RE: Encryption on Laptops?

["Simon and Sara Zuckerbraun" <szucker () rcn com>]

Honestly, protecting data on a laptop is very, very hard to accomplish. Once
an adversary gains physical control of a machine, there's not much that can
stop him from also gaining access to the data. I wish there were some simple
answers I could give you, but there just aren't. It's a tough subject.

If you enable EFS on Windows XP, this provides you with 128-bit encryption.
This type of encryption is strong enough so that it can not be defeated
directly using any technology currently known to man. But consider: it's
usually not very hard for an adversary to examine the hard drive and run a
program that will crack (figure out) the password. Then he can simply turn
on the laptop and log in, gaining access to all files. Bottom line: It's
highly unlikely that Windows XP's encryption is the weakest link in your
laptop defense. And unless you're addressing the weakest link, you're not
really affecting security.

A couple of things that can help are: 1. Strong password policies, that
ensure that users are choosing passwords that are complex and difficult for
an attacker to decode. 2. Smart cards, which act like a physical vault for
storing passwords (this is a bit of a simplification but essentially
accurate.) For example, the SPYRUS Rosetta USB:

http://www.spyrus.com/content/products/RosettaUSB_N7.asp


Securing data on a laptop is one of the very hardest things to accomplish,
so depending on what's at stake, it may well be worth hiring a security
professional to analyze your needs and recommend appropriate solutions. 

(Also to ensure that the proper safeguards are in place so that you don't
accidentally get permanently locked out of your own data, which is all too
possible when strong encryption is in use...)

Simon


-----Original Message-----
From: Shanafelt, Gabe [mailto:SHANAGG () dshs wa gov] 
Sent: Tuesday, March 16, 2004 10:27 AM
To: security-basics () securityfocus com
Subject: Encryption on Laptops?

If one wanted to encrypt data on a laptop but the enhanced cryptopack for
Windows XP isn't strong enough, what products would you recommend? 
Preferably low cost or free products?

Thanks, Gabe



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------