Security Basics mailing list archives
Re: Trade off: Full disk Encryption vs. Necessity
From: "Saqib Ali" <docbook.xml () gmail com>
Date: Fri, 17 Nov 2006 14:50:22 -0800
I second Jeffrey's opinion. Before using FDE products I was using the encrypted file vault software that comes with HP laptop. And I was always conscious about about where I was saving the files, and worried about data in the swap file etc. (I have a scrupulous conscience) Now I have Utimaco on one laptop and Pointsec on the other. And I longer worry about where I am saving the files. It is all about the peace of mind. I can't wait till laptop manufacturers (HP, Lenovo and Dell) start installing Seagate's FDE drives on the laptops. I think it will be awesome. I compile a lot of software of my laptop, and the software based FDE solution slow down the build process. Seagate's FDE solution uses a ASIC on drive for encryption, so there is no impact on the CPU. saqib http://www.full-disk-encryption.net On 11/16/06, Jeffrey F. Bloss <jbloss () tampabay rr com> wrote:
shyaam () gmail com wrote: > Dear All, > > I am sorry if this has been discussed/described anywhere in the > forums(do let me know the thread if that is the case), but is > full-disk encryption necessary. That depends entirely on what your threats and needs are. What's necessary for one may be unnecessary for another. Whole disk is a great deterrent to a laptop thief, but meaningless to a network cracker for instance. > I mean windows takes care of the OS Security, even if not, it is OS > files which will come up with every single installation CD. So it > doesnt need to be encrypted. What are the things to encrypt other > than the user data ? [just a question, because everyone talks about Swap files/partitions, registry data, configuration files, certain pieces of software themselves... anything that might contain any information that you don't want in another person's hands. Like a full copy of the super secret company documents you are working on which got swapped to virtual memory when you opened that spread sheet, or the serial number for that $50,000 database you purchased to streamline your business. > full-disk encryption] What is the overhead involved with full-disk > encryption and if there is a full disk encryption, is it worth doing I've installed whole disk encryption on dozens of machines, and run it on my own laptop. I honestly haven't noticed any difference at all on any of them, nor have I heard any complaints. > it? Segate came up with the hardware technique of doing it ? Well if > it is not breakable it is good, but what are the chances of it being > broken ? > > Laptops get lost or stolen, is full-disk encryption the only solution > or are there any other solutions that we are not able to think of? Full disk is the only guaranteed solution. You can try and encrypt data areas only, but invariably someone will save something where they shouldn't. That someone could be an inattentive or lazy employee, or the software or operating system itself. Hardware solutions like locks and such are meaningless to anyone with a hammer and another machine to plug an extricated hard drive into. Assuming your data is the prize of course. If you allow physical access to the machine, it can and will be compromised. If it's compromised, the only way to protect your data is to make it inaccessible. And the only way to do that, is to encrypt it. -- Hand crafted on 16 November, 2006 at 22:41:29 EST using only the finest domestic and imported ASCII. Outside of a dog, a book is a man's best friend. Inside of a dog, it's too dark to read. -- Groucho Marx
-- Saqib Ali, CISSP, ISSAP http://www.full-disk-encryption.net --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Trade off: Full disk Encryption vs. Necessity shyaam (Nov 16)
- Re: Trade off: Full disk Encryption vs. Necessity Saqib Ali (Nov 16)
- Re: Trade off: Full disk Encryption vs. Necessity Florian Rommel (Nov 16)
- Re: Trade off: Full disk Encryption vs. Necessity Jeffrey F. Bloss (Nov 17)
- Re: Trade off: Full disk Encryption vs. Necessity Saqib Ali (Nov 20)