Re: Need a Full Drive Encryption program

From: Ian Kelly (E2chameleon@btopenworld.com)
Date: 06/02/02


From: "Ian Kelly" <E2chameleon@btopenworld.com>
To: <brian.trotter@scottishre.com>
Date: Sun, 2 Jun 2002 03:37:43 +0100

Have a look at SafeBoot from Control Break (http://www.safeboot.com). They
have products that can do either pre-boot authentication with full disk
encryption or just folder encryption (they recently released V Disk that
creates virtual encrypted disks). Tokens are optional and when I last looked
it had quite a good key recovery mechanism. I don't believe that there is a
sales threshold for the product. I've spoken to Control Break and a reseller
about the products at various times and I don't remember minimum orders
being mentioned being mentioned.

Ian.

----- Original Message -----
From: "Samuel Hillaire" <samhillaire@yahoo.com>
To: <security-basics@securityfocus.com>
Sent: Friday, May 31, 2002 8:32 PM
Subject: Re: Need a Full Drive Encryption program

> An alternative suggestion to the hard drive encryption, would be to look
at IBM laptops. On
> previous models like the 7xx series of laptops (I haven't looked
recently), there was an option
> for a hard drive password. Using a little known portion of the ATA (hard
drive) specification,
> the hard drive required a password on initial powerup (computer booting).
This password protected
> the drive from theft, since every time power was applied to the hard
drive, the BIOS queried for
> the hard drive password. The only way to defeat this mechanism is to send
the laptop back to IBM.
>
> I knew several executives who swore by this, and would only carry IBM
laptops.
>
> Sam Hillaire
> MCSE, MCDBA
> samhillaire@yahoo.com
>
> --- "Trotter, Brian" <brian.trotter@scottishre.com> wrote:
> > The President of my company has tasked me with finding some way to keep
the
> > data on his and the other executives laptop safe if it is ever stolen.
> > I looked over hardware tokens and all kinds of security gizmos, but
these
> > guys travel so much that if they leave their tokens at the office when
they
> > go on the road, they cannot access their data. I figured that using a
Full
> > Disk Encryption program was the easiest solution. Make them choose a
super
> > hard password, and we will keep track of the passwords in the IT
department.
> >
> > I have looked at a couple different products such as "Encryption Plus
Hard
> > Disk" from PCGuardian, and another I cant remember the name for.
However,
> > they require you to purchase minimum quantities before they will even
talk
> > to you about it. PCGuardian requires a minimum of 50 units to be
purchased.
> > The other required 100.
> >
> > Can someone recommend a product that will provide pre-boot
authentication to
> > the laptop? It will have to render the laptop useless unless the
password is
> > provided. I don't like the encrypted volume software that will encrypt
> > select folders and such. I would like something that without the right
> > password, the laptop wont even boot.
> >
> > Thanks for any help you can give.
> >
> > Brian T.
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! - Official partner of 2002 FIFA World Cup
> http://fifaworldcup.yahoo.com



Relevant Pages

  • Attack Scenarios against PGPs Whole Disk Encryption (WDE)
    ... Attack Scenarios against PGP's Whole Disk Encryption ... PGP's Whole Disk Encryption for Microsoft Windows encrypts all the ... As long as standard PC hardware and BIOS is used, the boot code of the disk ...
    (comp.security.pgp.tech)
  • Re: Disc encryptian.
    ... Encryption is not going to protect you when the system is ... Except that many laptop users suspend or hibernate their machines ... the disk is protected; ...
    (Debian-User)
  • RE: [Full-Disclosure] harddisk encryption
    ... If the encryptor encrypts your boot disk, it has to be involved early in the ... boot process and may be broken by anything that changes the system boot sequence. ... normally when the encryption keys had been entered. ... registry controls that allow the swap file to be wiped on shutdown. ...
    (Full-Disclosure)
  • Re: Whole disk encryption
    ... We're in the middle of a safeboot deployment that went through PoC ... For anyone unsure about file/directory encryption versus full-disk: ... Take your laptop with all the normal junk you can expect to have open ... It won't be long before you're ready to go full disk, ...
    (Focus-Microsoft)
  • RE: [Full-Disclosure] harddisk encryption
    ... > boot process and may be broken by anything that changes the system boot ... In the event of disk crash or emergency, unless a tool is provided to ... > i'm evaluating a software that performs harddisk encryption for deploying ...
    (Full-Disclosure)