Re: Why not encrypt the whole Hard Drives?

["Jason Muskat, GCFA, GCUX, de VE3TSJ" <Jason () TechDude Ca>]

Hello,

We deployed FDE on every laptop (about 150) in the organization I work for
including my own. The FDE software installs itself on every drive wished
including the boot drive "c:" and requires the use of a pre-boot-loader
before Windows is loaded.

I found no discernible speed difference. The pre-boot-loader is very
transparent to Windows.

The only issues I have come across is one HDD became corrupted. Windows
Automated Recovery would have easily fixed this issue. Due to an Admin
oversight an Admin Key, which allows one to boot a CD from the FDE
boot-loader, was missing. At that point the drive became very difficult to
recover. So much, it was low-level formatted and backups were restored to a
new drive.

Key Management is easy but very procedure driven. If parts of the procedure
are skipped issues such as a simple disk recovery become very difficult.

Regards,

-- 
Jason Muskat  | GCFA, GCUX - de VE3TSJ
____________________________
TechDude
e. Jason () TechDude Ca
m. 416 .414 .9934

http://TechDude.Ca/


> From: Saqib Ali <docbook.xml () gmail com>
> Date: Thu, 12 Oct 2006 15:00:28 -0700
> To: security-basics <security-basics () securityfocus com>
> Subject: Why not encrypt the whole Hard Drives?
> Resent-From: <security-basics-return-41391 () securityfocus com>
> Resent-Date: Fri, 13 Oct 2006 12:51:58 -0600 (MDT)
>
> Security Breaches Data reveals that most of the data leaks were caused
> due to stolen laptops, which can be easily mitigated by using full
> disk encryption on the laptop. So why not encrypt the whole drive?
> Cost and performance impact are the usual arguments. Tests show that
> access time increases by 56%-85% after encryption. And the cost of FDE
> software usually ranges from $0-$300 depending on how good of a
> software and support you wanna get. So is it worth it?
>
> Data from tests (performance impact) of the FDE products:
> http://www.xml-dev.com/blog/index.php?action=viewtopic&id=250
>
> -- 
> Saqib Ali, CISSP, ISSAP
> http://www.full-disk-encryption.net
>
> ---------------------------------------------------------------------------
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic Excellence
> in Information Security. Our program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting experience.
> Using interactive e-Learning technology, you can earn this esteemed degree,
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------