Security Basics mailing list archives
Re: Full Disk Laptop Encryption
From: gjgowey () tmo blackberry net
Date: Thu, 27 Sep 2007 22:29:09 +0000
I hate to sound like an adobe sales person (I'm not, but I do like their acrobat line of products), but they have a product that serves as a document policy system. Check out adobe document center. Also, I don't like using MAC's for anything including as a computer :-) or a method of what IP/vlan/access a system can have because pretty much most all NIC's allow you to change their MAC. Now the 3Com cards on the other hand use crypto keys stored right in the card. I'd like to see that spoofed. Geoff Sent from my BlackBerry wireless handheld. -----Original Message----- From: "Rob Thompson" <my.security.lists () gmail com> Date: Thu, 27 Sep 2007 14:58:32 To:"Bob Beringer" <bob.beringer () usa net> Cc:"Lafosse, Ricardo" <rlafosse () sfwmd gov>,security-basics () securityfocus com, "Bob Beringer" <bob () eor us> Subject: Re: Full Disk Laptop Encryption On 9/27/07, Bob Beringer <bob.beringer () usa net> wrote:
MAC agents, I do not know what you are referring to with this.Meant to be "MAC FDE" == FDE for PowerBook, MacBook Pro's, ect...
That's hilarious. That is NOT at all anything that I had considered. I was thinking more along the lines of MAC address, networking, somehow something is being verified that the laptop is encrypted or it was not allowed on the network or something of the sort... ;p
Data-in-Motion - are you talking about data after it has physically left your hard drive. Ie. e-mail, thumbdrives, network traffic, etc...Exactly! Now encryption can be managed centrally or remotely and can ensure cryptographically based chain of custody, from the sectors on the drive, through the Network and then on to the destination system or even to the field level in databases that might live on the destination systems as well. Everything is encrypted at the object level, so you can literally have a single word document that allows for three different viewers to see different levels of redacted documents or the like (there are many other cool things that their solution does, but this is one technique...)
That is pretty nifty. That type of functionality I didn't even think was possible. I will be checking into this for sure. <snip>
More setup time and effort is a small price to pay when you have a more efficient and properly configured solution deployed. It is well worth the time, IMO.Agreed, but sometimes you want to know that the solution is going to take a bit of effort to properly plan and deploy, so that you don't assume it will be less effort and wind up over budget or red in the face due to over-committing to the folks around you. (So it was my way of putting a small disclaimer and friendly heads up, so that you know that along with more power comes more responsibility ;-))
I hear you there. I have found through my excessive blunders in the computing world that have turned me into the find Computer Nerd that I am today (If you could only "hear" my sarcasm... ;p) that it's best to plan on the worst. That way, if things actually go as desired and not as they "do", then you can take that extra time and run out for a beer or two.
I will have to check into this TECSEC. My curiosity is piqued. Thank you for the tip.Ask to talk to Jay Wack and tell him that Bob Beringer sent you, he is a busy man but he is the right guy to talk to...I hope that this information helps :-)
It sounds like it will. Funny, I didn't get involved in this thread, looking for a new vendor. But I'll have to check into the TECSEC. It'll be a while, as I'm swamped right now, but I will post my results some time in the future. From the sounds of it, it sounds like we may have an alternative to our current solution. <snip> -- Rob
Current thread:
- Re: Full Disk Laptop Encryption, (continued)
- Re: Full Disk Laptop Encryption gjgowey (Sep 27)
- Re: Full Disk Laptop Encryption Rob Thompson (Sep 27)
- RE: Full Disk Laptop Encryption Bob Beringer (Sep 27)
- Re: Full Disk Laptop Encryption gjgowey (Sep 27)
- Re: Full Disk Laptop Encryption Rob Thompson (Sep 27)
- RE: Full Disk Laptop Encryption Bob Beringer (Sep 27)
- Message not available
- Re: Full Disk Laptop Encryption Rob Thompson (Sep 27)
- RE: Full Disk Laptop Encryption Bob Beringer (Sep 27)
- Message not available
- Re: Full Disk Laptop Encryption Rob Thompson (Sep 27)
- RE: Full Disk Laptop Encryption Bob Beringer (Sep 28)
- Re: Full Disk Laptop Encryption gjgowey (Sep 28)
- Full Disk Encryption, Digital Signatures and enterprise Data Analysis and Transactional Auditing (eDATA) Bob Beringer (Sep 28)
- Re: Full Disk Encryption, Digital Signatures and enterprise Data Analysis and Transactional Auditing (eDATA) gjgowey (Sep 28)
- RE: Full Disk Encryption, Digital Signatures and enterprise Data Analysis and Transactional Auditing (eDATA) Bob Beringer (Sep 28)
- Re: Full Disk Encryption, Digital Signatures and enterprise Data Analysis and Transactional Auditing (eDATA) gjgowey (Sep 28)
- RE: Full Disk Encryption, Digital Signatures and enterprise Data Analysis and Transactional Auditing (eDATA) Bob Beringer (Sep 28)
- Message not available
- Re: Full Disk Laptop Encryption Rob Thompson (Sep 28)
- Re: Full Disk Laptop Encryption gjgowey (Sep 28)
- RE: Full Disk Laptop Encryption Bob Beringer (Sep 28)