Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Trade off: Full disk Encryption vs. Necessity

From: "Saqib Ali" <docbook.xml () gmail com>
Date: Fri, 17 Nov 2006 14:50:22 -0800
I second Jeffrey's opinion.

Before using FDE products I was using the encrypted file vault
software that comes with HP laptop. And I was always conscious about
about where I was saving the files, and worried about data in the swap
file etc. (I have a scrupulous conscience)

Now I have Utimaco on one laptop and Pointsec on the other. And I
longer worry about where I am saving the files. It is all about the
peace of mind.

I can't wait till laptop manufacturers (HP, Lenovo and Dell) start
installing Seagate's FDE drives on the laptops. I think it will be
awesome. I compile a lot of software of my laptop, and the software
based FDE solution slow down the build process. Seagate's FDE solution
uses a ASIC on drive for encryption, so there is no impact on the CPU.

saqib
http://www.full-disk-encryption.net



On 11/16/06, Jeffrey F. Bloss <jbloss () tampabay rr com> wrote:

shyaam () gmail com wrote:

> Dear All,
>
> I am sorry if this has been discussed/described anywhere in the
> forums(do let me know the thread if that is the case), but is
> full-disk encryption necessary.

That depends entirely on what your threats and needs are. What's
necessary for one may be unnecessary for another. Whole disk is a great
deterrent to a laptop thief, but meaningless to a network cracker for
instance.

> I mean windows takes care of the OS Security, even if not, it is OS
> files which will come up with every single installation CD. So it
> doesnt need to be encrypted. What are the things to encrypt other
> than the user data ? [just a question, because everyone talks about

Swap files/partitions, registry data, configuration files, certain
pieces of software themselves... anything that might contain any
information that you don't want in another person's hands. Like a full
copy of the super secret company documents you are working on which got
swapped to virtual memory when you opened that spread sheet, or the
serial number for that $50,000 database you purchased to streamline
your business.

> full-disk encryption] What is the overhead involved with full-disk
> encryption and if there is a full disk encryption, is it worth doing

I've installed whole disk encryption on dozens of machines, and run it
on my own laptop. I honestly haven't noticed any difference at all on
any of them, nor have I heard any complaints.

> it? Segate came up with the hardware technique of doing it ? Well if
> it is not breakable it is good, but what are the chances of it being
> broken ?
>
> Laptops get lost or stolen, is full-disk encryption the only solution
> or are there any other solutions that we are not able to think of?

Full disk is the only guaranteed solution. You can try and encrypt data
areas only, but invariably someone will save something where they
shouldn't. That someone could be an inattentive or lazy employee, or
the software or operating system itself.

Hardware solutions like locks and such are meaningless to anyone with a
hammer and another machine to plug an extricated hard drive into.
Assuming your data is the prize of course. If you allow physical access
to the machine, it can and will be compromised. If it's compromised,
the only way to protect your data is to make it inaccessible. And the
only way to do that, is to encrypt it.

--
Hand crafted on 16 November, 2006 at 22:41:29 EST using
only the finest domestic and imported ASCII.

Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.

                                 -- Groucho Marx







--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: