RE: Laptop Encryption & Write Permissions



As to scenario #1, if you are trying to run remote management software
or do a forensic investigation on a machine that is powered down you
have other, more serious problems that have nothing to do with
technology.

As to scenario #2 I've been using ce-infosys which another hard drive
encryptor with network management capabilities similar to bitlocker.
Once a system has been authenticated and it is up and running, the
crypto software runs at a very low level and other than taking a few
cycles longer to serve up data, your admin software should do just fine.
I tested specifically for this by running software both resident on the
laptop and software remotely managing the laptop. I was even able to
connect to a drive on the laptop across the LAN from a machine that did
not use hard drive encryption and every thing worked quite well. I
believe this is because the crypto software is intercepting all disk
requests and doing its thing without interrupting service.

The crypto software is there mainly to protect data at rest and make the
data completely available the rest of the time once it has authenticated
a user.

-----Original Message-----
From: Ken S [mailto:ken.securitylist@xxxxxxxxx]
Sent: Tuesday, May 02, 2006 2:38 PM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Re: Laptop Encryption & Write Permissions

How will bitlocker (or other full drive encryption products) impact
forensics investigations AND normal administrative functions for
machines that are 1) powered down and for those that are 2) on-line?

Specifially, the main benefit I see for bitlocker is the confidence
you would have when a laptop is lost or stolen. If the entire drive
is encrypted, the chances of data compromise should be very low. This
would solve a lot of heartburn.... Plus, I understand the admin
capabilities of bitlocker will allow admins to access drives in the
event a password is forgotten, or forensics needs to be done.

However, what impact will the encryption have on tools commonly used
by network admins today? I assume if the machine is on it's "home"
network, that admins will be still be able to use tools like BindView
(which authenticates to machines to pull information), pstools, etc.,
etc. as usual. But are there other tools that the encryption would
negatively impact?

Thanks in advance for your input.

Ken

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
---------------------------------------------------------------------------