Solved

Are documents on a USB Thumb drive really secure???

Posted on 2006-10-30
12
270 Views
Last Modified: 2010-04-11
I have a situation where I am haivng to view secure (Secret and Top Secret) documents , PDF's, .doc's, images... that are stored on a thumb drive or a cd.

My question is;

Once a file is opened from the CD or thumb drive, viewed edited or what ever I am going to do with it and the thumb drive is taken  or the CD ejected from the PC is there any way for someone to come along and view the file I was working on?

I know word creates temp files in the TEMP directory, do these temp files persist once the application is closed or I remove the memory stick?

Any thoughts/comments would be appreciated

J
0
Comment
Question by:salsipius
12 Comments
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 17836456
There will always be fragments of the files memory and/or the page/swap file.

Whether there will be other files depends on exactly what you did with the file when it was in the PC. Word, in particular, makes all kinds of backup and recovery files when you edit a document.

And since these are Secret and higher, you also have to consider the possibility that someone may have trojaned the machine to e.g. take a backup of anything on an inserted CD or thumb drive.

In short, you should not use these files on un-trusted machines (where trusted here implies all its Orange Book / Common Criteria meaning)
0
 
LVL 38

Expert Comment

by:younghv
ID: 17841703
salsipius,
My civilian email address is in my profile.
Please contact me directly.
Thank you,

Vic
0
 
LVL 3

Expert Comment

by:mahe2000
ID: 17842892
unfortunatelly windows allways let documents around temp directories
0
 
LVL 38

Expert Comment

by:younghv
ID: 17843113
salsipius,
My civilian email account might be malfunctioning, but I still haven't heard from you.
Look at chris_calabrese's profile, then look at mine.

You need some really strong advice about what you are doing and you need to get it now.

0
 
LVL 16

Expert Comment

by:ThinkPaper
ID: 17933217
Assuming it's government, normally you should be using approved thumbdrives only on approved computers.
For example, I am only allowed to use government-furnished (and approved) unclassified thumbdrives on unclassified government computers... and same goes for classified info - use government approved classified thumbdrives on classified government computers. This stuff should never be used on outside computers (or at home) and should never be taken home. This is basically the only best protection you can get.

Files that are temporarly opened do have temp files on the machine and are generally "gone" once you close it - but (not necessarily) there is always the chance of someone being able to access you system and access any files you have access to (or are currently accessing). Plus if you file fails to save, there's a chance a temp file is stored on your machine. So it's not always reliable.
This is why it's IMPORTANT that these files are being viewed on secure and approved machines (and this is a strict rule that needs to be adhered to). If you are not a Information Assurance guy or Security person - you shouldn't need to worry about anything else as long as you are following the basic rules.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 27

Expert Comment

by:Tolomir
ID: 18108489
I would use knoppix and use openoffice and acrobat reader to read these files.

Knoppix or also ubuntu is a live linux system without the need to install it before use, it can be just booted from a CD Rom - so the temp space is a pure ramdisk.

www.ubuntu.com
www.knoppix.org

This is how to mount the usb drive:
http://www.ubuntuforums.org/showthread.php?t=314400

Tolomir
0
 
LVL 38

Expert Comment

by:younghv
ID: 18230523
Tolomir,
I swapped some emails with salsipius when this was posted and I think he has a good handle on the situation.

Would like to see him come in and close this out, though.


Vic
0
 
LVL 38

Expert Comment

by:younghv
ID: 18234422
The emails were about Regulations dealing with the proper handling of Classified documents.
The bottom line is that no Classified document can be opened/viewed on any AIS (Automated Information System) that is not certified for the level of classification.


Vic
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 18234491
ACK

I did not made these rules, but we all have to keep them in mind.

Tolomir
0
 
LVL 38

Accepted Solution

by:
younghv earned 500 total points
ID: 18234876
Tolomir,
Understood - and a good rule.

As long as the AIS and the Media involved are handled IAW (In Accordance With) Regulations, everything is copecetic.

Anyone reading this who is not familiar with the Regulations should not be handling Classified documents.

Vic
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Join & Write a Comment

Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now