Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Whole disk encryption

from [Maloney, Michael] Network Security [Permanent Link]
Subject: RE: Whole disk encryption
Date: Fri, 25 Aug 2006 08:37:30 -0400 
When we were researching encryption for our laptops, we initially looked
at folder/partition style encryption, but settled on whole disk
encryption for a couple of reasons.  

Large part of it is our environment.  We house all documents stored in
My Documents on our servers, and use folder redirection with caching so
that the users can have access to their documents while off campus. So
for us, saving documents to a encrypted folder and then copying them to
a unencrypted folder so they could use it at their desktop just wouldn't
work.

Another reason we shied away from it is not all sensitive data is stored
in a single location.  Auto-save's from programs write temp files all
over the drive which can be extracted later on.  Saved passwords in
browsers for accessing applications (whether it's internal or external)
also are a problem.  Using Outlook 2003 in cached mode?  Now you have a
OST file to worry about.  Moving the uses profile directories to the
encrypted partition is an option yes, but now you have a administration
nightmare to contend with.  

For our environment, we found it's much easier for end users and
ourselves to have whole disk encryption.  

Mike
-----Original Message-----
From: Erik Anderson [mailto:eanders@pobox.com] 
Sent: Thursday, August 24, 2006 2:07 PM
To: focus-ms@securityfocus.com
Subject: RE: Whole disk encryption


-----Original Message-----
From: Sarah [mailto:sfelske@bgsu.edu]
Sent: Thursday, August 24, 2006 11:48 AM
To: focus-ms@securityfocus.com
Subject: Whole disk encryption



What is the consensus of the group on the use of whole disk encryption

in

an enterprise environment?


Why? You only need to protect the data not the whole OS.  It causes too
many
problems.  I don't recommend creating a headache for yourself when you
only
need to protect some data.

I recommend creating an encrypted partition and mounting an encrypted
file
system on that partition.

In addition there are plenty of 3rd party software packages out there
that
have encrypted filter drivers or will allow you to create an encrypted
virtual disk.  You use that disk just as any secondary disk.  The
encryption
becomes transparent to you.

Make sure to backup the keys somewhere or you will permanently loose
everything if something happens to the key.

Erik Anderson


------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  IP address assignment problem, Davy Davidson
Next by Date:  Re: Whole disk encryption, Sarah
Previous by Thread:  Re: Whole disk encryption, Nathaniel Hall
Next by Thread:  RE: Whole disk encryption, Brad Judy
Indexes:  [Date] [Thread] [Top] [All Lists]