Re: Why not encrypt the whole Hard Drives?
- From: "Saqib Ali" <docbook.xml@xxxxxxxxx>
- Date: Fri, 3 Nov 2006 15:38:37 -0800
OK, the review of the 7 Full Disk Encryption is now complete. The
results are at:
http://www.xml-dev.com/blog/index.php?action=viewtopic&id=250
I did an analysis of various FDE solutions to find the best one for my
needs. The key thing I was interested was that it must be AES 256,
reasonably fast, inexpensive, and offer key recovery in case of
password loss.
Compusec is great for home / personal use. It is cheap i.e. $0.00
(Free), and does not slow down the computer as much as the other
products. But that is because it only support 128 bit AES, which is a
major drawback as most enterprise settings require at least 256 bit
AES. Compusec also has a great online support forum where you can get
your questions answered by Compusec employees and other experienced
users.
I ended up purchasing both Utimaco and Pointsec. They are excellent
products. They both support AES 256. The downside is that they are
little bit expensive (Pointsec:$170 ; Utimaco:$200) and slow.
The best thing is they both offer great password / encryption key
recovery capabilities. You can create a recovery disk with both
products.
They also offer password recovery using Challenge / Response sequence,
where the IT Helpdesk can perform a Challenge/Response sequence with
the user to help them recover the password or reset it to a new one.
Off course Challenge/Response password recovery is the NOT most
secure, especially if the user is remote, but you have the option to
disable it on the laptop if you want.
..
saqib
http://www.full-disk-encryption.net
On 11/1/06, Jason Muskat, GCFA, GCUX, de VE3TSJ <Jason@xxxxxxxxxxx> wrote:
Hello,
We deployed FDE on every laptop (about 150) in the organization I work for
including my own. The FDE software installs itself on every drive wished
including the boot drive "c:" and requires the use of a pre-boot-loader
before Windows is loaded.
I found no discernible speed difference. The pre-boot-loader is very
transparent to Windows.
The only issues I have come across is one HDD became corrupted. Windows
Automated Recovery would have easily fixed this issue. Due to an Admin
oversight an Admin Key, which allows one to boot a CD from the FDE
boot-loader, was missing. At that point the drive became very difficult to
recover. So much, it was low-level formatted and backups were restored to a
new drive.
Key Management is easy but very procedure driven. If parts of the procedure
are skipped issues such as a simple disk recovery become very difficult.
Regards,
--
Jason Muskat | GCFA, GCUX - de VE3TSJ
____________________________
TechDude
e. Jason@xxxxxxxxxxx
m. 416 .414 .9934
http://TechDude.Ca/
> From: Saqib Ali <docbook.xml@xxxxxxxxx>
> Date: Thu, 12 Oct 2006 15:00:28 -0700
> To: security-basics <security-basics@xxxxxxxxxxxxxxxxx>
> Subject: Why not encrypt the whole Hard Drives?
> Resent-From: <security-basics-return-41391@xxxxxxxxxxxxxxxxx>
> Resent-Date: Fri, 13 Oct 2006 12:51:58 -0600 (MDT)
>
> Security Breaches Data reveals that most of the data leaks were caused
> due to stolen laptops, which can be easily mitigated by using full
> disk encryption on the laptop. So why not encrypt the whole drive?
> Cost and performance impact are the usual arguments. Tests show that
> access time increases by 56%-85% after encryption. And the cost of FDE
> software usually ranges from $0-$300 depending on how good of a
> software and support you wanna get. So is it worth it?
>
> Data from tests (performance impact) of the FDE products:
> http://www.xml-dev.com/blog/index.php?action=viewtopic&id=250
>
> --
> Saqib Ali, CISSP, ISSAP
> http://www.full-disk-encryption.net
>
> ---------------------------------------------------------------------------
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic Excellence
> in Information Security. Our program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting experience.
> Using interactive e-Learning technology, you can earn this esteemed degree,
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------
>
--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- References:
- Re: Why not encrypt the whole Hard Drives?
- From: Jason Muskat, GCFA, GCUX, de VE3TSJ
- Re: Why not encrypt the whole Hard Drives?
- Prev by Date: Re: Norwich MSIA
- Next by Date: Call For Papers Mailing List
- Previous by thread: Re: Why not encrypt the whole Hard Drives?
- Next by thread: Re: Why not encrypt the whole Hard Drives?
- Index(es):
Relevant Pages
|
