Check Point response to LuciData Security Bulletin

Overview:

On March 9th, LuciData (A Utimaco Certified Gold Partner) published a "security bulletin" entitled: "LuciData, Inc. successfully cracks a laptop encrypted with Pointsec full disk encryption on behalf of corporate client."

This Utimaco partner goes on to describe in their "security bulletin" a method to attack the FireWire protocol to access the RAM of a laptop or PC with FireWire port. It’s then possible to bypass the Windows authentication and log in as a local administrator gaining access to data.

Facts:

This is not a successful attack on the leading Pointsec full disk encryption product acquired by Check Point, but on the memory via FireWire port/protocol that impacts all software-based full disk encryption solutions not properly configured.

This Windows vulnerability has been a known issue for years, one of the original presentations by Adam Boileau (Sr. Security Consultant at Security Assessment.Com) at Ruxcon 2006.

The recommendations listed below will completely address this vulnerability and provide the strongest overall endpoint security.

Recommendations:

Check Point continues to recommend the following measures to eliminate this known threat and maintain the highest level of endpoint security:

• Disable IEEE 1394 (FireWire) ports in BIOS if not required
• Deploy a combination of Check Point Full Disk Encryption with Pre-Boot Authentication and Media Encryption/Port Management as the highest level of endpoint data security
• Deploy strong Check Point Firewall, Anti-Malware and VPN products to protect endpoint data in motion
• Maintain strong physical security practices for business computers
• Power down computers when not in use

Please contact your sales representative with any further questions on this subject.