Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Trade off: Full disk Encryption vs. Necessity

From: Florian Rommel <frommel () gmail com>
Date: Thu, 16 Nov 2006 21:13:39 +0200
Hi Shyaam,
personally, I like the approach OS X has with the home directory encryption (FileVault) and that isa very good approach as, you nailed it, the system files are available from any install CD. The problem ,in my experience , comes 2-fold. 1st you have the fact that Windows places files all over whereas in OS X generally the user files are contained within the users home directory as the rest of the system is pretty obfuscated to the "normal" user. The 2nd problem I have come across is the "somewhat" technologically experienced people, who have heard from their friends that putting your data in a separate folder on c: is better (some went as far as saying more secure). The problem is by default you cannot control where on the file system the user copies stuff. As I said, Mac OS X at least tries to deter users from going outside their space but Windows is pretty open in that respect. For that reason alone I would already recommend full-disk encryption. because you cannot control where the user puts the company sensitive data.
my 2 cents and this is really just based on my experience and opinion based 



//Flosse
http://blog.2blocksaway.com

On Nov 16, 2006, at 3:52 AM, shyaam () gmail com wrote:


Dear All,
I am sorry if this has been discussed/described anywhere in the forums(do let me know the thread if that is the case), but is full- disk encryption necessary.
I mean windows takes care of the OS Security, even if not, it is OS files which will come up with every single installation CD. So it doesnt need to be encrypted. What are the things to encrypt other than the user data ? [just a question, because everyone talks about full-disk encryption] What is the overhead involved with full-disk encryption and if there is a full disk encryption, is it worth doing it? Segate came up with the hardware technique of doing it ? Well if it is not breakable it is good, but what are the chances of it being broken ?
Laptops get lost or stolen, is full-disk encryption the only solution or are there any other solutions that we are not able to think of?
These are just few questions that came up on my mind. Once again sorry if they were addressed somewhere else or if they sound silly. 

Kind Regards,
Shyaam
---------------------------------------------------------------------- ----- 
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------- ----- 




---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: