ad-assurance - RE: [AD-Assurance] Quick notes from the 10/4/2013 AD Assurance call
Subject: Meeting the InCommon Assurance profile criteria using Active Directory
List archive
- From: "Michael W. Brogan" <>
- To: "" <>
- Subject: RE: [AD-Assurance] Quick notes from the 10/4/2013 AD Assurance call
- Date: Fri, 4 Oct 2013 21:36:44 +0000
- Accept-language: en-US
|
The syskey encryption process has been reverse engineered. See http://moyix.blogspot.com/2008/02/syskey-and-sam.html . This analysis indicates that RC4 is used
for encryption. --Michael From: [mailto:]
On Behalf Of Capehart,Jeffrey D It seems many of us originally thought the encryption was supposed to protect the password store in case the server got hacked. Do we need to explicitly state
that is not the intent of this requirement? The physical security and other controls (patching, limiting access, etc.), are already required as good practice. And yes, while it would be ideal that a
hacker can’t steal your password database because it is encrypted, the system has to be able to read it somehow. And if the system can read it, then a hacker who can compromise the system can probably figure out how to do that too. So, from a technology
standpoint, it is probably impossible to encrypt the data so that a compromised machine won’t expose the passwords. Having terrific physical security would tend to make an IT person think that Bitlocker is unnecessary and thus hard to convince to add it “just
in case the server is lost/stolen”. That said, it does still seem like we are only requiring Bitlocker to meet the “Approved Algorithm” portion. In essence, encrypting the whole disk just to
make sure the passwords are encrypted with an approved algorithm. If Microsoft thinks syskey provides the same level of protection (or better) than Bitlocker, maybe they could write up the alternative means statement. Somehow, though, I don’t think we will
be reassured just because the algorithm is not published and therefore is “secure”. -Jeff C. From:
[]
On Behalf Of David Walker Good point. I was just quoting Joe, but quiescence is really a non-issue. In the notes related to section 4.1.2 I think the threat being addressed is “theft of disks.” The disk encryption control we recommend is effective against theft of disks no matter if the system is quiescent
or active. From what we’ve learned there are never decrypted copies of passwords on the disk.
|
- [AD-Assurance] Quick notes from the 10/4/2013 AD Assurance call, David Walker, 10/04/2013
- RE: [AD-Assurance] Quick notes from the 10/4/2013 AD Assurance call, Michael W. Brogan, 10/04/2013
- Re: [AD-Assurance] Quick notes from the 10/4/2013 AD Assurance call, David Walker, 10/04/2013
- RE: [AD-Assurance] Quick notes from the 10/4/2013 AD Assurance call, Capehart,Jeffrey D, 10/04/2013
- RE: [AD-Assurance] Quick notes from the 10/4/2013 AD Assurance call, Michael W. Brogan, 10/04/2013
- Re: [AD-Assurance] Quick notes from the 10/4/2013 AD Assurance call, David Walker, 10/04/2013
- RE: [AD-Assurance] Quick notes from the 10/4/2013 AD Assurance call, Ron Thielen, 10/04/2013
- RE: [AD-Assurance] Quick notes from the 10/4/2013 AD Assurance call, Capehart,Jeffrey D, 10/04/2013
- Re: [AD-Assurance] Quick notes from the 10/4/2013 AD Assurance call, David Walker, 10/04/2013
- RE: [AD-Assurance] Quick notes from the 10/4/2013 AD Assurance call, Eric Goodman, 10/04/2013
- Re: [AD-Assurance] Quick notes from the 10/4/2013 AD Assurance call, David Walker, 10/04/2013
- RE: [AD-Assurance] Quick notes from the 10/4/2013 AD Assurance call, Michael W. Brogan, 10/04/2013
Archive powered by MHonArc 2.6.16.