Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: The ugly side of using disk encryption

From: "Will Yonker" <aragonx () dcsnow com>
Date: Sat, 21 Oct 2006 21:12:36 -0400 (EDT)
This thread has finally got me off my butt.  I have been meaning to create
some sort of encryption standard for a few customers but encryption really
isn't my area.

So here is the question:  What is the best way to encrypt data?

A broad question, I know.  Let me narrow it down.

1)  Some users work with sensitive data on their laptops when in places
where network access is unreliable.
2)  This is data that would be useful to competitors.  It could be
financially beneficial for these competitors to hire professionals to gain
access to any data that might be stored on the laptop.
3)  The data can be in the gigabytes but not more than 10 GB.
4)  Speed of the decryption is not a large factor.
5)  Some of the files will be MS Word and MS Excel documents.
6)  All machines are running Windows XP.

Now, I've taken a look at TrueCrypt and figured that a three cypher,
hidden volume, passphrase + key stored on USB stick to be the best that I
could do.  I was also playing with the idea of installing TrueCrypt only
on the USB stick so the attacker would have to guess what was used to
create the hidden volume if they found it.

Is this the best approach?  Is there more that I could do to easily
enhance the security?  Do I need to worry about clearing something off the
C:\ drive like the system cache?

I'm guessing a medium sized corporation would be willing to put more
effort into obtaining the data than the government did with this guy. 
Most have a powerful cluster at their disposal so I guess they could brute
force it.  Is there a way I can make that take longer?

I know there is no perfect solution, just ways to slow down the attackers.

As always, any help would be appreciated.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: