ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Local Encryption ... Why Not?

    Scheduled Pinned Locked Moved IT Discussion
    357 Posts 15 Posters 190.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @BRRABill
      last edited by

      @BRRABill said:

      You prove
      a) you require strong complex passwords and
      b) you required this password to unlock the encryption and
      c) the encryption was enabled

      This still relies on a judge's opinion, there is no hard ruling. It's also a moving target. Complex passwords are also the weak ones, that alone violates extremely basic security practices and should get facilities in trouble for not meeting basic, easy standards.

      How does one prove that encryption was enabled and what kind it was after a device has been exposed? How do you prove the password was hard enough to guess but not in any way stored with the device?

      BRRABillB 1 Reply Last reply Reply Quote 0
      • BRRABillB
        BRRABill @scottalanmiller
        last edited by

        @scottalanmiller said:

        Of course it would. Encryption doesn't stop access, it just slows it down. In the case of assumed 10K maximum passwords, it slows it down by only a few seconds.

        I did a few quick Google searches, and it appears you cannot use the password to decrypt it if the drive is not in the device. It has to be in the device.

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @BRRABill
          last edited by

          @BRRABill said:

          @Dashrender said:

          The law does not require PHI to be encrypted at rest.... only highly recommended by the OCR, not the law.

          Yes, but if you don't, you'd better have a good reason why not.

          Good luck getting a doctor to do that. Literally have never met a doctor or medical "professional" that would be willing to do anything like this. The discussions around here talk about what doctors won't do all of the time. Implementing things that they work around (putting passwords on the device or in the bag) are the same as not doing them at all. I'd rather show that I went beyond the level of security required rather than putting data at risk to do what "seemed likely to trick the judge."

          BRRABillB 1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @BRRABill
            last edited by

            @BRRABill said:

            I did a few quick Google searches, and it appears you cannot use the password to decrypt it if the drive is not in the device. It has to be in the device.

            I wonder how that works. What aspect of the device makes it work that way. Complex encrypted salt on another chip?

            BRRABillB DashrenderD 2 Replies Last reply Reply Quote 0
            • BRRABillB
              BRRABill @scottalanmiller
              last edited by

              @scottalanmiller said:

              How does one prove that encryption was enabled and what kind it was after a device has been exposed? How do you prove the password was hard enough to guess but not in any way stored with the device?

              In a facility like that (they are now over 1250 laptops with this, I saw in a difference article) it's all centrally monitored. Once the encryption is turned on, the users cannot turn it off. Same with me ... my single users cannot disable it.

              HIPAA is all about process. The process is to encrypt the drive before the user gets it. There is thus no way to turn off the encryption.

              scottalanmillerS 1 Reply Last reply Reply Quote 0
              • BRRABillB
                BRRABill @scottalanmiller
                last edited by

                @scottalanmiller said:

                I wonder how that works. What aspect of the device makes it work that way. Complex encrypted salt on another chip?

                http://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.html

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @BRRABill
                  last edited by

                  @BRRABill said:

                  HIPAA is all about process. The process is to encrypt the drive before the user gets it. There is thus no way to turn off the encryption.

                  You can show a process and that it would be a bit of a pain. But if I get one of your laptops, take it to Staples and ask them to upgrade the drive for me... would I not get a laptop, with zero technical knowledge, encryption removed, fully migrated?

                  BRRABillB 1 Reply Last reply Reply Quote 0
                  • BRRABillB
                    BRRABill @scottalanmiller
                    last edited by

                    @scottalanmiller said:

                    Good luck getting a doctor to do that. Literally have never met a doctor or medical "professional" that would be willing to do anything like this. The discussions around here talk about what doctors won't do all of the time. Implementing things that they work around (putting passwords on the device or in the bag) are the same as not doing them at all. I'd rather show that I went beyond the level of security required rather than putting data at risk to do what "seemed likely to trick the judge."

                    But here at ML we're always talking about educating the users.

                    Wouldn't it be an easier sell to have their staff enter a password upon reboot, then to have to totally change all their procedures to not store stuff on their laptops, which we also know they always do?

                    BRRABillB scottalanmillerS 2 Replies Last reply Reply Quote 0
                    • BRRABillB
                      BRRABill @scottalanmiller
                      last edited by

                      @scottalanmiller said:

                      You can show a process and that it would be a bit of a pain. But if I get one of your laptops, take it to Staples and ask them to upgrade the drive for me... would I not get a laptop, with zero technical knowledge, encryption removed, fully migrated?

                      No, the drive is not readable without the password. In fact, you can't even reformat the thing. It's useless.

                      If I pull the drive, the only way to access it in another machine is to install the ESC software, and unlock it with the username and password.

                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                      • BRRABillB
                        BRRABill @BRRABill
                        last edited by

                        @BRRABill said:

                        Wouldn't it be an easier sell to have their staff enter a password upon reboot, then to have to totally change all their procedures to not store stuff on their laptops, which we also know they always do?

                        Plus, even though there are risks (there's that word again!!!) to doing so, you could enable Bitlocker, and install the password into the TPM. No need for the staff to ever enter it. The drive would then be useless to thief outside of the server.

                        1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @BRRABill
                          last edited by

                          @BRRABill said:

                          @scottalanmiller said:

                          I wonder how that works. What aspect of the device makes it work that way. Complex encrypted salt on another chip?

                          http://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.html

                          I consider 30 minutes to crack pretty trivial.

                          (Apple pegs such cracking attempts at 5 1/2 years for a random 6-character password consisting of lowercase letters and numbers. PINs will obviously take much less time, sometimes as little as half an hour. Choose a good passphrase!)

                          BRRABillB 1 Reply Last reply Reply Quote 0
                          • BRRABillB
                            BRRABill @scottalanmiller
                            last edited by

                            @scottalanmiller said:

                            (Apple pegs such cracking attempts at 5 1/2 years for a random 6-character password consisting of lowercase letters and numbers. PINs will obviously take much less time, sometimes as little as half an hour. Choose a good passphrase!)

                            That's assuming you don't have your device set up to wipe after 10 attempts.

                            The article was demonstrating (I think?) that you cannot do anything to the drive if you pull it from the iPad or iPhone. Isn't that was we were wondering about?

                            scottalanmillerS 1 Reply Last reply Reply Quote 1
                            • scottalanmillerS
                              scottalanmiller @BRRABill
                              last edited by

                              @BRRABill said:

                              @scottalanmiller said:

                              Good luck getting a doctor to do that. Literally have never met a doctor or medical "professional" that would be willing to do anything like this. The discussions around here talk about what doctors won't do all of the time. Implementing things that they work around (putting passwords on the device or in the bag) are the same as not doing them at all. I'd rather show that I went beyond the level of security required rather than putting data at risk to do what "seemed likely to trick the judge."

                              But here at ML we're always talking about educating the users.

                              Wouldn't it be an easier sell to have their staff enter a password upon reboot, then to have to totally change all their procedures to not store stuff on their laptops, which we also know they always do?

                              I doubt it. Users are already used to not storing stuff on their laptops. Move to Chromebooks and they can't store stuff there. The NJ medical guy's personal opinion that he can't stop people storing stuff is just because he doesn't know how to manage his systems. Stopping local storage is not hard if you want to do it. It will happen automatically in a lot of cases. No one in my in laws store locally and I didn't even have to educate them. Just showed them new devices and they glommed onto the ease of use never realizing how they just became more protected and more secure.

                              1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @BRRABill
                                last edited by

                                @BRRABill said:

                                @scottalanmiller said:

                                You can show a process and that it would be a bit of a pain. But if I get one of your laptops, take it to Staples and ask them to upgrade the drive for me... would I not get a laptop, with zero technical knowledge, encryption removed, fully migrated?

                                No, the drive is not readable without the password. In fact, you can't even reformat the thing. It's useless.

                                If I pull the drive, the only way to access it in another machine is to install the ESC software, and unlock it with the username and password.

                                But I don't need to do that, right? Just back it up from inside the running OS unencrypted and the encryption isn't on at the time of the data being pulled. right?

                                BRRABillB 1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @BRRABill
                                  last edited by

                                  @BRRABill said:

                                  @scottalanmiller said:

                                  (Apple pegs such cracking attempts at 5 1/2 years for a random 6-character password consisting of lowercase letters and numbers. PINs will obviously take much less time, sometimes as little as half an hour. Choose a good passphrase!)

                                  That's assuming you don't have your device set up to wipe after 10 attempts.

                                  The article was demonstrating (I think?) that you cannot do anything to the drive if you pull it from the iPad or iPhone. Isn't that was we were wondering about?

                                  That was, I thought, the time to decrypt after you pulled it from the device. That's your "uncrackable" time.

                                  BRRABillB 1 Reply Last reply Reply Quote 0
                                  • BRRABillB
                                    BRRABill @scottalanmiller
                                    last edited by

                                    @scottalanmiller said:

                                    But I don't need to do that, right? Just back it up from inside the running OS unencrypted and the encryption isn't on at the time of the data being pulled. right?

                                    The server is protected by a strong password. How are you going to get access to it?

                                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @BRRABill
                                      last edited by

                                      @BRRABill said:

                                      @scottalanmiller said:

                                      But I don't need to do that, right? Just back it up from inside the running OS unencrypted and the encryption isn't on at the time of the data being pulled. right?

                                      The server is protected by a strong password. How are you going to get access to it?

                                      We are talking about end user devices, right? Or servers too?

                                      If we are talking about a server and assuming that it cannot be accessed, what is the purpose of the encryption?

                                      BRRABillB 1 Reply Last reply Reply Quote 0
                                      • BRRABillB
                                        BRRABill @scottalanmiller
                                        last edited by

                                        @scottalanmiller said:

                                        That was, I thought, the time to decrypt after you pulled it from the device. That's your "uncrackable" time.

                                        I read that as you could not do any encryption without the device itself.

                                        From Apple:
                                        "The UID allows data to be cryptographically tied to a particular device. For example,
                                        the key hierarchy protecting the file system includes the UID, so if the memory chips
                                        are physically moved from one device to another, the files are inaccessible. The UID is
                                        not related to any other identifier on the device."

                                        1 Reply Last reply Reply Quote 0
                                        • BRRABillB
                                          BRRABill @scottalanmiller
                                          last edited by

                                          @scottalanmiller said:

                                          We are talking about end user devices, right? Or servers too?

                                          If we are talking about a server and assuming that it cannot be accessed, what is the purpose of the encryption?

                                          Well, we could be talking about either.

                                          End users devices I say should always be encrypted.

                                          Devices we can lock down, I can see your argument a little bit more. In that it was behind three locked door with a security system.

                                          But there are still ways around it. For example, our landlord has keys to every door in my office. THey might let a cledaning crew it, etc. etc., etc..

                                          BRRABillB 1 Reply Last reply Reply Quote 0
                                          • BRRABillB
                                            BRRABill @BRRABill
                                            last edited by

                                            @BRRABill said:

                                            Well, we could be talking about either.

                                            Though like I think I said I agree 100% they are definitely different use cases here.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 17
                                            • 18
                                            • 4 / 18
                                            • First post
                                              Last post