Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Whole disk encryption

from [Mason, Samuel] Network Security [Permanent Link]
Subject: RE: Whole disk encryption
Date: Fri, 25 Aug 2006 10:03:10 -0600 



-----Original Message-----
From: Erik Anderson [mailto:eanders@pobox.com] 
Sent: Thursday, August 24, 2006 12:07 PM
To: focus-ms@securityfocus.com
Subject: RE: Whole disk encryption


-----Original Message-----
From: Sarah [mailto:sfelske@bgsu.edu]
Sent: Thursday, August 24, 2006 11:48 AM
To: focus-ms@securityfocus.com
Subject: Whole disk encryption



What is the consensus of the group on the use of whole disk encryption

in

an enterprise environment?



Why? You only need to protect the data not the whole OS.  It causes too
many problems.  I don't recommend creating a headache for yourself when

you >only need to protect some data.


I recommend creating an encrypted partition and mounting an encrypted

file

system on that partition.



In addition there are plenty of 3rd party software packages out there

that

have encrypted filter drivers or will allow you to create an encrypted
virtual disk.  You use that disk just as any secondary disk.  The
encryption becomes transparent to you.



The problem comes when data that would be encrypted in a folder or
partition is opened and used in OS swap space or other temporary
containers. You can't tell how long that data, now decrypted, will
remain accessible. I'll let you all decide how simple or hard it would
be to access this data. I know I've been surprised how much you can pull
back with forensic tools.

Each system (full-disk and file/folder-level) have their bonuses and
drawbacks but if people are truly concerned about encrypting their data
they should consider full-disk encryption. If simple static storage of
"finished" data is all that is required then perhaps file/folder
encryption is enough but if you have users that may not save things in
the correct, encrypted folder or would be required to encrypt the
document themselves perhaps full disk is better to eliminate that
variable.


Make sure to backup the keys somewhere or you will permanently loose
everything if something happens to the key.


Amen brother. Many of the full-disk systems I've been reviewing have a
centralized management console that would allow an admin to either
recreate the key or access the encrypted system with an "admin key" to
help alleviate the "I forgot my password" issues.

Samuel Mason, CISSP
Data Security Specialist
Montana State Fund



---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Whole disk encryption, Brad Judy
Next by Date:  RE: Whole disk encryption, Jeffrey Wei
Previous by Thread:  Re: Whole disk encryption, Spencer Hall
Next by Thread:  RE: Whole disk encryption, Jeffrey Wei
Indexes:  [Date] [Thread] [Top] [All Lists]