Computerworld - Much of my normal routine has been put on hold while I attend to a legal matter that requires generating mirror images of about 30 employees' laptop hard drives. In response to a request from a federal agency, we're using Pasadena, Calif.-based Guidance Software Inc.'s EnCase Forensic Edition to obtain those images.
It takes about five hours to create each compressed 40GB drive image. Fortunately, the imaging process can run unattended. That has given me enough time to squeeze in a security review of a new Web survey application -- a process that revealed several unpleasant surprises.
First, however, I had to get the disk images going. EnCase creates a boot floppy disk that write-protects the hard drive, then it lets you manually or automatically detect the destination storage device. I used the network port to connect to my forensics workstation via an Ethernet crossover cable and began acquiring the image for storage on a DVD-ROM.
Survey Insecurities
Our legal counsel requested a security assessment for a new Web-based customer survey tool. Members of the deployment team questioned why we needed to assess a survey tool at all. "It's not like we're collecting credit card data, personal information or storing source code," one staffer said.
He had a point. The application is being used so that our customers can complete surveys to assist us in providing a better experience for them. It doesn't collect any personal or financial data. But we might ask our customers to evaluate our performance and to specify deficiencies in the way we do business. We don't want such information falling into the hands of our competitors. Because of this issue, our general counsel determined that the data should be considered confidential.
Not only are we worried about the compromise of the survey results, but this application will also have a Web server residing on the Internet-facing demilitarized zone (DMZ) segment of the network. The application itself uses a three-tier architecture consisting of a front-end Web server, a midtier application server and a back-end SQL database server.
If hackers were to compromise any of the infrastructures, they could access other information such as server configurations, user identifications and passwords, which can usually be cracked. They could also install packet-sniffing software to capture traffic and use it to gain access to other areas of our infrastructure.
For example, if a hacker ran a sniffer on a compromised Web server and the server administrator accessed another resource on the same network, the hacker might be able to obtain
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
