Educause Security Discussion mailing list archives

Re: Laptop encryption

From: Gary Flynn <flynngn () JMU EDU>
Date: Fri, 5 Oct 2007 11:56:40 -0400

David Seidl wrote:

Seagate did a lunch and learn on these at the SANS Network Security
conference - I'd like to get a chance to look at one myself. Here's what
I have in my notes from their presentation:

There are a few caveats right now:

1) The drives are 5400 RPM older generation drives only - they noted
that they were adding encryption to existing platforms rather than
cutting edge devices - thus the lower rotational speed and the 1.5 Gbps
SATA rather than 3.0 Gbps SATA interface.


I wonder how much of a difference this makes for typical
laptop use.

2) They are not FIPS certified (as a device)

3) Only 2.5" drives are currently available, so this isn't a viable
desktop solution yet.


This will apparantly change soon:
"The first 1TB desktop PC hard drive with hardware based
 full-disc encryption (FDE)"
http://www.seagate.com/ww/v/index.jsp?locale=en-US&name=seagate-extends-the-industrys-broadest-line-of-storage-solutions&vgnextoid=96b10fe4e2a94110VgnVCM100000f5ee0a0aRCRD



Another caveat on this type of protection is that the computer must
be fully shut down to be fully protected. A hibernating computer is
not as well protected. I think a lot of solutions have this caveat
though.

There are currently two third parties who provide management interfaces
for the drive encryption. If you scale to any great degree, you'll want
to purchase the management software in addition to the drives. Seagate
claimed that the cost with management software was still lower than full
drive encryption and management software that is currently available.


I'd check those price claims. ;)

Dell is shipping the Wave Technologies standalone management product on
laptops with the drive that provides for setup and administration of the
TPM and drive. Wave also offers an enterprise management product. We've
got a laptop on order to see what capabilities there are with the
standalone Wave product and what potential there is for management
through the WMI interface to the TPM.

I believe Hitachi and possibly Fujitsu also offer encrypted drives.






--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security

Current thread:

Laptop encryption Dennis Tracz (Oct 04)
- <Possible follow-ups>
- Re: Laptop encryption Greg Vickers (Oct 04)
- Re: Laptop encryption Gary Flynn (Oct 05)
- Re: Laptop encryption Harold Winshel (Oct 05)
- Re: Laptop encryption Matthew Gracie (Oct 05)
- Re: Laptop encryption O'Callaghan, Daniel (Oct 05)
- Re: Laptop encryption David Taylor (Oct 05)
- Re: Laptop encryption David Seidl (Oct 05)
- Re: Laptop encryption Gary Flynn (Oct 05)
- Re: Laptop encryption Jim Dillon (Oct 05)
- Re: Laptop encryption David Taylor (Oct 05)
- Re: Laptop encryption Sarah Stevens (Oct 05)
- Re: Laptop encryption Paul Keser (Oct 05)
- Re: Laptop encryption Curt Wilson (Oct 05)
- Re: Laptop encryption Dennis Tracz (Oct 05)
- Re: Laptop encryption Dennis Tracz (Oct 05)
- Re: Laptop encryption Jeff Holden (Oct 05)
- Re: Laptop encryption Bob Ono (Oct 05)
- Re: Laptop encryption Harold Winshel (Oct 05)

(Thread continues...)