Slashdot Mirror
Biometric Thumb Drives?
osopolar asks: "I work as a security analyst for a 10 billion dollar bank and we are currently looking for biometric thumb drives as emergency backup/recovery solutions for our local branches. We do not have IT people at every branch so the backup must be done by a branch manager, so the device needs to be easy to use. How would you backup information securely? What thumb drives do you recommend?"
It should always be "something you have" and "something you know", so, in addition to removing your thumb, they also need to remove your brain.
You work for a '10 billions dollar' business that can't afford enough IT staff in its branches and gets hardware recommendations from 'ask slashdot'?
http://milkshake.dexy.org
No offense really intended, but the question is too vague and too open-ended to really be answered well here and it's that lack of specificity that makes me worry a bit about your qualifications for the position you're in. By all means, please, bring in outside help for any situation that you need advice on -- for the sake of your employer and customers, but slashdot is not the best place for high-quality, industrial grade advice that you should hang your hat, job, and other people's money on. That having been said, what exactly are you trying to back up? How frequently does it need to be done? How quickly? How will restores be handled -- who will do them, when and why? What are the demands of the media? Does it need to be simply stored on site or will it be transported? How (mailing? courier?) Would a networked option work for backing up? If not, why not?
That's just a start to the questions that are really unanswered (and need to be) for anyone to answer your question "How would you backup information securely?" It sounds like you think a thumb-drive will be an acceptable answer to you, but it's unclear why you've settled on that...What makes such a system better than a well scripted encryption scheme and commodity media (anything from CD-Rs to removable tape or hard disks?)
Without knowing the specifics, any answer would be incomplete at best, shooting blind at worst...
That's why you uxe multifactor security.
Yeah, thumb drives, there's an idea.
No, wait, gotta sex it up....
Thumb Drives with Biometrics!
Riiiggghhhttt......
Honey, yer wastin' yours & everyone ele's time with this DOA idea.
Encryption? At the source. Not some lame-ass "biometric" solution grafted onto a thumb drive, if some crazy Pacific Rim factory has pumped out such an inane idea yet . Then who gives a rats ass, your 1 GB, or 2 GB, or whatever, is properly encrypted. But if that's your local branch's disaster recovery strategy well, I'm scared.
For the sake of all of our investments please post your employer, so we can all move our funds to some other 10 billion dollar business that has legitmate disaster recovery strategies.
Hey Cliff, was there REALLY nothing better in the "Ask Slashdot" queue?!
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
Fist off asking slashdot is a fantasist idea you might get an off the wall idea as it to follow or just some good general advice. Being vague might just be a problem with and NDA. Paying some one or going only with in your own department you are only going to get what is familiar, which is not the best answer.
Now as for the biometric key drives in personally research they do not provide enough protection to secure such data.
What I would suggest is just a portable USB hard drive. With all the data encrypted using a key generated from the unique serial numbers on the computer and an additional random generated number stored on a key such as this one (http://www.marx.com/en/products.php) or just any public key, each branch could also have one key with the privet key to decrypt the data in case they need to recover it locked in a vault preferably requiring at lest 2 different people to access this key since (if you are in a bank as you say this should not be that hard to arrange) they would never need this key unless they were doing a recovery and you could also key one at a central site incase of an unforeseen events or not, but I suspect if they ever loses theirs you would just replace the entire set (though you would have a much bigger problem on your hands I would think).
Seeing as there small key has 4kb of storage using a large key with AES (probably SHA-512 or again what ever tickles you) would keep your data pretty safe or at lest the government would think so.
The only other thing I would recommend in keeping 2 backups in 2 completely different locations, people do walk off with stuff, or more politely they misplace things.
Hope this helps or gives you some ideas, I am just babbling a little from things I have done. Post if you have a question or want to strike up a conversation.
Injoy
I have to agree with some of the other posters, this biometric thumb drive idea just smells horribly of a poorly thought out plan that is destined to fail catastrophically when your company either makes it into a money sink that never works out properly, or a poor implementation leads to sensitive data being stolen.
There are a number of reasons that it just seems like a strange a bad idea to me, but here are some of the most obvious things that pop into my head:
Firstly, thumb drives seem to be just now getting up into the 2GB range. I'm sure you could find larger ones if you looked, but the largest drive I was able to find with a google search for "thumb drive biometric authentication" was 2GB - and that devices wasn't exactly secure, since the biometric authentication could be overridden by a password. Now, the thing about it is, what sort of data do you have only 2GB of that is so vital as to require it's own backup system? Furthermore, what data do you have that is so vital that it requires it's own special backup system with biometric authentication, and is not vital enough that you aren't already hosting it on some machine with a RAID and nightly backups to tape. Most data that people need to back up now days tends to be stored in a database, which are going to log the hell out of everything, plus have multiple backups- onsite and off site. The idea of some 10 billion dollar banking institution having all of their local branches running their systems on a local access database, and a bank manager backing up the database file to a thumb drive every night would be frightening if it wasn't so absurd.
The second big thing that jumps out at me is the fact that biometrics really aren't all that secure. Many finger/thumb print recognition systems can be defeated with a gummibear; and I've never seen any sort of thumb drive with a built in retinal scanner.
Famous Last Words: "hmm...wikipedia says it's edible"
Why is your bank even keeping data at its branches?
Get your $10,000,000,000 company to establish multiple redundant secure datacenters that the branches connect to using point to point connections along with strong encryption. No Internet connectivity... just centralized data storage in multiple places. I wouldn't even dream of allowing a branch manager access to infrastructure or data storage, six letters popped into my head... OMFG NO!
When a tornado comes along and wipes a branch office off the map - wtf is a thumbdrive going to be useful when the manager's thumb is nowhere to be found?
Your company rolls in a trailer with teller machines and Satellite feeds for data connections to the data center - and your customers' information is still safe in the central location and accessible the next day, even while they're still trying to ID the manager's corpse.
1) To answer you question: Trek makes one that doesn't require external drivers. But it's only up to 512k and USB 1.1, and I can't find any indication to see if it actually encrypts the info. (My bet: no)
2) What kind of "security analyst for a 10 billion dollar bank" are you, and can you be put in a room with the rest of us who are answering this question that we might have a chance to kill you, take your salary and put an untrained monkey in your job?
3) Or are you just being clever and trolling for answers to a stupid idea your VP had?
If it's the last one:
Why Biometric? Biometrics are awful security. Terrible terrible terrible. The only advantage they have is, when it actually works, it works and a person doesn't have to think about it. And that's one of it's problems: People should be thinking about security. After that, it's less reliable than passwords (which have a 100% pass/fail reliability) and the whole issue of not being able to change your biometrics. If someone figures out how to fake my thumb, my whole life is fucking over. I can't get new thumbs. (or a new face or whatever). And the other stuff that's been talked about ad nauseam.
Biometric thumb drives are even worse because it anyone who wants what's "protected" on it just has to steal the thing. Given physical access to the device, it's trivial to circumvent the biometrics.
What information at individual branches is important that needs to be backed up? And why the hell isn't it being done already, and off site? Seriously. You're a "10 billion dollar bank" You should have private data lines between your branches and central computers.
And lastly, under what circumstances would you want backups done by unskilled people? I mean C'mon. Are you telling me that you don't know that these guys are the weakest link in your security anyway?
A better security idea would be to automate your backups through your private lines and disable all access to removable media drives in your whole company. Why you'd allow someone to be able to connect a USB drive to a computer that has access to information that needs to be protected makes my nerve endings hurt.
Okay, banks deal with money and businesses. Businesses being their main source of profit. How is it that a bank can see it as okay to not have an IT infrastructure that, at the very least, has a steady backup regimine?!?!? The answer is not finding some new gadget that'll let the branch manager wing it. The answer is to either have IT personnel available for such matters or to train existing personnel to do the job correctly. Backup is no insignificant endeavor and shouldn't be treated as such. What bank is this? I a) want their business and b) don't want to give them mine.
Well, see, this is what happens when you don't take an idea to the extreme. What your bank manager really needs is a drive actually implanted in his thumb, so he can't lose it, and keyed to him biometrically, so it wouldn't be quite so easy to nip off his thumb and steal the data.
Although, if you had a USB port in your thumb, it would make it hard to type, so better make it a toe drive. Make sure your toe drive is bootable! I'm sure the creative minds here at slashdot can think of other more pedestrian uses for a toe drive.
It's not offtopic, dumbass. It's orthogonal.
"I work as a security analyst for a 10 billion dollar bank .... How would you backup information securely?"
*heads to google*
*pulls up information on finance sector*
*attempts to cross-reference all companie market caps between $8B and $12B with list of bank accounts in file cabinet*
*cancels all matches*
*orders credit watch service for credit report*
*shakes head, weeps gently*
*suddenly realizes, not all banks are publically traded*
*mutters obscenities*
*cancels all accounts just to be safe, renounces materialism, heads to mountain cabin in woods*
*later, is eaten by wolves*
One biometric thumb drive I tested had no actual security. The windows driver would ask it if it was authenticated and if no, would deny access. In Linux, it looked like a standard drive and 100% of the 'secured' data was trivially accessable with no authentication.
Another I evaluated did only slightly better. When in the unauthenticated state, it would report 10 sectors capacity rather than 8000 (OK so far). When authenticated, it reported all 8000. However, I then tried accessing sectors 10-8000 using raw SCSI commands while unauthenticated, and it LET ME DO IT! The 'secured' data was 100% available with no authentication. In fairness, when I noted this, the manufacturer sent me a one off that did it right but I don't know if they ever put those changes into their production model.
Yet another actually denied access to the blocks when unauthenticated, but when the admin recovery procedure was used, it only erased the partition table. So all I had to do was 'recover' admin access then write in a reasonable partition table. All of the old data was available.
I never got around to cracking them open to see if I could bypass the drive emulation and dump the raw flash memory.
There MIGHT be a few drives that actually ARE secure, but too many of them are toys.