Free open-source disk encryption

Introduction

TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted or decrypted right before it is loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc).

Files can be copied to and from a mounted TrueCrypt volume just like they are copied to/from any normal disk (for example, by simple drag-and-drop operations). Files are automatically being decrypted on the fly (in memory/RAM) while they are being read or copied from an encrypted TrueCrypt volume. Similarly, files that are being written or copied to the TrueCrypt volume are automatically being encrypted on the fly (right before they are written to the disk) in RAM. Note that this does not mean that the whole file that is to be encrypted/decrypted must be stored in RAM before it can be encrypted/decrypted. There are no extra memory (RAM) requirements for TrueCrypt. For an illustration of how this is accomplished, see the following paragraph.

Let's suppose that there is an .avi video file stored on a TrueCrypt volume (therefore, the video file is entirely encrypted). The user provides the correct password (and/or keyfile) and mounts (opens) the TrueCrypt volume. When the user double clicks the icon of the video file, the operating system launches the application associated with the file type – typically a media player. The media player then begins loading a small initial portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) in order to play it. While the portion is being loaded, TrueCrypt is automatically decrypting it (in RAM). The decrypted portion of the video (stored in RAM) is then played by the media player. While this portion is being played, the media player begins loading next small portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) and the process repeats. This process is called on-the-fly encryption/decryption and it works for all file types, not only for video files.

Note that TrueCrypt never saves any decrypted data to a disk – it only stores them temporarily in RAM (memory). Even when the volume is mounted, data stored in the volume is still encrypted. When you restart Windows or turn off your computer, the volume will be dismounted and files stored in it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), files stored in the volume are inaccessible (and encrypted). To make them accessible again, you have to mount the volume (and provide the correct password and/or keyfile).

Encryption Algorithms

TrueCrypt volumes can be encrypted using the following algorithms:

Algorithm	Designer(s)	Key Size (Bits)	Block Size (Bits)	Mode of Operation
AES	J. Daemen, V. Rijmen	256	128	XTS
Serpent	R. Anderson, E. Biham, L. Knudsen	256	128	XTS
Twofish	B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, N. Ferguson	256	128	XTS
AES-Twofish		256; 256	128	XTS
AES-Twofish-Serpent		256; 256; 256	128	XTS
Serpent-AES		256; 256	128	XTS
Serpent-Twofish-AES		256; 256; 256	128	XTS
Twofish-Serpent		256; 256	128	XTS

For information about XTS mode, please see the section Modes of Operation.

Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA) is also known as Dual Factor Authentication (DFA)

When you think of all that happens online and you consider all that goes on in the ‘networked’ world, you can start to appreciate the tremendous need for strong security measures to protect online assets, data and communications.

Authentication is the cornerstone of any vigilant network security solution. And the authentication method used to protect the vast majority (90+%!) of networks (user names and passwords) is a 50 year-old solution designed when there were no networks, no Internet… in fact, next to no computers!

Passwords suffer from a number of weaknesses that make them an ineffective security measure for your network - they are easy to steal, easy to hack and hard to remember. The result is both reduced network security and increased help-desk costs for resetting passwords.

Solving the problem = Dual Factor Authentication (DFA)

Dual Factor Authentication (DFA), also known as Two-Factor Authentication (2FA) is directly analogous to the way one ‘authenticates’ to an Banking Machine – you use something only you have (your unique bank card) and something only you know (your secret PIN) to identify yourself to the system.

It is very similar in the networked world, the ‘something only you have’ is a password-generating authenticator or token. The ‘something only you know’ is, again, a secret PIN.

Token = One-Time Passwords

Your token is your key to the network – it generates a new password every time you logon. Your PIN validates that you are the rightful owner of the token. You can choose from several varieties of tokens all of which do the same thing, they generate a new secure, random ‘One-Time Password’ for every logon. Anyone key-logging or shoulder surfing your password will have a worthless string of letters and numbers as the password will work once and only once. Next logon a new random, One-Time Password is generated.

This secure method of dual factor authentication (DFA) does what static passwords cannot, it gives you the confidence and peace-of-mind that a user logging on to the network, really is who he or she claims to be and not someone just using a stolen, lost or shared password.

We are a leader and innovator in Dual Factor Authentication (DFA) /& Two-Factor Authentication (2FA) with our multi-award winning server and managed services based solutions.

Most two-factor systems rely on a password or PIN and something else, but that "something else" varies widely. In some cases, the "something else" is your computer. The system takes a hardware and software snapshot of your computer configuration and uses that information to identify you. This approach has the advantage of being as simple as using a password. The disadvantages are that the system has to go snooping around in your computer to identify you, and this setup ties your "identity" to a single computer.

Windows' authentication architecture makes it easy to add new forms of authentication. Windows uses a DLL called Graphical Identification and Authentication (GINA) to connect the authentication method to the Windows authentication system. It's easy to write alternate DLLs for GINA, to use any authentication method the software designer wants.

FTester -- Firewall and IDS Testing tool

Description:

The Firewall Tester (FTester) is a tool designed for testing firewalls filtering policies and Intrusion Detection System (IDS) capabilities.

The tool consists of two perl scripts, a packet injector (ftest) and the listening sniffer (ftestd). The first script injects custom packets, defined in ftest.conf, with a signature in the data part while the sniffer listens for such marked packets. The scripts both write a log file which is in the same form for both scripts. A diff of the two produced files (ftest.log and ftestd.log) shows the packets that were unable to reach the sniffer due to filtering rules if these two scripts are ran on hosts placed on two different sides of a firewall. Stateful inspection firewalls are handled with the 'connection spoofing' option. A script called freport is also available for automatically parse the log files.

Of course this is not an automated process, ftest.conf must be crafted for every different situation. Examples and rules are included in the attached configuration file.

The IDS (Intrusion Detection System) testing feature can be used either with ftest only or with the additional support of ftestd for handling stateful inspection IDS, ftest can also use common IDS evasion techniques. Instead of using the configuration syntax currently the script can also process snort rule definition file.

These two scripts were written because I was tired of doing this by hand (with packet-crafting tools and tcpdump). I hope that you enjoy them.

Andrea Barisani andrea@inversepath.com

Features:

- firewall testing
- IDS testing
- simulation of real tcp connections for stateful inspection firewalls and IDS
- connection spoofing
- IP fragmentation / TCP segmentation
- IDS evasion techniques

Requirements:

The following perl modules are required: Net::RawIP, Net::PcapUtils, NetPacket

Download:

The most recent release is ftester-1.0.tar.gz
All releases at available at http://dev.inversepath.com/ftester.

Documentation:

Man page (ftester.8)
README
TISC Insight, Volume 5, Issue 6: Testing firewalls and IDS with Ftester

Virtualization With vmware

Transform your Business with Virtualization

Virtualization dramatically improves the efficiency and availability of resources and applications in your organization. Internal resources are underutilized under the old “one server, one application” model and IT admins spend too much time managing servers rather than innovating. An automated datacenter, built on a VMware virtualization platform, lets you respond to market dynamics faster and more efficiently than ever before. VMware vSphere delivers resources, applications—even servers—when and where they’re needed. VMware customers typically save 50-70% on overall IT costs by consolidating their resource pools and delivering highly available machines with VMware vSphere.

• Run multiple operating systems on a single computer including Windows, Linux and more.
• Let your Mac run Windows creating a virtual PC environment for all your Windows applications.
• Reduce capital costs by increasing energy efficiency and requiring less hardware and increasing your server to admin ratio
• Ensure your enterprise applications perform with the highest availability and performance
• Build up business continuity through improved disaster recovery solutions and deliver high availability throughout the datacenter
• Improve enterprise desktop management & control with faster deployment of desktops and fewer support calls due to application conflicts

What is Virtualization?

Virtualization is a proven software technology that is rapidly transforming the IT landscape and fundamentally changing the way that people compute. Today’s powerful x86 computer hardware was designed to run a single operating system and a single application. This leaves most machines vastly underutilized. Virtualization lets you run multiple virtual machines on a single physical machine, sharing the resources of that single computer across multiple environments. Different virtual machines can run different operating systems and multiple applications on the same physical computer. While others are leaping aboard the virtualization bandwagon now, VMware is the market leader in virtualization. Our technology is production-proven, used by more than 150,000 customers, including 100% of the Fortune 100.

How Does Virtualization Work?

The VMware virtualization platform is built on a business-ready architecture. Use software such as VMware vSphere and VMware ESXi (a free download) to transform or “virtualize” the hardware resources of an x86-based computer—including the CPU, RAM, hard disk and network controller—to create a fully functional virtual machine that can run its own operating system and applications just like a “real” computer. Each virtual machine contains a complete system, eliminating potential conflicts. VMware virtualization works by inserting a thin layer of software directly on the computer hardware or on a host operating system. This contains a virtual machine monitor or “hypervisor” that allocates hardware resources dynamically and transparently. Multiple operating systems run concurrently on a single physical computer and share hardware resources with each other. By encapsulating an entire machine, including CPU, memory, operating system, and network devices, a virtual machine is completely compatible with all standard x86 operating systems, applications, and device drivers. You can safely run several operating systems and applications at the same time on a single computer, with each having access to the resources it needs when it needs them.

Build your Datacenter on a Flexible Architecture

Virtualizing a single physical computer is just the beginning. With VMware vSphere, the industry's first cloud operating system, scales across hundreds of interconnected physical computers and storage devices to form an entire virtual infrastructure. You don’t need to assign servers, storage, or network bandwidth permanently to each application. Instead, your hardware resources are dynamically allocated when and where they’re needed. This “internal cloud” means your highest priority applications will always have the resources they need without wasting money on excess hardware only needed for peak times. The internal cloud can connect to an external cloud as well, giving your business the flexibility, availability and scalability it needs to thrive.

Manage your Resources with the Lowest TCO

It’s not just virtualization that’s important. You need the management tools to run those machines and the ability to run the wide selection of applications and infrastructure services your business depends on. VMware lets you increase service availability while eliminating error-prone manual tasks. IT operations are more efficient and effective with VMware virtualization. Your staff will handle double or triple the number of servers, giving users access to the services they need while retaining centralized control. Deliver built-in availability, security, and performance across the board, from the desktop to the datacenter.

Why Your Company Should Virtualize?

Virtualizing your IT infrastructure lets you reduce IT costs while increasing the efficiency, utilization, and flexibility of your existing assets. Around the world, companies of every size benefit from VMware virtualization. Thousands of organizations—including all of the Fortune 100—use VMware virtualization solutions. See how virtualizing 100% of your IT infrastructure will benefit your organization.

Top 5 Reasons to Adopt Virtualization Software

1. Get more out of your existing resources: Pool common infrastructure resources and break the legacy “one application to one server” model with server consolidation.
2. Reduce datacenter costs by reducing your physical infrastructure and improving your server to admin ratio: Fewer servers and related IT hardware means reduced real estate and reduced power and cooling requirements. Better management tools let you improve your server to admin ratio so personnel requirements are reduced as well.
3. Increase availability of hardware and applications for improved business continuity: Securely backup and migrate entire virtual environments with no interruption in service. Eliminate planned downtime and recover immediately from unplanned issues.
4. Gain operational flexibility: Respond to market changes with dynamic resource management, faster server provisioning and improved desktop and application deployment.
5. Improve desktop manageability and security: Deploy, manage and monitor secure desktop environments that users can access locally or remotely, with or without a network connection, on almost any standard desktop, laptop or tablet PC.

A virtual machine is a tightly isolated software container that can run its own operating systems and applications as if it were a physical computer. A virtual machine behaves exactly like a physical computer and contains it own virtual (ie, software-based) CPU, RAM hard disk and network interface card (NIC).

An operating system can’t tell the difference between a virtual machine and a physical machine, nor can applications or other computers on a network. Even the virtual machine thinks it is a “real” computer. Nevertheless, a virtual machine is composed entirely of software and contains no hardware components whatsoever. As a result, virtual machines offer a number of distinct advantages over physical hardware.

Virtual Machines Benefits

In general, VMware virtual machines possess four key characteristics that benefit the user:

• Compatibility: Virtual machines are compatible with all standard x86 computers
• Isolation: Virtual machines are isolated from each other as if physically separated
• Encapsulation: Virtual machines encapsulate a complete computing environment
• Hardware independence: Virtual machines run independently of underlying hardware