Re: FW: VA Loses another Hard Drive with data on 48,000 veterans

["kevin fielder" <kevin.fielder () gmail com>]

Hi

I can comment on a product called SafeBoot that we currently use.
This product works very well, with centralised management, allowing
control of password policies etc.  Performance is not affected to a
great degree, you do notice the speed of boot up being slower, but in
general use (e.g. opening / saving documents and emails etc) the
performance is not noticeably impacted.

A couple of things to bear in mind when looking at these products you
want to use a genuine full disk encryption product that requires some
form of authentication prior to any sort of access to the O/S, and you
should also ensure that it can block hibernate type functionality to
ensure that the machine is shut down each time the user finishes work
- if hibernate is permitted you have a situation where if stollen the
laptop can be opened and the thief is faced with the windows prompt
and a drive that has already had the credentials entered to allow
access to the data on it.

Cheers

Kevin



> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> On Behalf Of Saqib Ali
> Sent: 06 February 2007 05:13
> To: Ed
> Cc: security-basics
> Subject: Re: VA Loses another Hard Drive with data on 48,000 veterans
>
> Try several FDE solution before you settle on one. Most of the FDE
> solutions provide 128bit AES encryption, but some are easier to use then
> others. Also some offer challenge/response based password recovery,
> which can be *very* helpful.
> Another thing to keep in mind is that the encryption solution must be
> transparent to the user and must be straight-forward to setup.
>
> You can find a rather complete list of FDE solutions at:
> http://www.full-disk-encryption.net/Full_Disc_Encryption.html
>
>
>
> On 2/5/07, Ed <security () kdtc net> wrote:
> > Saqib Ali wrote:
> > > http://www.full-disk-encryption.net/news/article329.html
> > >
> > > Associated Press is reporting that a portable hard drive belonging
> > > to Veteran's Administration has been stolen. The Official Press
> > > Release is available at the VA website.
> >
> > This is something I'm glad I can keep track of here.  This past year
> > alone has shown that it is easy to take things for granted and expect
> > things  to stay where they are, when in fact, one shouldn't.
> > Unfortunately, I seem to be one of these people who have gotten a
> > 'little slack' in terms of maintaining a secured network.  (Can never
> > get my point across to users and bosses on security issues.  They
> > never seem to understand that P2P and Skype really don't really belong
>
> > in a corporate environment.  The only consideration is 'low cost' and
> > 'convenient').
> >
> > Anyway, there's certainly a plethora of solutions for encryption(whole
>
> > disk or otherwise).  Does anyone here have any good suggestions?
> >
> > So far, I'm looking at PGP Whole Disk and it looks promising.
> >
> > Thanks.
> >
> > Edmund
> >
>
>
> --
> Saqib Ali, CISSP, ISSAP
> http://www.full-disk-encryption.net