True Crypt / Crypto-ware / Firewalls
True Crypt / Crypto-ware / Firewalls
For starters, Back about 7 years ago I jumped on the TrueCrypt bandwagon and fell in love with it. I mainly used it for removable media that had company specific data/programs/passwords on it that traveled with me frequently so in case it was lost or stolen, the data therein wouldn't be compromised. After joining a new company and trying to reinstall TrueCrypt on my new company PC (I'm in IT so its cool) and to view my encrypted drive, I see a firestorm has happened since I last viewed any TrueCrypt site and they have been essentially booted from the internet. I'm not a fan of CNET or download.com since anyone can load software to it and its hard to say exactly what you are getting out of it. But even the "save TrueCrypt" page seen here: https://www.grc.com/misc/truecrypt/truecrypt.htm even seems sketchy. Since I cannot really verify this site nor any of the others out there, how do I avoid getting a version of this without a potential virus packing along with it? I have downloaded the newest version from the site above in a sandbox and scanned with a few programs and all show it fine. Does anyone have any information on the downfall of TrueCrypt that isn't on the first page of a Google search and can verify that there is a version to use, virus free, to unlock an old TrueCrypt volume?
Next on the chopping block, Crypto-ware and firewalls. I'm am both grateful and appalled by it. Let me clarify that I am only grateful because it helped me land my current job. The company I now work for was hit hard by a crypto-nasty and were looking for more of a network minded individual to help shore up defenses. After landing this job I am firmly back on the anti-crypto side of the fence and am trying to get as tight of a grip on security here as possible. The current FW in play here is a Watchguard XTM505 which is about to enter EOL so I have a two fold reason for upgrading. Im heavily leaning towards a Baraccuda X400 but Watchguard has some serious savings on the table if I would up to one of their beefier models. Are there any admins of either of these here that could weigh in what they feel about their preferred product? I have been on the horn with both companies numerous times so I know what they offer but am looking for a users perspective as well. Any other options are welcome as well. I have been flirting with Cisco. And yes the appliances are sized correctly for our budget/bandwidth/user base.
Crypto-ware can get in from a variety of methods. The most prevalent I have seen is via email. At my last job I had email on lock-down with each user schooled in what to look for and knew to contact me upon the receipt of a sketchy email. Here at the new digs, whatever Watchguard isn't catching is being directed to a Trend Micro email scanning service which seems flaky to me on what they both deem bogus emails. Just in the month I have been here there has been two people forward me bad emails asking what they were and why they got them. I was the entire IT dept at my last job of about 150 people so I could easily implement whatever I wanted for security's sake. Here I am one of 4, not in charge of the Exchange server or the current FW, but will likely be of the new one. Outside of tidying up the mail getting through and getting internet access to only those who need it and to only the sites they need, do any of you have any recommendations on how to avoid or combat these horrible virus/trojans? We do have multiple redundant backups both off and on site which is how they were able to recover last time. I have read about a few scripts that will allow you to watch file extension on the file server and alert you when there is mass change but that seems not very proactive. Thoughts and comments?
Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.