Re: Why not encrypt the whole Hard Drives?
- From: "Jason Muskat, GCFA, GCUX, de VE3TSJ" <Jason@xxxxxxxxxxx>
- Date: Thu, 02 Nov 2006 01:43:02 -0500
Hello,
We deployed FDE on every laptop (about 150) in the organization I work for
including my own. The FDE software installs itself on every drive wished
including the boot drive "c:" and requires the use of a pre-boot-loader
before Windows is loaded.
I found no discernible speed difference. The pre-boot-loader is very
transparent to Windows.
The only issues I have come across is one HDD became corrupted. Windows
Automated Recovery would have easily fixed this issue. Due to an Admin
oversight an Admin Key, which allows one to boot a CD from the FDE
boot-loader, was missing. At that point the drive became very difficult to
recover. So much, it was low-level formatted and backups were restored to a
new drive.
Key Management is easy but very procedure driven. If parts of the procedure
are skipped issues such as a simple disk recovery become very difficult.
Regards,
--
Jason Muskat | GCFA, GCUX - de VE3TSJ
____________________________
TechDude
e. Jason@xxxxxxxxxxx
m. 416 .414 .9934
http://TechDude.Ca/
From: Saqib Ali <docbook.xml@xxxxxxxxx>
Date: Thu, 12 Oct 2006 15:00:28 -0700
To: security-basics <security-basics@xxxxxxxxxxxxxxxxx>
Subject: Why not encrypt the whole Hard Drives?
Resent-From: <security-basics-return-41391@xxxxxxxxxxxxxxxxx>
Resent-Date: Fri, 13 Oct 2006 12:51:58 -0600 (MDT)
Security Breaches Data reveals that most of the data leaks were caused
due to stolen laptops, which can be easily mitigated by using full
disk encryption on the laptop. So why not encrypt the whole drive?
Cost and performance impact are the usual arguments. Tests show that
access time increases by 56%-85% after encryption. And the cost of FDE
software usually ranges from $0-$300 depending on how good of a
software and support you wanna get. So is it worth it?
Data from tests (performance impact) of the FDE products:
http://www.xml-dev.com/blog/index.php?action=viewtopic&id=250
--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- Follow-Ups:
- Re: Why not encrypt the whole Hard Drives?
- From: Saqib Ali
- Re: Why not encrypt the whole Hard Drives?
- Prev by Date: Re: Norwich MSIA
- Next by Date: Re: Vulnerability Assessment of a EAL 4 system
- Previous by thread: Re: Re: Re: router access control list
- Next by thread: Re: Why not encrypt the whole Hard Drives?
- Index(es):
Relevant Pages
|
