Home page logo
/

basics logo Security Basics mailing list archives

RE: List of Full Disc Encryption products
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Thu, 6 Jul 2006 04:49:46 -0400

I like product idea, just the not the "...security requirements"
marketing statement. 

Requirements implies a mandate, legal, corporate, or otherwise. I had
never seen a law, regulatory guideline, or even corporate security
policy state this.

I just wanted clarification. Thanks.

-----Original Message-----
From: Saqib Ali [mailto:docbook.xml () gmail com] 
Sent: Wednesday, July 05, 2006 11:10 PM
To: Roger A. Grimes
Cc: security-basics
Subject: Re: List of Full Disc Encryption products

I don't believe your second sentence. Prove me wrong. What mandate 
says that full hard drive encryption is mandatory versus just 
encrypting the necessary files and folders?  Give me the law and
subsection.

I never said that there is a federal/state law/mandate that requires
full disc encryption. See my second sentence below:

SA said: "Encrypting individual files or storing data in encrypted
vaults does NOT meet the security requirements anymore."

A government agency, however, may set certain guidelines/requirements
without a law/mandate in place. And there are some agencies doing just
that in DC. The following are some reasons why full disc encryption is
preferable.

1) Encryption of temporary / swap is important as confidential data
maybe revealed from these files in case of HDD theft.

2) Quick Erase functionality as advertised by Seagate's FDE.2 drive
provide immediate data destruction by replacing the AES key on the ASIC.
This can save thousands of dollar the agency spends in proper
destruction of the HDD. See
http://www.seagate.com/docs/pdf/marketing/po_momentus_5400_fde_bb.pdf

3) user-proof. everything is encrypted if FDE is enabled.

4) pre-boot authentication.


--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------

---------------------------------------------------------------------------
This list is sponsored by: SensePost

Hacking, like any art, will take years of dedicated study and
practice to master. We can't teach you to hack. But we can teach you
what we've learned so far. Our courses are honest, real, technical
and practical. SensePost willl be at Black Hat Vegas in July. To see
what we're about, visit us at:

http://www.sensepost.com/training.html
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault