Home page logo
/

basics logo Security Basics mailing list archives

Re: List of Full Disc Encryption products
From: "Stephen John Smoogen" <smooge () gmail com>
Date: Thu, 6 Jul 2006 16:57:48 -0600

On 7/6/06, Sadler, Connie <Connie_Sadler () brown edu> wrote:

I agree with Roger. Full drive encryption is not required for anything
that isn't classified. At least I've never seen a requirement for it.


The latest OMB requirement

http://www.whitehouse.gov/omb/memoranda/fy2006/m06-16.pdf

Which states among a lot of other things:

Encrypt all data on mobile computers/devices which carry agency data
unless the data is determined to be non-sensitive, in writing, by your
Deputy Secretary or an individual he/she may designate in writing;

[End of Quote]

The issue that is coming up is how 'data' is defined by an
organization's security organization. Some are using the definition of
what is in a file to be the stuff needing encrypted, thus file level
encryption needed. Others are looking that the data may also exist in
swap space and temp files also need to be encrypted and thus going for
the entire disk encryption method.

The definition of non-sensitive is also being defined rather small as
the primary issue for the agencies is not to look bad. [Being able to
say "yes the laptop is stolen but whatever on it is not easily gotten"
is the answer that is being looked for versus "it contained a lot of
sensitive stuff but was encrypted."]

The 'end' goal will probably be to have all Federal government laptop
drives (or laptops purchased/funded by Federal money) to have a
hardware FIP-140-1 encryptor in place that can only be unlocked via 2
factor keyfob+password.


--
Stephen J Smoogen.
CSIRT/Linux System Administrator

---------------------------------------------------------------------------
This list is sponsored by: SensePost

Hacking, like any art, will take years of dedicated study and practice to master. We can't teach you to hack. But we can teach you what we've learned so far. Our courses are honest, real, technical and practical. SensePost willl be at Black Hat Vegas in July. To see what we're about, visit us at:
http://www.sensepost.com/training.html
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]