Security Basics mailing list archives
Re: secure file handling
From: "sam () samdavidson com" <samdavidson () nextel blackberry net>
Date: Sun, 21 Aug 2005 16:12:18 +0000 GMT
------Original Message------ From: dave_boone007 () yahoo com To: security-basics () securityfocus com Sent: Jul 27, 2005 07:35 Subject: Re: secure file handling Hi Alejandro, As every technical response goes, the answer is "It depends". If you're looking for entry-level protection, built-in file system level encryption can work. Easily identifiable problems are 1) OS-level encryption typically is only as secure as the user account that has access to decrypt it, and 2) OS-level encryption can cause loss of access to your data if you have a system crash and can't regenerate the key that originally encrypted them, and 3) OS-level encryption is typically not portable or scalable, i.e. hard to have encrypted grid computing or shared access. If you're looking for secure file handling for a larger environment, you might want to consider some 3rd party products like those from NeoScale and Decru, that use AES 256-bit encryption. If you're looking for decent security at a reasonable price, maybe look at GPG or PGP. Probably the most solid solution I've seen has been the Decru DataFort accompanied with their DCS client software. (no, I don't work for them or own any shares.) Their devices are tamper-resistant, where physical access causes the systems not to load the keys any more. Some of their devices are equipped with a "panic button" where pressing this physical button deletes the encryption keys, making the data practically irretrievable. Plus, with their DCS client software you can enforce policies to the client, ensuring only known software is running on them, and even control which processes can access certain files,
Current thread:
- Re: secure file handling xyberpix (Aug 02)
- <Possible follow-ups>
- Re: secure file handling sam () samdavidson com (Aug 22)