Fw: The VA Stolen Laptop - Lessons Learned

I just came across a client using FDE from vendor BeCrypt. It seems to be extremely stable, and uses a usb dongle for authentication. We tested this system on behalf of a client and couldn't fault it. (Not surprising really as it's a UK HMG CESG CAPS approved product.)

Rgds,
Bhrug


----- Original Message ----
From: Saqib Ali
To: intel96
Cc: Clement Dupuis ; security-basics@xxxxxxxxxxxxxxxxx
Sent: Thursday, 21 September, 2006 7:11:37 PM
Subject: Re: The VA Stolen Laptop - Lessons Learned

Hello,

If you don't mind can I have the name of the company?

There are other vendors that produce such solutions in form of a IDE
card which is not suitable for a notebook drive.

ce-infosys has a PCMCIA card that performs Full Disc Encryption and be
used in a notebook:
http://www.ce-infosys.com.sg/CeiProducts_CryptCard.asp


On 9/20/06, intel96 wrote:
I just meet with a company in Washington, DC with a company from Canada
that has developed a hardware-based encryption module for computer
systems. They are a start-up but have hooks into some of the laptop
manufactures, which plan to offer the device to customers as a option.
I have not tested the equipment,, but plan too soon. The device uses
AES-256 or 3-DES. It also creates a mirror of the drive, which can be
used for failover operations. There is even a self-destruction piece
being added.

Saqib Ali wrote:
Clement,

I just checked the True Crypt's website and it says that it only
supports partition but NOT the whole disc encryption. With whole disc
encryption everything including the OS is encrypted regardless of the
partition layout.



On 9/20/06, Clement Dupuis wrote:
Wikipedia unfortunately is not always up to date

Truecrypt will do full disks and even allow you to have an encrypted disk
without any partitions on it.

Take care

Clement


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Saqib Ali
Sent: Wednesday, September 20, 2006 12:35 AM
To: security
Cc: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: The VA Stolen Laptop - Lessons Learned

Caution: TrueCrypt is NOT a Full Disc Encryption (FDE) utility. I can
encrypt partitions but not the whole Disc. See:
http://en.wikipedia.org/wiki/FDE

On 9/18/06, security wrote:
TrueCrypt (http://www.truecrypt.org/) is the one I recommend to
clients. Its Open-Source and supports Linux and Windows.

-em
>



On Sep 17, 2006, at 10:27 PM, MandommGmail wrote:

There are many free whole disk encryption softwares that are
around. Please google for CompuSec. I am personally using it. It is
free for commercial and personal usage.

I believe its just right for my usage.

Alex
----- Original Message ----- From: "George Toft"

To:
Sent: Saturday, September 16, 2006 1:42 AM
Subject: Re: The VA Stolen Laptop - Lessons Learned


There are many whole-disk encryption products that make this a
trivial exercise. Even at $100-150 per seat, the price is cheaper
>> than a lawsuit and bad publicity.

George Toft, CISSP, MSIS
My IT Department
www.myITaz.com
480-544-1067

Confidential data protection experts for the financial industry.


evb wrote:
:1. Encrypt all data on mobile computers/devices which
carry :agency data unless the data is determined to be non-
sensitive, :in writing, by your Deputy Secretary or an individual
he/she :may designate in writing : And does "data" include
operating system files, log files, cab files,
drivers, etc., or does it only include eg xls, doc, pdf and wpd
> >>> files, etc.?
How has Bush defined "data"? Thx,

Eric
--------------------------------------------------------------------




---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Relevant Pages

  • Re: The VA Stolen Laptop - Lessons Learned
    ... supports partition but NOT the whole disc encryption. ... TrueCrypt is NOT a Full Disc Encryption utility. ... >>> The NSA has designated Norwich University a center of Academic ... >>> Excellence in Information Security. ...
    (Security-Basics)
  • Re: Whole disk encryption
    ... file level encryption and full disc encryption are two different ... Full Disc Encryption are complicated solutions, ... Microsoft EFS and TrueCrypt are file/directory level encryption. ... can be used to unlock the TPM, to improve the security of the system. ...
    (Focus-Microsoft)
  • Re: Protecting the Operating System
    ... There are a dozen or so full/whole disc encryption solutions available ... with pre-boot authentication option. ... authentication and has a builting credential manager. ... Also check out the Wikipedia article about Full Disc Encryption: ...
    (alt.computer.security)
  • Re: Protecting the Operating System
    ... There are a dozen or so full/whole disc encryption solutions available ... with pre-boot authentication option. ... authentication and has a builting credential manager. ... Also check out the Wikipedia article about Full Disc Encryption: ...
    (comp.security.misc)
  • Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for
    ... Didn't congress give everyone a "get out of jail free card", ... can demonstrate the harddrive on a stolen laptop was encrypted? ... I think a power-on password and full disk encryption ...
    (Security-Basics)