuration manager |
| Site | thecyberangel.com |
| Contact Information | 800-501-4344 |
0 comments:
Post a Comment