Security Basics mailing list archives
RE: List of Full Disc Encryption products
From: "Steve Armstrong" <stevearmstrong () logicallysecure com>
Date: Sun, 9 Jul 2006 12:55:20 +0100
Bora Like I pointed out earlier in this discussion, if you want to protect you data at rest you must encrypt it. If you want to protect the whole disk then encrypt the whole disk. However, if you need to protect the some data while the system is running then you must use file/folder encryption. Therefore, if you need to protect data when the system is running (ie when using the internet but not when accessing a VPN to your internal LAN) AND when the whole system is off (to protect against loss/theft) then use file/folder encryption AND full disk encryption (FDE). How you achieve this is your choise, either 3rd party FDE and MS file/folder encryption or 3rd part for both. What it comes down to is simply assessing where you need to protect the data and what the system is doing at the time. Steve A ---------------------------- Check out our UK IT Security Forum www.logicallysecure.com/forum -----Original Message----- From: Bora Dal [mailto:boradal () gmail com] Sent: 07 July 2006 13:48 To: security-basics () securityfocus com Subject: Re: List of Full Disc Encryption products Hi all, I have a some dark clouds related to the issue of partially encrypting hard drives... Let say I am partially encrypting my drive; some folders and files. When a encrypted file is opened, it is likely that it will be copied to a temp folder. When I am done with it, the file will be left there or hopefully deleted. This depends on the applicaition used to open the file. If it is left there that is really a problem, unless I specifiaclly find a way to encrypt all those temp areas used by my applications. Even the application deletes the file that it is done with, it is not wiped(meaning completeky deleted, overwritten from the hard disk surface) Does any of the partial encrypting solutions take care of this If not partial encryption wont be any good and it will leave many security openings. Swap files are also an issue. As we know basically if the memory goes low, OSes have the tendency to write to swap files. Even I set my swap to be cleared with restart, its just deleted from the harddrive, can be restored fully/partially with the file recovery solutions. Does partial encryption solutions take cover these and all possible(lets say known) issues. If not, I would automatically choose full drive encryption. At least gives me the feeling that "all" is encrypted and suprises(mentioned above) are mostly covered. Regards, Bora Dal, CISSP ------------------------------------------------------------------------ --- This list is sponsored by: SensePost Hacking, like any art, will take years of dedicated study and practice to master. We can't teach you to hack. But we can teach you what we've learned so far. Our courses are honest, real, technical and practical. SensePost willl be at Black Hat Vegas in July. To see what we're about, visit us at: http://www.sensepost.com/training.html ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- This list is sponsored by: SensePost Hacking, like any art, will take years of dedicated study and practice to master. We can't teach you to hack. But we can teach you what we've learned so far. Our courses are honest, real, technical and practical. SensePost willl be at Black Hat Vegas in July. To see what we're about, visit us at: http://www.sensepost.com/training.html ---------------------------------------------------------------------------
Current thread:
- RE: List of Full Disc Encryption products, (continued)
- RE: List of Full Disc Encryption products Sadler, Connie (Jul 06)
- Re: List of Full Disc Encryption products Stephen John Smoogen (Jul 07)
- Re: List of Full Disc Encryption products Saqib Ali (Jul 06)
- RE: List of Full Disc Encryption products Roger A. Grimes (Jul 06)
- RE: List of Full Disc Encryption products jpippin (Jul 10)
- Re: List of Full Disc Encryption products nospam (Jul 06)
- RE: List of Full Disc Encryption products Robertson, Seth (JSC-IM) (Jul 06)
- Re: List of Full Disc Encryption products Dereck Martin (Jul 07)
- RE: List of Full Disc Encryption products Roger A. Grimes (Jul 07)
- Re: List of Full Disc Encryption products Bora Dal (Jul 07)
- RE: List of Full Disc Encryption products Steve Armstrong (Jul 10)
- RE: List of Full Disc Encryption products jpippin (Jul 11)
- Re: Re: List of Full Disc Encryption products pemoore (Jul 11)
- Re: RE: List of Full Disc Encryption products kurt . kessler (Jul 12)