secure data export

secure data export

Moish moish at mln.co.il
Fri Jun 24 12:23:00 IDT 2011 

On 23/06/2011 23:35, Orna Agmon Ben-Yehuda wrote:
> Hello all security experts,
>
> I would like to export data from a machine on a business's internal
> network on a safe media, such that only the files I want exported are on
> the media. Specifically, I consider the possibility that the machine may
> already be infected by a malware which adds business-sensitive data to
> all outgoing media, and would like to defend against such a theoretical
> malware. The question may be limited to text files.
>
> Things already considered:
> *The media is a CD, which will be written and then finalized. No USB
> devices.
> *An artificial file will be added to the data file, to fill the media as
> much as possible. This, however, leaves a part of the disk capacity
> unused - the part used for the structure table (what used to be FAT),
> which is a place where additional data can hide.
> *The CD will be read in two different machines, with two different
> operating systems. One of the systems will be a bootable linux disk, to
> preserve its (hopefully) initial not-infected status. The listing of
> files will be performed including hidden files (ls -la in Linux). The
> person who wrote the files will read them, to verify they contain the
> correct information.
>
> Questions:
> What else should I do?
> What about a malware compressing the data, using the extra space for
> additional data?
> If I compress the data to avoid further compression, how can the person
> verify it contains exactly what it should?
> What can I not defend against?
> Are such malware as I imagine known? For Linux? Windows?
>
> Thanks for considering the problem,
> --
> Orna Agmon Ben-Yehuda.
> http://ladypine.org
>
>
>
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


You describe a completely untrusted system.
Print the documents, seriously.
Convert them back to digital media by OCR or just re-typing.

Counting words, computing "correct" size - all can be compromised
by infected file system.
If you can verify the original files on the source machine then
the problem is solvable - take the disk, physically, to a safe machine.
Don't mount it remotely.


-- 
Moish

More information about the Linux-il mailing list