Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 280
  • Last Modified:

Are documents on a USB Thumb drive really secure???

I have a situation where I am haivng to view secure (Secret and Top Secret) documents , PDF's, .doc's, images... that are stored on a thumb drive or a cd.

My question is;

Once a file is opened from the CD or thumb drive, viewed edited or what ever I am going to do with it and the thumb drive is taken  or the CD ejected from the PC is there any way for someone to come along and view the file I was working on?

I know word creates temp files in the TEMP directory, do these temp files persist once the application is closed or I remove the memory stick?

Any thoughts/comments would be appreciated

J
0
salsipius
Asked:
salsipius
1 Solution
 
chris_calabreseCommented:
There will always be fragments of the files memory and/or the page/swap file.

Whether there will be other files depends on exactly what you did with the file when it was in the PC. Word, in particular, makes all kinds of backup and recovery files when you edit a document.

And since these are Secret and higher, you also have to consider the possibility that someone may have trojaned the machine to e.g. take a backup of anything on an inserted CD or thumb drive.

In short, you should not use these files on un-trusted machines (where trusted here implies all its Orange Book / Common Criteria meaning)
0
 
younghvCommented:
salsipius,
My civilian email address is in my profile.
Please contact me directly.
Thank you,

Vic
0
 
mahe2000Commented:
unfortunatelly windows allways let documents around temp directories
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
younghvCommented:
salsipius,
My civilian email account might be malfunctioning, but I still haven't heard from you.
Look at chris_calabrese's profile, then look at mine.

You need some really strong advice about what you are doing and you need to get it now.

0
 
ThinkPaperCommented:
Assuming it's government, normally you should be using approved thumbdrives only on approved computers.
For example, I am only allowed to use government-furnished (and approved) unclassified thumbdrives on unclassified government computers... and same goes for classified info - use government approved classified thumbdrives on classified government computers. This stuff should never be used on outside computers (or at home) and should never be taken home. This is basically the only best protection you can get.

Files that are temporarly opened do have temp files on the machine and are generally "gone" once you close it - but (not necessarily) there is always the chance of someone being able to access you system and access any files you have access to (or are currently accessing). Plus if you file fails to save, there's a chance a temp file is stored on your machine. So it's not always reliable.
This is why it's IMPORTANT that these files are being viewed on secure and approved machines (and this is a strict rule that needs to be adhered to). If you are not a Information Assurance guy or Security person - you shouldn't need to worry about anything else as long as you are following the basic rules.
0
 
TolomirAdministratorCommented:
I would use knoppix and use openoffice and acrobat reader to read these files.

Knoppix or also ubuntu is a live linux system without the need to install it before use, it can be just booted from a CD Rom - so the temp space is a pure ramdisk.

www.ubuntu.com
www.knoppix.org

This is how to mount the usb drive:
http://www.ubuntuforums.org/showthread.php?t=314400

Tolomir
0
 
younghvCommented:
Tolomir,
I swapped some emails with salsipius when this was posted and I think he has a good handle on the situation.

Would like to see him come in and close this out, though.


Vic
0
 
younghvCommented:
The emails were about Regulations dealing with the proper handling of Classified documents.
The bottom line is that no Classified document can be opened/viewed on any AIS (Automated Information System) that is not certified for the level of classification.


Vic
0
 
TolomirAdministratorCommented:
ACK

I did not made these rules, but we all have to keep them in mind.

Tolomir
0
 
younghvCommented:
Tolomir,
Understood - and a good rule.

As long as the AIS and the Media involved are handled IAW (In Accordance With) Regulations, everything is copecetic.

Anyone reading this who is not familiar with the Regulations should not be handling Classified documents.

Vic
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now