Security Basics mailing list archives
Re: Trade off: Full disk Encryption vs. Necessity
From: "Jeffrey F. Bloss" <jbloss () tampabay rr com>
Date: Thu, 16 Nov 2006 22:56:45 -0500
shyaam () gmail com wrote:
Dear All, I am sorry if this has been discussed/described anywhere in the forums(do let me know the thread if that is the case), but is full-disk encryption necessary.
That depends entirely on what your threats and needs are. What's necessary for one may be unnecessary for another. Whole disk is a great deterrent to a laptop thief, but meaningless to a network cracker for instance.
I mean windows takes care of the OS Security, even if not, it is OS files which will come up with every single installation CD. So it doesnt need to be encrypted. What are the things to encrypt other than the user data ? [just a question, because everyone talks about
Swap files/partitions, registry data, configuration files, certain pieces of software themselves... anything that might contain any information that you don't want in another person's hands. Like a full copy of the super secret company documents you are working on which got swapped to virtual memory when you opened that spread sheet, or the serial number for that $50,000 database you purchased to streamline your business.
full-disk encryption] What is the overhead involved with full-disk encryption and if there is a full disk encryption, is it worth doing
I've installed whole disk encryption on dozens of machines, and run it on my own laptop. I honestly haven't noticed any difference at all on any of them, nor have I heard any complaints.
it? Segate came up with the hardware technique of doing it ? Well if it is not breakable it is good, but what are the chances of it being broken ? Laptops get lost or stolen, is full-disk encryption the only solution or are there any other solutions that we are not able to think of?
Full disk is the only guaranteed solution. You can try and encrypt data areas only, but invariably someone will save something where they shouldn't. That someone could be an inattentive or lazy employee, or the software or operating system itself. Hardware solutions like locks and such are meaningless to anyone with a hammer and another machine to plug an extricated hard drive into. Assuming your data is the prize of course. If you allow physical access to the machine, it can and will be compromised. If it's compromised, the only way to protect your data is to make it inaccessible. And the only way to do that, is to encrypt it. -- Hand crafted on 16 November, 2006 at 22:41:29 EST using only the finest domestic and imported ASCII. Outside of a dog, a book is a man's best friend. Inside of a dog, it's too dark to read. -- Groucho Marx
Attachment:
signature.asc
Description:
Current thread:
- Trade off: Full disk Encryption vs. Necessity shyaam (Nov 16)
- Re: Trade off: Full disk Encryption vs. Necessity Saqib Ali (Nov 16)
- Re: Trade off: Full disk Encryption vs. Necessity Florian Rommel (Nov 16)
- Re: Trade off: Full disk Encryption vs. Necessity Jeffrey F. Bloss (Nov 17)
- Re: Trade off: Full disk Encryption vs. Necessity Saqib Ali (Nov 20)