Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Whole disk encryption

from [Sarah] Network Security [Permanent Link]
Subject: Re: Whole disk encryption
Date: Fri, 25 Aug 2006 09:05:01 -0400 
Thanks everyone for your responses!

I agree with the virtual partition instead of whole-disk. It is my understanding that in the virtual partition, the files will remain encrypted until you open them, thus also protecting them from the network. Whole-disk will decrypt everything after you enter the password on boot-up.

Sarah


At 10:35 PM 8/24/2006, you wrote: 
Hi Sarah,
hi group,

as a security auditor and consultant I normally suggest
(1) to implement as many security as available, but no more security than really needed.
The need should follow an individual risk classification to all IT assets / data of a company.

It doesn't make sense to encrypt a folder/partition with none critical data on it.
But it really makes sense to encrypt folders/partitions of sensitive data (e.g. internal strategics/business plans, internal financial statements, company secrets, ...).

Everytime you encrypt / decrypt a file, folder or partition you will have
- file access to the harddisk,
- processor load,
- memory access
- ...
This influences the performance of each system. On some systems more significant than on others.

So on company wide file servers, an encrypted partition should exist, there people have to store their classified files aligned to their given rights and according the company security policy / risk classification.
On mobile devices people should have an encrypted directory or partition, which is access-protected by password or comparable methods and can be mounted (dismounted), when needed (not needed) and there they have to store their classified files according the company security policy / risk classification.

This strategy follows the given suggestion (1).

Ok. When influenced by real great paranoia, a company also can create a policy, that all HDD need to be encryted. But this is part of the same category, like prohibiting the connection of any hardware to any network. ;-)

Cheers,
Dietrich

>Sarah wrote:
>
>What is the consensus of the group on the use of whole disk encryption in an enterprise environment? >------------------------------------------------------------ ---------------
>---------------------------------------------------------------------------

Sarah Felske
Server Administrator
Information Technology Service
Bowling Green State University 


---------------------------------------------------------------------------
---------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Whole disk encryption, Maloney, Michael
Next by Date:  RE: Whole disk encryption, Brad Judy
Previous by Thread:  Re: Whole disk encryption, Dietrich Heusel
Next by Thread:  Re: Whole disk encryption, Saqib Ali
Indexes:  [Date] [Thread] [Top] [All Lists]