Security Basics mailing list archives
Re: Why not encrypt the whole Hard Drives?
From: "Saqib Ali" <docbook.xml () gmail com>
Date: Tue, 7 Nov 2006 07:49:56 -0600
With this kind of penalty, however, I have to wonder if the new Seagate drives and/or the machines that use the TPM chips impose the same kind of performance penalty, what the administrative overhead is for each, and the cost differential for using them.
As far as I understand, Seagate's encrypted drives DO NOT impose any overhead, that is because it has an onboard ASIC that performs the crypto functions. Hardware encryptions are much much faster then software. Seagate encrypted HDDs and Vista Bitlocker is next on my list to evaluate. Vista Bitlocker, a software based FDE solution, uses TPM to wrap and bind the encryption keys. Which make the key management easier or more transparent to the user. But being a software solution, Bit Locker, will still impose considerable overhead. I will publish the results once I am done with the eval of BitLocker. As far as the TPM is concerned, I don't think wrapping and binding the encryption key using the TPM will impose any overhead, if anything it will be faster and more convenient. Some TPM manufacturers advertise bulk encryption capabilities in their TPM chip, but that has yet to be exploited for FDE purpose. saqib http://www.full-disk-encryption.net
Seen any data on that? Kurt On 10/12/06, Saqib Ali <docbook.xml () gmail com> wrote: > Security Breaches Data reveals that most of the data leaks were caused > due to stolen laptops, which can be easily mitigated by using full > disk encryption on the laptop. So why not encrypt the whole drive? > Cost and performance impact are the usual arguments. Tests show that > access time increases by 56%-85% after encryption. And the cost of FDE > software usually ranges from $0-$300 depending on how good of a > software and support you wanna get. So is it worth it? > > Data from tests (performance impact) of the FDE products: > http://www.xml-dev.com/blog/index.php?action=viewtopic&id=250 > > -- > Saqib Ali, CISSP, ISSAP > http://www.full-disk-encryption.net > > --------------------------------------------------------------------------- > This list is sponsored by: Norwich University > > EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE > The NSA has designated Norwich University a center of Academic Excellence > in Information Security. Our program offers unparalleled Infosec management > education and the case study affords you unmatched consulting experience. > Using interactive e-Learning technology, you can earn this esteemed degree, > without disrupting your career or home life. > > http://www.msia.norwich.edu/secfocus > --------------------------------------------------------------------------- > >
-- Saqib Ali, CISSP, ISSAP http://www.full-disk-encryption.net --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: Why not encrypt the whole Hard Drives? Jason Muskat, GCFA, GCUX, de VE3TSJ (Nov 03)
- Re: Why not encrypt the whole Hard Drives? Saqib Ali (Nov 06)
- <Possible follow-ups>
- Re: Why not encrypt the whole Hard Drives? Kurt Buff (Nov 07)
- Re: Why not encrypt the whole Hard Drives? Saqib Ali (Nov 07)
- Re: Why not encrypt the whole Hard Drives? Alexander Klimov (Nov 10)
- Re: Why not encrypt the whole Hard Drives? Saqib Ali (Nov 07)