Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: The ugly side of using disk encryption

From: "dave kleiman" <dave () davekleiman com>
Date: Mon, 23 Oct 2006 11:07:27 -0400
I have been using DriveCrypt Plus (whole OS/Disk) and DriveCrypt (encrypted
containers) for about 3 years now, and thus far have no negative feed back.
The only issue I ever had with Plus was when SP1 for 2003 came out, but
their latest version overcame that. However, they claim not to support
server, but I have been using it all this time. 

I do not even notice any performance degradation, although I am sure there
is some.

They have a complete suite of encryption tools:
http://www.securstar.com/


Respectfully,

Dave Kleiman

http://www.davekleiman.com/about.php 



    -----Original Message-----
    From: listbounce () securityfocus com 
    [mailto:listbounce () securityfocus com] On Behalf Of Will Yonker
    Sent: Saturday, October 21, 2006 21:13
    To: security-basics () securityfocus com
    Subject: RE: The ugly side of using disk encryption
    
    This thread has finally got me off my butt.  I have been 
    meaning to create some sort of encryption standard for a 
    few customers but encryption really isn't my area.
    
    So here is the question:  What is the best way to encrypt data?
    
    A broad question, I know.  Let me narrow it down.
    
    1)  Some users work with sensitive data on their laptops 
    when in places where network access is unreliable.
    2)  This is data that would be useful to competitors.  It 
    could be financially beneficial for these competitors to 
    hire professionals to gain access to any data that might be 
    stored on the laptop.
    3)  The data can be in the gigabytes but not more than 10 GB.
    4)  Speed of the decryption is not a large factor.
    5)  Some of the files will be MS Word and MS Excel documents.
    6)  All machines are running Windows XP.
    
    Now, I've taken a look at TrueCrypt and figured that a 
    three cypher, hidden volume, passphrase + key stored on USB 
    stick to be the best that I could do.  I was also playing 
    with the idea of installing TrueCrypt only on the USB stick 
    so the attacker would have to guess what was used to create 
    the hidden volume if they found it.
    
    Is this the best approach?  Is there more that I could do 
    to easily enhance the security?  Do I need to worry about 
    clearing something off the C:\ drive like the system cache?
    
    I'm guessing a medium sized corporation would be willing to 
    put more effort into obtaining the data than the government 
    did with this guy. 
    Most have a powerful cluster at their disposal so I guess 
    they could brute force it.  Is there a way I can make that 
    take longer?
    
    I know there is no perfect solution, just ways to slow down 
    the attackers.
    
    As always, any help would be appreciated.
    
    
    --
    This message has been scanned for viruses and dangerous 
    content by MailScanner, and is believed to be clean.
    
    
    ------------------------------------------------------------
    ---------------
    This list is sponsored by: Norwich University
    
    EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
    The NSA has designated Norwich University a center of 
    Academic Excellence 
    in Information Security. Our program offers unparalleled 
    Infosec management 
    education and the case study affords you unmatched 
    consulting experience. 
    Using interactive e-Learning technology, you can earn this 
    esteemed degree, 
    without disrupting your career or home life.
    
    http://www.msia.norwich.edu/secfocus
    ------------------------------------------------------------
    ---------------
    


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: