Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

True Crypt / Crypto-ware / Firewalls 1

Status
Not open for further replies.

DrB0b

IS-IT--Management
May 19, 2011
1,431
US
Hello fellow knowledgeable Tek-Tips members. I have a three headed question of which only some of it may seem appropriate to this section of the forums but hopefully I can show why I deem them all appropriate and get some input on a few things I'm recently dealing with.

For starters, Back about 7 years ago I jumped on the TrueCrypt bandwagon and fell in love with it. I mainly used it for removable media that had company specific data/programs/passwords on it that traveled with me frequently so in case it was lost or stolen, the data therein wouldn't be compromised. After joining a new company and trying to reinstall TrueCrypt on my new company PC (I'm in IT so its cool) and to view my encrypted drive, I see a firestorm has happened since I last viewed any TrueCrypt site and they have been essentially booted from the internet. I'm not a fan of CNET or download.com since anyone can load software to it and its hard to say exactly what you are getting out of it. But even the "save TrueCrypt" page seen here: even seems sketchy. Since I cannot really verify this site nor any of the others out there, how do I avoid getting a version of this without a potential virus packing along with it? I have downloaded the newest version from the site above in a sandbox and scanned with a few programs and all show it fine. Does anyone have any information on the downfall of TrueCrypt that isn't on the first page of a Google search and can verify that there is a version to use, virus free, to unlock an old TrueCrypt volume?

Next on the chopping block, Crypto-ware and firewalls. I'm am both grateful and appalled by it. Let me clarify that I am only grateful because it helped me land my current job. The company I now work for was hit hard by a crypto-nasty and were looking for more of a network minded individual to help shore up defenses. After landing this job I am firmly back on the anti-crypto side of the fence and am trying to get as tight of a grip on security here as possible. The current FW in play here is a Watchguard XTM505 which is about to enter EOL so I have a two fold reason for upgrading. Im heavily leaning towards a Baraccuda X400 but Watchguard has some serious savings on the table if I would up to one of their beefier models. Are there any admins of either of these here that could weigh in what they feel about their preferred product? I have been on the horn with both companies numerous times so I know what they offer but am looking for a users perspective as well. Any other options are welcome as well. I have been flirting with Cisco. And yes the appliances are sized correctly for our budget/bandwidth/user base.

Crypto-ware can get in from a variety of methods. The most prevalent I have seen is via email. At my last job I had email on lock-down with each user schooled in what to look for and knew to contact me upon the receipt of a sketchy email. Here at the new digs, whatever Watchguard isn't catching is being directed to a Trend Micro email scanning service which seems flaky to me on what they both deem bogus emails. Just in the month I have been here there has been two people forward me bad emails asking what they were and why they got them. I was the entire IT dept at my last job of about 150 people so I could easily implement whatever I wanted for security's sake. Here I am one of 4, not in charge of the Exchange server or the current FW, but will likely be of the new one. Outside of tidying up the mail getting through and getting internet access to only those who need it and to only the sites they need, do any of you have any recommendations on how to avoid or combat these horrible virus/trojans? We do have multiple redundant backups both off and on site which is how they were able to recover last time. I have read about a few scripts that will allow you to watch file extension on the file server and alert you when there is mass change but that seems not very proactive. Thoughts and comments?

Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.
 
The owners of TrueCrypt have stopped supporting it. Rumor has it there are some flaws in it and they didn't want to spend the time to fix it when there are alternatives. I don't know of any other program that will unlock a TrueCrypt volume. Maybe someone else will know.

I've never been let down by Watchguard. They keep their patches up to date and their newer firewalls have some very cool and powerful options to keep ransomware and their ilk at bay. Of course, you have to pay for those so make sure they are in the quote and within budget.


James P. Cottingham
I'm number 1,229!
I'm number 1,229!
 
Yea, we were quoted 3 years of their Total Security which is the "same" package we have now on the older WG box. It really seems that the firewall tech has came a long way in 10 years. I hope it is as aggressive with ransomware as they state.

Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.
 
Good reads Goom, thank you. I had not come across those yet. If anyone has any newer news on TC I would be interested in it. Doubt there is much since everything kind of went quiet on that front around a year ago.

Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.
 
That was the last I read (ARS). It seems that there wasn't an obvious reason that the developers stopped supporting it. It seems that nothing terrible was found in terms of vulnerabilities. But, could there be a hidden smoking gun that nobody knows about or infiltration from state-sponsored snoopers. It's very hard to tell.

Seems that for casual use it would still be fine to use. If your life depended on it like you were a dissident inside China or Iran, maybe not. Seems like lately, every product/web site/email provider is safe until you find out that it's not and that all the user names and passwords got cracked and sold.

I use it "casually" on my laptop to secure the folders that contain my password data and my customer data files. So, I can take all my info with me, but if my laptop is stolen, the idiot that steals it has no way to read sensitive information. I periodically un-encrypt the volume and overwrite the data with the newest data from my desktop.

I don't know where you want/trust to get it, but you want the 7.1 version because "dramatically neutered 7.2 version that can only be used to view, but no longer to create new, TrueCrypt volumes"

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares.
 
Thank you again goom. Like any free software, it cant last forever unfortunately. I bit the bullet and installed the "latest" version to extract my data and all seems fine. Not that I'm going to keep it installed since I will have to move onto another encrypting software that has ongoing support. Do you have any suggestions on which to try next? Sounds like you are still using an older version. I will admit I haven't jumped into the research yet of finding a new one but will post back what I find out and try out.

Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.
 
I'm not going to worry about getting anything new because it's just there to protect against someone that steals my laptop, not hiding anything life or death important.

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares.
 
I would have been in the same boat had I not switched jobs and tried to reinstall TC. It worked great for what I used it for. Just happened to come to a head whenever I needed to reinstall.

Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.
 
Since this topic has essentially ran its course, Im going to hijack my own thread to as you a quick question goom. Did you ever get that iPhone email account situation lined out? I would have commented on it but is has been closed for some time. Just really curious what the fix was on that in case I run into anything similar.....

Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.
 
No!!! Periodically strange things still happen. Like the account loses it's password and has to be deleted and re-created. Can't just put in a password. It also switches from POP3 to IMAP at the same time which could be the cause or just happens at the same time. Periodically some of the SMTP servers get turned off as well. Can't really understand this and it happened with two different phones - iphone 5 and iphone 6.

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares.
 
If it crossed phones, it has to be on Comcast's end. I know you are probably tired of messing with it but I would have them recreate her mailbox on their end. It has to be an issue with that mailbox especially if it thinks it is a POP account one day and an IMAP the next.....

Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.
 
Happens with the wife's iphone/Comcast account as well - totally separate devices and email accounts!!!
- hackers
- voodoo
I don't know, but I have to fix it.

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares.
 
If you personally know of 2 devices doing it, I would be shocked if there arent a heck of a lot more out there. Really surprised that there isnt something on the Googley searches that points right at it.

Last random thought I will toss at this as not to exacerbate the mood/situation but could it be localized to iMail? Have you tried a different client such as the Outlook mail app? I know its free on Android and would assume on iPhone. I know that is not ideal but it would let you know if it is on your end or the ISP.

Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.
 
Haven't tried another mail client. The customer is older and not thinking they would want to experiment with something new as a troubleshooting tool. I have given up on it and just fix it about every 6 months.

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top