Security Basics mailing list archives
Re: Why not encrypt the whole Hard Drives?
From: "Jason Muskat, GCFA, GCUX, de VE3TSJ" <Jason () TechDude Ca>
Date: Thu, 02 Nov 2006 01:43:02 -0500
Hello, We deployed FDE on every laptop (about 150) in the organization I work for including my own. The FDE software installs itself on every drive wished including the boot drive "c:" and requires the use of a pre-boot-loader before Windows is loaded. I found no discernible speed difference. The pre-boot-loader is very transparent to Windows. The only issues I have come across is one HDD became corrupted. Windows Automated Recovery would have easily fixed this issue. Due to an Admin oversight an Admin Key, which allows one to boot a CD from the FDE boot-loader, was missing. At that point the drive became very difficult to recover. So much, it was low-level formatted and backups were restored to a new drive. Key Management is easy but very procedure driven. If parts of the procedure are skipped issues such as a simple disk recovery become very difficult. Regards, -- Jason Muskat | GCFA, GCUX - de VE3TSJ ____________________________ TechDude e. Jason () TechDude Ca m. 416 .414 .9934 http://TechDude.Ca/
From: Saqib Ali <docbook.xml () gmail com> Date: Thu, 12 Oct 2006 15:00:28 -0700 To: security-basics <security-basics () securityfocus com> Subject: Why not encrypt the whole Hard Drives? Resent-From: <security-basics-return-41391 () securityfocus com> Resent-Date: Fri, 13 Oct 2006 12:51:58 -0600 (MDT) Security Breaches Data reveals that most of the data leaks were caused due to stolen laptops, which can be easily mitigated by using full disk encryption on the laptop. So why not encrypt the whole drive? Cost and performance impact are the usual arguments. Tests show that access time increases by 56%-85% after encryption. And the cost of FDE software usually ranges from $0-$300 depending on how good of a software and support you wanna get. So is it worth it? Data from tests (performance impact) of the FDE products: http://www.xml-dev.com/blog/index.php?action=viewtopic&id=250 -- Saqib Ali, CISSP, ISSAP http://www.full-disk-encryption.net --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: Why not encrypt the whole Hard Drives? Jason Muskat, GCFA, GCUX, de VE3TSJ (Nov 03)
- Re: Why not encrypt the whole Hard Drives? Saqib Ali (Nov 06)
- <Possible follow-ups>
- Re: Why not encrypt the whole Hard Drives? Kurt Buff (Nov 07)
- Re: Why not encrypt the whole Hard Drives? Saqib Ali (Nov 07)
- Re: Why not encrypt the whole Hard Drives? Alexander Klimov (Nov 10)
- Re: Why not encrypt the whole Hard Drives? Saqib Ali (Nov 07)