Re: Trade off: Full disk Encryption vs. Necessity

["Jeffrey F. Bloss" <jbloss () tampabay rr com>]

shyaam () gmail com wrote:

> Dear All,
>
> I am sorry if this has been discussed/described anywhere in the
> forums(do let me know the thread if that is the case), but is
> full-disk encryption necessary.

That depends entirely on what your threats and needs are. What's
necessary for one may be unnecessary for another. Whole disk is a great
deterrent to a laptop thief, but meaningless to a network cracker for
instance.
 
> I mean windows takes care of the OS Security, even if not, it is OS
> files which will come up with every single installation CD. So it
> doesnt need to be encrypted. What are the things to encrypt other
> than the user data ? [just a question, because everyone talks about

Swap files/partitions, registry data, configuration files, certain
pieces of software themselves... anything that might contain any
information that you don't want in another person's hands. Like a full
copy of the super secret company documents you are working on which got
swapped to virtual memory when you opened that spread sheet, or the
serial number for that $50,000 database you purchased to streamline
your business. 

> full-disk encryption] What is the overhead involved with full-disk
> encryption and if there is a full disk encryption, is it worth doing

I've installed whole disk encryption on dozens of machines, and run it
on my own laptop. I honestly haven't noticed any difference at all on
any of them, nor have I heard any complaints. 

> it? Segate came up with the hardware technique of doing it ? Well if
> it is not breakable it is good, but what are the chances of it being
> broken ?
>
> Laptops get lost or stolen, is full-disk encryption the only solution
> or are there any other solutions that we are not able to think of?

Full disk is the only guaranteed solution. You can try and encrypt data
areas only, but invariably someone will save something where they
shouldn't. That someone could be an inattentive or lazy employee, or
the software or operating system itself.

Hardware solutions like locks and such are meaningless to anyone with a
hammer and another machine to plug an extricated hard drive into.
Assuming your data is the prize of course. If you allow physical access
to the machine, it can and will be compromised. If it's compromised,
the only way to protect your data is to make it inaccessible. And the
only way to do that, is to encrypt it.

-- 
Hand crafted on 16 November, 2006 at 22:41:29 EST using
only the finest domestic and imported ASCII.

Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.

                                 -- Groucho Marx

Attachment: signature.asc
Description: