Security Basics mailing list archives
RE: FDE solution for laptops
From: "Mason, Samuel" <SMason () mt gov>
Date: Mon, 25 Feb 2008 11:08:32 -0700
I tested a few solutions and chose Mobile Armor's Data Armor for my solution. It's got a good centralized management console for updates and password changes. You can decrypt the drive as well but it isn't what you'd call "easy"... which, considering what you are doing, isn't such a bad thing. Only certain accounts can decrypt the device and remove the software, depending on how you have the policy set up. One note: if you are off the network with this product ensure they do not hook up to another network prior to logging in to the Data Armor login at boot. It will attempt to authenticate to the central server and, with it missing, will take a long time to fail and use the cached password. PS- I'm sure everyone's heard of the recent paper (by Princeton) regarding FDE and keys stored in DRAM. If not it is an interesting read: http://www.nytimes.com/2008/02/22/technology/22chip.html?_r=1&oref=slogin ...among other places. I'm not trying to raise a scare or imply FDE is useless, mind you, just passing on info. Samuel Mason CISSP, GCFA -------------------------------------------------- From: "ыфзкфт" <sapran () gmail com> Sent: Wednesday, February 20, 2008 9:47 AM To: <security-basics () securityfocus com> Subject: FDE solution for laptops
Hi list! I am in search of a solution for full disk encryption. The main goal is to protect data stored at travelling managers' laptops from loss and/or theft of device. I had tried the shiny new TrueCrypt 5 with system drive/partition encryption, but it made an OEM XP boot into safe mode only, so I guess that's not a right choice. I will appreciate any help on topic. Here come some details: 1) We use mostly Dells: Inprisons, Inspirons and Vostros. 2) The encryption must be easily recoverable using rescue CD/DVD or smth. -- sapran
Current thread:
- FDE solution for laptops ыфзкфт (Feb 20)
- Re: FDE solution for laptops Macy (Feb 20)
- Re: FDE solution for laptops Albert R. Campa (Feb 21)
- RE: FDE solution for laptops Scott (Feb 28)
- Re: FDE solution for laptops Albert R. Campa (Feb 28)
- Re: FDE solution for laptops Albert R. Campa (Feb 21)
- RE: FDE solution for laptops Rian Wisandanu (Feb 21)
- RE: FDE solution for laptops Jon Hanny (Feb 21)
- RE: FDE solution for laptops Mason, Samuel (Feb 25)
- Re: FDE solution for laptops Macy (Feb 20)
- Re: FDE solution for laptops Ankur Jindal (Feb 21)
- Re: FDE solution for laptops Jason Bridge (Feb 21)
- RE: FDE solution for laptops Krzyston, Randy (Feb 21)
- Re: FDE solution for laptops mgk.mailing (Feb 22)
- RE: FDE solution for laptops Krzyston, Randy (Feb 21)
- Re: FDE solution for laptops Douglas K. Fischer (Feb 25)
- <Possible follow-ups>
- Re: FDE solution for laptops jgmitchell (Feb 21)
- RE: FDE solution for laptops Alexander Pisemskiy (Feb 22)
- Re: FDE solution for laptops Alan Strader (Feb 25)