mailing list archives
Re: FW: VA Loses another Hard Drive with data on 48,000 veterans
From: "kevin fielder" <kevin.fielder () gmail com>
Date: Wed, 7 Feb 2007 10:48:29 +0000
I can comment on a product called SafeBoot that we currently use.
This product works very well, with centralised management, allowing
control of password policies etc. Performance is not affected to a
great degree, you do notice the speed of boot up being slower, but in
general use (e.g. opening / saving documents and emails etc) the
performance is not noticeably impacted.
A couple of things to bear in mind when looking at these products you
want to use a genuine full disk encryption product that requires some
form of authentication prior to any sort of access to the O/S, and you
should also ensure that it can block hibernate type functionality to
ensure that the machine is shut down each time the user finishes work
- if hibernate is permitted you have a situation where if stollen the
laptop can be opened and the thief is faced with the windows prompt
and a drive that has already had the credentials entered to allow
access to the data on it.
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Saqib Ali
Sent: 06 February 2007 05:13
Subject: Re: VA Loses another Hard Drive with data on 48,000 veterans
Try several FDE solution before you settle on one. Most of the FDE
solutions provide 128bit AES encryption, but some are easier to use then
others. Also some offer challenge/response based password recovery,
which can be *very* helpful.
Another thing to keep in mind is that the encryption solution must be
transparent to the user and must be straight-forward to setup.
You can find a rather complete list of FDE solutions at:
On 2/5/07, Ed <security () kdtc net> wrote:
> Saqib Ali wrote:
> > http://www.full-disk-encryption.net/news/article329.html
> > Associated Press is reporting that a portable hard drive belonging
> > to Veteran's Administration has been stolen. The Official Press
> > Release is available at the VA website.
> This is something I'm glad I can keep track of here. This past year
> alone has shown that it is easy to take things for granted and expect
> things to stay where they are, when in fact, one shouldn't.
> Unfortunately, I seem to be one of these people who have gotten a
> 'little slack' in terms of maintaining a secured network. (Can never
> get my point across to users and bosses on security issues. They
> never seem to understand that P2P and Skype really don't really belong
> in a corporate environment. The only consideration is 'low cost' and
> Anyway, there's certainly a plethora of solutions for encryption(whole
> disk or otherwise). Does anyone here have any good suggestions?
> So far, I'm looking at PGP Whole Disk and it looks promising.
Saqib Ali, CISSP, ISSAP