RE: Whole disk encryption



I agree with Erik.

In the Windows 2003 Server/XP Pro SP2 environment encrypting the users "My
Documents" is quite efficient. Getting the Recovery Agent Data Encryption
key is easy once you've got all the steps down. Microsoft offers several
good TechNet articles on how to set it up.

John

-----Original Message-----
From: Erik Anderson [mailto:eanders@xxxxxxxxx]
Sent: Thursday, August 24, 2006 11:07 AM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: RE: Whole disk encryption

-----Original Message-----
From: Sarah [mailto:sfelske@xxxxxxxx]
Sent: Thursday, August 24, 2006 11:48 AM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Whole disk encryption



What is the consensus of the group on the use of whole disk encryption in
an enterprise environment?

Why? You only need to protect the data not the whole OS. It causes too many
problems. I don't recommend creating a headache for yourself when you only
need to protect some data.

I recommend creating an encrypted partition and mounting an encrypted file
system on that partition.

In addition there are plenty of 3rd party software packages out there that
have encrypted filter drivers or will allow you to create an encrypted
virtual disk. You use that disk just as any secondary disk. The encryption
becomes transparent to you.

Make sure to backup the keys somewhere or you will permanently loose
everything if something happens to the key.

Erik Anderson


---------------------------------------------------------------------------
---------------------------------------------------------------------------



---------------------------------------------------------------------------
---------------------------------------------------------------------------



Relevant Pages

  • RE: Whole disk encryption
    ... Subject: Whole disk encryption ... HR stations, Accountant pc's, CxO laptops, etc. ... IF you want security, do full disk. ...
    (Focus-Microsoft)
  • Re: Laptop - Full Disk Encryption? (Booting defeats FDE)
    ... The OSs vulnerabilities are still vulnerable, the disk encryption does not help in that regard. ... Just dismount the volume and capture is moot to the guest, ...
    (Security-Basics)
  • RE: Whole disk encryption
    ... completely sold on the whole-disk encryption idea, ... Subject: Whole disk encryption ... IF you want security, do full disk. ...
    (Focus-Microsoft)
  • Re: The ugly side of using disk encryption
    ... The Full/Whole disk encryption solutions certainly add major overhead. ... Norwich University ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ...
    (Security-Basics)
  • Friday Futures
    ... PGP To Offer Whole Disk OS X Encryption ... its whole disk encryption software for OS X in the near future. ... multimedia support for a 5 megapixal camera ...
    (comp.sys.mac.misc)