Security Basics mailing list archives
RE: Encryption on Laptops?
From: "Simon and Sara Zuckerbraun" <szucker () rcn com>
Date: Thu, 18 Mar 2004 00:48:59 -0600
Honestly, protecting data on a laptop is very, very hard to accomplish. Once an adversary gains physical control of a machine, there's not much that can stop him from also gaining access to the data. I wish there were some simple answers I could give you, but there just aren't. It's a tough subject. If you enable EFS on Windows XP, this provides you with 128-bit encryption. This type of encryption is strong enough so that it can not be defeated directly using any technology currently known to man. But consider: it's usually not very hard for an adversary to examine the hard drive and run a program that will crack (figure out) the password. Then he can simply turn on the laptop and log in, gaining access to all files. Bottom line: It's highly unlikely that Windows XP's encryption is the weakest link in your laptop defense. And unless you're addressing the weakest link, you're not really affecting security. A couple of things that can help are: 1. Strong password policies, that ensure that users are choosing passwords that are complex and difficult for an attacker to decode. 2. Smart cards, which act like a physical vault for storing passwords (this is a bit of a simplification but essentially accurate.) For example, the SPYRUS Rosetta USB: http://www.spyrus.com/content/products/RosettaUSB_N7.asp Securing data on a laptop is one of the very hardest things to accomplish, so depending on what's at stake, it may well be worth hiring a security professional to analyze your needs and recommend appropriate solutions. (Also to ensure that the proper safeguards are in place so that you don't accidentally get permanently locked out of your own data, which is all too possible when strong encryption is in use...) Simon -----Original Message----- From: Shanafelt, Gabe [mailto:SHANAGG () dshs wa gov] Sent: Tuesday, March 16, 2004 10:27 AM To: security-basics () securityfocus com Subject: Encryption on Laptops? If one wanted to encrypt data on a laptop but the enhanced cryptopack for Windows XP isn't strong enough, what products would you recommend? Preferably low cost or free products? Thanks, Gabe --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Encryption on Laptops? Shanafelt, Gabe (Mar 16)
- Re: Encryption on Laptops? Steven Joerger (Mar 17)
- Re: Encryption on Laptops? David E Mazza (Mar 17)
- RE: Encryption on Laptops? Aditya, ALD [Aditya Lalit Deshmukh] (Mar 19)
- Re: Encryption on Laptops? Magi Networks (Mar 17)
- Re: Encryption on Laptops? David E Mazza (Mar 17)
- Re: Encryption on Laptops? micron (Mar 17)
- RE: Encryption on Laptops? Simon and Sara Zuckerbraun (Mar 18)
- RE: Encryption on Laptops? Aaron (Mar 18)
- RE: Encryption on Laptops? Simon and Sara Zuckerbraun (Mar 19)
- RE: Encryption on Laptops? Bart . Lansing (Mar 22)
- Re[2]: Encryption on Laptops? Alexander Lukyanenko (Mar 26)
- Re: Re[2]: Encryption on Laptops? Bart . Lansing (Mar 26)
- RE: Re[2]: Encryption on Laptops? Simon and Sara Zuckerbraun (Mar 29)
- RE: Encryption on Laptops? Aaron (Mar 18)
- Re: Encryption on Laptops? Steven Joerger (Mar 17)
- <Possible follow-ups>
- RE: Encryption on Laptops? Yoo, Gene (Mar 17)
- Re: Encryption on Laptops? SMiller (Mar 18)
- RE: Encryption on Laptops? Kathmann, Nicholas (Mar 19)