RE: Laptop Encryption & Write Permissions



As to scenario #1, if you are trying to run remote management software
or do a forensic investigation on a machine that is powered down you
have other, more serious problems that have nothing to do with
technology.

As to scenario #2 I've been using ce-infosys which another hard drive
encryptor with network management capabilities similar to bitlocker.
Once a system has been authenticated and it is up and running, the
crypto software runs at a very low level and other than taking a few
cycles longer to serve up data, your admin software should do just fine.
I tested specifically for this by running software both resident on the
laptop and software remotely managing the laptop. I was even able to
connect to a drive on the laptop across the LAN from a machine that did
not use hard drive encryption and every thing worked quite well. I
believe this is because the crypto software is intercepting all disk
requests and doing its thing without interrupting service.

The crypto software is there mainly to protect data at rest and make the
data completely available the rest of the time once it has authenticated
a user.

-----Original Message-----
From: Ken S [mailto:ken.securitylist@xxxxxxxxx]
Sent: Tuesday, May 02, 2006 2:38 PM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Re: Laptop Encryption & Write Permissions

How will bitlocker (or other full drive encryption products) impact
forensics investigations AND normal administrative functions for
machines that are 1) powered down and for those that are 2) on-line?

Specifially, the main benefit I see for bitlocker is the confidence
you would have when a laptop is lost or stolen. If the entire drive
is encrypted, the chances of data compromise should be very low. This
would solve a lot of heartburn.... Plus, I understand the admin
capabilities of bitlocker will allow admins to access drives in the
event a password is forgotten, or forensics needs to be done.

However, what impact will the encryption have on tools commonly used
by network admins today? I assume if the machine is on it's "home"
network, that admins will be still be able to use tools like BindView
(which authenticates to machines to pull information), pstools, etc.,
etc. as usual. But are there other tools that the encryption would
negatively impact?

Thanks in advance for your input.

Ken

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
---------------------------------------------------------------------------



Relevant Pages

  • Can you keep a secret? New encrypted device can
    ... San Francisco -- Lost a laptop loaded with sensitive files? ... Seagate Technology is poised to deliver the world's first laptop hard disk ... drive with built-in encryption, or data-scrambling, capabilities. ... Industry analysts said the new drives, which are scheduled to hit the market ...
    (soc.retirement)
  • Re: Disc encryptian.
    ... Encryption is not going to protect you when the system is ... Servers and drives ... Except that many laptop users suspend or hibernate their machines ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • Encryption effecting drive reliability
    ... While working with an enterprise worth of mixed desktop and laptop ... since having the encryption installed. ... with SATA drives, are not coming back to the service center nearly as ...
    (comp.sys.ibm.pc.hardware.storage)
  • Re: Encryption effecting drive reliability
    ... it seems the laptop have a higher rate of "issues" ... since having the encryption installed. ... The desktop computers, many ... with SATA drives, are not coming back to the service center nearly as ...
    (comp.sys.ibm.pc.hardware.storage)
  • Re: external drive help
    ... | problem around with all the thumb drives and external drives available ... You can use encryption ... |>There is no absolute security method, ... If you photocopy a paper docuement then take it ...
    (comp.security.misc)