WebApp Sec mailing list archives
Full Disc Encryption use and implementation strategy Discussion Forum
From: "Saqib Ali" <docbook.xml () gmail com>
Date: Mon, 2 Oct 2006 19:52:36 -0700
In the light of recent laptops theft and data security breaches, large corporations, educational and government institutions are looking at various Full Disc Encryption (FDE) solution to protect their confidential data on mobile devices. While it may be easy to choose and implement a Full Disk Encryption in a small office, it is not the case with large institutions. These institutions are struggling with the design and architecture of the FDE and key management solutions. The design has to account for the key management solution in case of accidental destruction of the encryption key or employee leaving the company without handing over the encryption tokens/keys. The design also has to account for requirements for proper imaging of the HDD in case the OS and all the data have to be revived to its original form. Hardware Token and USB Key as a mean of authentication is also a point of discussion. There are multiple tools available in the market that allow for full disk encryption. However they vary greatly. They are divided into two main categories – hardware based and software based. The hardware based full disk encryption solutions are considerably faster than the software based solutions, and usually produce no overhead for the CPU or the HDD. The software based solutions, while inexpensive, create considerable overhead for the CPU depending on the type of encryption used. A limited number of full disk encryption solutions also support Trusted Platform Module to tie the encrypted HDD to a particular platform. TPM can make the key recovery possible and simplify single sign on. To address the questions and concerns mentioned above I have decided to create a mailing list dedicated to Full Disk Encryption Technology and Key Management solutions. To subscribe, please email fde-subscribe () www xml-dev com or visit: http://www.xml-dev.com/mailman/listinfo/fde ("This is a Ad-Free Mailing List, so please DO NOT join if you only want to advertise your products"). Also please DON'T inquire about adding Ads to footer of the email. Vendors are welcome to join if they bring constructive feedback to the discussion. This mailing list will be moderated for all new members. Thanks Saqib Ali -- Saqib Ali, CISSP, ISSAP Support http://www.capital-punishment.net ----------- "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15 ----------- -- Saqib Ali, CISSP, ISSAP Support http://www.capital-punishment.net ----------- "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15 ----------- ------------------------------------------------------------------------- Sponsored by: Watchfire Today's hackers exploit web applications to expose, embarrass and even steal. Firewalls and SSL may be commonplace but recent studies indicate 3 out of 4 websites remain vulnerable to attack. Watchfire's "Addressing Challenges in Application Security" whitepaper explains what to do and provides a guideline to improving your own application security. Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmw --------------------------------------------------------------------------
Current thread:
- Full Disc Encryption use and implementation strategy Discussion Forum Saqib Ali (Oct 02)