Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Encryption/Protection for USB storage media
From: jackadaniel at gmail.com (Jack Daniel)
Date: Sat, 16 May 2009 12:02:53 -0400

For a relatively painless solution, I'll join the IronKey chorus. It
has the added bonus of being able to survive much more physical abuse
than other USB drives.  I, er, I mean Bob, says they might even
survive a trip through the washing machine if the cap is on tight.

As far as Bitlocker-to-go, this is a classic MS "innovation"- they get
parts of it right and then drop the ball hard.  Bitlocker-to-go is a
great solution, one checkbox in GP and no more writing to unencrypted
USB drives on your domain (several more places to control passphrase
complexity, X.509 certs, backwards compat, etc).  If you use a
password/phrase you can open it (read-only) with XP/Vista machines,
but they cannot write to it (that's default, can be set in GP).  Note-
if you use SmartCard or other X.509 cert. based auth, no backwards
compatibility.

Now the thud- it will only be available on Enterprise and Ultimate
SKUs, not on Pro or any Home version.  Enterprise is Volume licensing
only, Ultimate will mostly be a retail  software purchase. In other
words, you are not likely to ever purchase a PC with Bitlocker-to-go
enabled- if you want it you will pay again.

And no, I have not tried to carve up the registry looking for a way to
open Bitlocker, the pre-beta, beta and RCs I have used were all
Ultimate.

Jack



-- 
______________________________________
Jack Daniel, Reluctant CISSP
http://twitter.com/jack_daniel
http://blog.uncommonsensesecurity.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault