Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Fw: The VA Stolen Laptop - Lessons Learned

from [bhrugvish.gore] Network Security [Permanent Link]
Subject: Fw: The VA Stolen Laptop - Lessons Learned
Date: Tue, 26 Sep 2006 13:55:01 +0000 (GMT) 
 I just came across a client using FDE from vendor BeCrypt.  It seems to be 
extremely stable, and uses a usb dongle for authentication.  We tested this 
system on behalf of a client and couldn't fault it.  (Not surprising really as 
it's a UK HMG CESG CAPS approved product.) 
   
 Rgds, 
 Bhrug 
 
 
 ----- Original Message ---- 
From: Saqib Ali  
To: intel96  
Cc: Clement Dupuis ; security-basics@securityfocus.com 
Sent: Thursday, 21 September, 2006 7:11:37 PM 
Subject: Re: The VA Stolen Laptop - Lessons Learned 
 
 Hello, 
 
If you don't mind can I have the name of the company? 
 
There are other vendors that produce such solutions in form of a IDE 
card which is not suitable for a notebook drive. 
 
ce-infosys has a PCMCIA card that performs Full Disc Encryption and be 
used in a notebook: 
http://www.ce-infosys.com.sg/CeiProducts_CryptCard.asp 
 
 
On 9/20/06, intel96  wrote: 

I just meet with a company in Washington, DC with a company from Canada 
that has developed a hardware-based encryption module for computer 
systems.  They are a start-up but have hooks into some of the laptop 
manufactures, which plan to offer the device to customers as a option. 
I have not tested the equipment,, but plan too soon.  The device uses 
AES-256 or 3-DES.  It also creates a mirror of the  drive, which can be 
used for failover operations.    There is even a self-destruction piece 
being added. 

Saqib Ali wrote: 

Clement, 

I just checked the True Crypt's website and it says that it only 
supports partition but NOT the whole disc encryption. With whole disc 
encryption everything including the OS is encrypted regardless of the 
partition layout. 



On 9/20/06, Clement Dupuis  wrote: 

Wikipedia unfortunately is not always up to date 

Truecrypt will do full disks and even allow you to have an encrypted disk 
without any partitions on it. 

Take care 

Clement 


-----Original  Message----- 
From: listbounce@securityfocus.com 

[mailto:listbounce@securityfocus.com] On 

Behalf Of Saqib Ali 
Sent: Wednesday, September 20, 2006 12:35 AM 
To: security 
Cc: security-basics@securityfocus.com 
Subject: Re: The VA Stolen Laptop - Lessons Learned 

Caution: TrueCrypt is NOT a Full Disc Encryption (FDE) utility. I can 
encrypt partitions but not the whole Disc. See: 
http://en.wikipedia.org/wiki/FDE 

On 9/18/06, security  wrote: 

TrueCrypt (http://www.truecrypt.org/) is the one I recommend to 
clients. Its Open-Source and supports Linux and Windows. 

-em 

 > 




On Sep 17, 2006, at 10:27 PM, MandommGmail wrote: 


There are many free whole disk encryption softwares that are 
around. Please google for CompuSec. I am personally using it. It is 
free for commercial and personal usage. 



I believe its just right for my usage. 



Alex 
----- Original Message ----- From: "George Toft" 
 
To:  
Sent: Saturday, September 16, 2006 1:42 AM 
Subject: Re: The VA Stolen Laptop - Lessons Learned 




There are many whole-disk encryption products that make this a 
trivial exercise.  Even at $100-150 per seat, the price is cheaper 

 >> than a lawsuit and bad publicity. 


George Toft, CISSP, MSIS 
My IT Department 
www.myITaz.com 
480-544-1067 

Confidential data protection experts for the financial industry. 


evb wrote: 

 :1. Encrypt all data on mobile computers/devices which 
carry :agency data unless the data is determined to be non- 
sensitive, :in writing, by your Deputy Secretary or an individual 
he/she :may designate in writing : And does "data" include 
operating system files, log files, cab files, 
drivers, etc., or does it only include eg xls, doc, pdf and wpd 

 > >>> files, etc.? 

How has Bush defined "data"?  Thx, 

Eric 
-------------------------------------------------------------------- 





---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Network Resource Mapping Reporting, krymson
Next by Date:  Re: No NetBios share + No Open Port = Safe Win98?, krymson
Previous by Thread:  RE: The VA Stolen Laptop - Lessons Learned, Isaac Van Name
Next by Thread:  Anti Spyware Standards, rolando_ruiz
Indexes:  [Date] [Thread] [Top] [All Lists]