FW: Laptop Encryption & Hibernation

["Administrator" <admin () whirlow plus com>]

Thank the Lord that someone (Barrie Dempster) has actually put these
"NTFS for security", "bios password" and "anti-hard drive transfer"
'methods' to sleep as possible corporate security strategies...because
they are not and never will be.

For a minute there I thought this list had gone DRAMATICALLY downhill!

And the original poster was only asking about encryption software that
would enable his organisations laptop users to use hibernation mode!!

Well said again Barrie!

Andrew Craig

MCSA, MCSE, CCNA



-----Original Message-----
From: Barrie Dempster [mailto:barrie () reboot-robot net] 
Sent: 25 September 2004 11:29
To: Kevin Snively
Cc: GuidoZ; James McGee; Security Basics[List]
Subject: Re: Laptop Encryption & Hibernation

On Thu, 2004-09-23 at 23:17, Kevin Snively wrote:
> The protection would (or should) be NTFS (as I mentioned). This would
> require a password to access the system or even the hardrive by itself
put
> into another machine 
No.

NTFS has nothing to do with password access to the system, it doesn't
offer any encryption at all and CAN be viewed without logging onto the
stolen machine. (Unless you meant EFS which does offer encryption for
NTFS systems, but I don't beleive you did)

> (now we wont even go into the fact that it would
> blue-screen to Hades unless it was totally compatible with the
original
> computer). 

Ehm you are joking right?
If you have taken a hard drive from one system to put into another you
aren't required to boot from it. You can install it as a secondary
drive, boot from the first drive containing another OS and happily read
everything on the ntfs system. This can be done from any OS that can
read NTFS.


As for the BIOS password comments from others in the thread.....
BIOS passwords offer ZERO security if the machine has been stolen, the
battery popping / jumper method is one way bypassing it, but a BIOS
isn't ANY use if the hard drive is no longer attached to that system.
The OP asked about enterprise level security solutions and the list
offered him BIOS passwords? I can't believe subscribers to this list
need the limitations of this explained to them.

The REAL options is encryption (which is what the OP asked about)

Listen to Ghaith Nasrawi, he provided very good options. EFS is also an
option to look at.

On Thu, 2004-09-23 at 09:49, Ghaith Nasrawi wrote:
> Read this
> http://www.tgc.com/dsstar/04/0727/108590.html
>
> and check these products
> http://www.safeboot.com/safeboot.asp?page=news&area=pressdetails&id=43
> http://www.findbiometrics.com/viewnews.php?id=1454
> http://www.ce-infosys.com.sg/CeiNews_FreeCompuSec.asp
-- 
Barrie Dempster (zeedo) - Fortiter et Strenue

  http://www.bsrf.org.uk

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]