Monday, January 19, 2009

Dban

Dban is a utility that permits you to securely wipe the contents of entire hard drives. You can use it to wipe data off the corporate laptop that you are returning to your employer, a hard drive that you plan to dispose off or your hard drive that you plan to reinstall the OS on because it is infected with malware. You can download the CD, DVD, diskette or USB flash drive versions for whatever your needs.
Boot up using Dban. When you see the menu, type in "autonuke" at the boot prompt. This is the easiest mode to use. Once you've pressed "Enter" key, Dban goes about its business and does not require any further interaction from the user. Viola! Simple as ABC. Patience is required as wiping is not a speedy process. Time taken to wipe a whole drive varies depending on the wiping method selected and the size of the drive.

For advanced users, you may opt for other wiping methods by pressing on "F3". The DoD 5220.22-M method and the Gutmann* methods are quite time consuming.

Active computer forensic guru conducted independent research and arrives at the conclusion that a single drive wipe makes data impossible to recover.

* From personal experience, Dban took 2 days to wipe my 40GB hard drive using the Gutmann method.

Saturday, January 10, 2009

TKIP vs AES

Almost everyone I know deploy wireless networks at home and I'm not surprised because wireless is convenient. What wasn't explained to them by vendors is that wireless is less secure and reliable as compared to wired connections.
Reliability isn't high on the list of priorities for home users but security should be. I just found out what the difference between TKIP and AES encryption options was. TKIP was offered as a short-term solution to improve upon the weak security offered by WEP. AES is the more robust and preferred choice. However, older hardware may not offer AES because it requires more resources for cryptographic computations thus some vendors make their equipment backward compatible with TKIP.
Utilise AES when using either WPA or WPA2 in your environment. However, AES is not supported by all hardware and users might still be forced to rely on TKIP. In light of hardware limitations, the workaround solution is to lower TKIP renewal timings to any value lower than 120 seconds.