Security Basics mailing list archives
Re: List of Full Disc Encryption products
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Sat, 8 Jul 2006 08:00:19 +0200
On 2006-07-05 Eric Furman wrote:
On Wed, 5 Jul 2006 09:04:34 -0700, "Saqib Ali" said:With recent data thefts and government mandates, the importance of full disc encryption is being realized. Encrypting individual files or storing data in encrypted vaults does NOT meet the security requirements anymore. Corporation and Government institution want the whole HDD to be encrypted including the temporary files and swapWhen are people going to stop learning the *wrong* lesson every time some incident like this happens? The answer is *not* encryption. Given physical access to a machine, even with full disk encryption, I do not trust that the data cannot be retrieved somehow. The real answer is sensitive data should not ever ever ever be on a machine that is not fully physically secure all the time. I'm tired of these nonsense disk encryption discussions. Disk encryption is *not* mature technology, no matter what some vendor might tell you. It puts your data at risk and gives you a false sense of security. If some disk encryption 'experts', disagree, then flame on. I'll stick with physical security.
Disk encryption is no nonsense, and the only "wrong" lessons to be learned there are to believe that encryption was either superfluous or a silver bullet. Physical security and encryption aren't mutually exclusive, though for some reason you seem to believe that. Encryption helps when your physical security gets compromised. Encryption also helps in situations where you can't enforce physical security (e.g. on notebooks). And no, you can't always avoid storing sensitive data on devices that aren't physically secured. However, you are right that encryption may put one's data at risk when implemented inappropriately, but these risks can be mitigated. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq --------------------------------------------------------------------------- This list is sponsored by: SensePost Hacking, like any art, will take years of dedicated study and practice to master. We can't teach you to hack. But we can teach you what we've learned so far. Our courses are honest, real, technical and practical. SensePost willl be at Black Hat Vegas in July. To see what we're about, visit us at: http://www.sensepost.com/training.html ---------------------------------------------------------------------------
Current thread:
- Re: List of Full Disc Encryption products, (continued)
- Re: List of Full Disc Encryption products Saqib Ali (Jul 07)
- Re: List of Full Disc Encryption products J. Theriault (Jul 10)
- Re: List of Full Disc Encryption products Ow Mun Heng (Jul 06)
- Re: List of Full Disc Encryption products Saqib Ali (Jul 06)
- RE: List of Full Disc Encryption products evb (Jul 06)
- Re: List of Full Disc Encryption products Alex Koh (Jul 07)
- Re: List of Full Disc Encryption products Ow Mun Heng (Jul 07)
- RE: List of Full Disc Encryption products Steve Armstrong (Jul 06)
- Re: List of Full Disc Encryption products Eric Furman (Jul 06)
- Re: List of Full Disc Encryption products Ow Mun Heng (Jul 06)
- Re: List of Full Disc Encryption products Ansgar -59cobalt- Wiechers (Jul 10)
- Message not available
- Re: List of Full Disc Encryption products Saqib Ali (Jul 06)
- RE: List of Full Disc Encryption products Roger A. Grimes (Jul 06)
- Re: List of Full Disc Encryption products Saqib Ali (Jul 06)
- RE: List of Full Disc Encryption products Roger A. Grimes (Jul 06)
- RE: List of Full Disc Encryption products Sadler, Connie (Jul 06)
- Re: List of Full Disc Encryption products Stephen John Smoogen (Jul 07)
- Re: List of Full Disc Encryption products Saqib Ali (Jul 06)
- RE: List of Full Disc Encryption products Roger A. Grimes (Jul 06)