Re: secure file handling

["sam () samdavidson com" <samdavidson () nextel blackberry net>]

------Original Message------
From: dave_boone007 () yahoo com
To: security-basics () securityfocus com
Sent: Jul 27, 2005 07:35
Subject: Re: secure file handling

Hi Alejandro,

As every technical response goes, the answer is "It depends".

If you're looking for entry-level protection, built-in file system level encryption can work.  Easily identifiable 
problems are 1) OS-level encryption typically is only as secure as the user account that has access to decrypt it, and 
2) OS-level encryption can cause loss of access to your data if you have a system crash and can't regenerate the key 
that originally encrypted them, and 3) OS-level encryption is typically not portable or scalable, i.e. hard to have 
encrypted grid computing or shared access.

If you're looking for secure file handling for a larger environment, you might want to consider some 3rd party products 
like those from NeoScale and Decru, that use AES 256-bit encryption.

If you're looking for decent security at a reasonable price, maybe look at GPG or PGP.

Probably the most solid solution I've seen has been the Decru DataFort accompanied with their DCS client software. (no, 
I don't work for them or own any shares.)  Their devices are tamper-resistant, where physical access causes the systems 
not to load the keys any more.  Some of their devices are equipped with a "panic button" where pressing this physical 
button deletes the encryption keys, making the data practically irretrievable.  Plus, with their DCS client software 
you can enforce policies to the client, ensuring only known software is running on them, and even control which 
processes can access certain files,