Re: Protecting the Operating System

Ricardo,

There are a dozen or so full/whole disc encryption solutions available
with pre-boot authentication option. See the URL below for list:

http://www.full-disc-encryption.com/Full_Disc_Encryption.html

I use CompuSec. It is free and has support for Linux. It has pre-boot
authentication and has a builting credential manager. One thing that is
missing support for Trusted Platform Module (TPM). TPM can make the key
recovery possible and simplify single sign on.

You might also want to take a look at hardware based Full Disc
Encryption. There are few vendors that provide that. The above URL
lists a few. Hardware based FDE works regardless of the OS you are
using.

If you are using a notebook Ce-Infosys has PCMCIA card or Seagate
Technology will soon have FDE HDD for notebooks:
http://www.seagate.com/docs/pdf/marketing/po_momentus_5400_fde_bb.pdf

Also check out the Wikipedia article about Full Disc Encryption:
http://en.wikipedia.org/wiki/FDE
It talks about "Full disk encryption vs. file or directory encryption"

P.S. If you have any feedback about DriveCrypt, please do send it to
me. I am looking to buy that product as well.


Ricardo wrote:
Hello,
I have just come to the conclusion that the only way to protect the machine
with free physical access to anauthorized personnel is... to encrypt it.
Unfortunately it seems that this can be done only the lonely by DriveCrypt
software which costs a lot. It's wonderful stuff indeed allowing to encrypt
the drive with authentication feature at the pre-boot level! The encryption
seems excellent AES-256 algotithm. It's only drawback (except for the price)
is that it doesn't see Linux partitions (not to mention that it doesn't run
on Linux)which makes them liable to potential attack. It looks like for now
only Windows operationg system may be securely locked unless you run Linux
as a VMware guest system on the DriveCrypted Windows host. I wonder what are
your experiences with respect to securing the stand alone box with
uncontrolled physical access, like at the University (my case).
P.S. Have just noticed free stuff called CompuSec PC Security Suite which
seems both Windows and Linux compatible though as compared to DriveCrypt it
uses weaker encrypting algorithm AES-128 and looks like is much slower. I
cannot wait to hear your comments.
Kindest regards,
--
Ricardo

.

Relevant Pages

  • Re: Encryption and authentication
    ... have encryption without authentication? ... it seems that encryption couldn't exist without authentication. ... and example is asymmetric key cryptography technology. ... http://www.garlic.com/~lynn/aadsm24.htm#7 Naked Payments IV - let's all go naked ...
    (comp.security.firewalls)
  • Re: Signatures and encryption headers
    ... breached when an attacker can modify the message received? ... But I see how the lack of authentication can cause the receiver to act ... not for the iv or other encryption ... A create a payload, S signs it with public key crypto (most likely ...
    (sci.crypt)
  • Re: Ciphers and their effect on the size of data
    ... We have a security-sensitive client that is wants common authentication between a J2EE environment and a "fat windows client". ... we'll also be facing 4/3 expansion of the payload after encryption. ... This password field will include a digital signature, or the digital signature will be in another XML element in that document. ...
    (sci.crypt)
  • Re: Ciphers and their effect on the size of data
    ... The user goes to the J2EE server, ... and submit them to the UNIX-hosted service for authentication. ... authenticate to the J2EE environment first, ... facing 4/3 expansion of the payload after encryption (for base64 ...
    (sci.crypt)
  • Efficient message authentication?
    ... Is the following message authentication algorithm known? ... One would like to combine encryption and authentication, ... faces impractically difficult patent negotiations for ...
    (sci.crypt)