Security Basics mailing list archives
Re: Trade off: Full disk Encryption vs. Necessity
From: "Saqib Ali" <docbook.xml () gmail com>
Date: Thu, 16 Nov 2006 11:24:53 -0800
A lot of people confuse the function of full disk encryption vs file/folder encryption. They are two different beasts. There are 3 type of data encryption solutions that are available for laptops: 1) File/Folder level encryption (e.g. EFS) 2) Encrypted File Vaults 3) FDE One solution can NOT substitute the other. In fact in some case you might need (#3 AND (#1 OR #2)). FDE is only good when the laptop is in a off line mode. Once you boot the laptop FDE is pretty much useless, i.e. all data is in a decrypted mode, and can be accessed from the network. Whereas File/Folder level encryption protects the data from network based attacks even after the laptop has booted. CA SB 1386 Senate Bill essentially gives you "get-out-of-jail-free-card" if you use *any* type of reasonable encryption. However, on the other hand, Presidential mandate M-06-16 requires encryption of *All Data*, including OS, Temp files, swap space, etc., on agency laptops. See: http://www.whitehouse.gov/omb/memoranda/fy2006/m06-16.pdf Full disk encryption has several benefits compared to regular file/folder encryption or encrypted vaults. The following are some benefits of full disk encryption: 1. Everything including the swap space and the temporary files are encrypted. Encrypting these files is important, as they can revealimportant confidential data. 2. With full disk encryption, the decision of which files to encrypt is not left up to users. 3. Support for pre-boot authentication. There was a Slashdot discussion on this topic. See: http://ask.slashdot.org/article.pl?sid=06/10/20/2250246 On 16 Nov 2006 01:52:46 -0000, shyaam () gmail com <shyaam () gmail com> wrote:
Dear All, I am sorry if this has been discussed/described anywhere in the forums(do let me know the thread if that is the case), but is full-disk encryption necessary. I mean windows takes care of the OS Security, even if not, it is OS files which will come up with every single installation CD. So it doesnt need to be encrypted. What are the things to encrypt other than the user data ? [just a question, because everyone talks about full-disk encryption] What is the overhead involved with full-disk encryption and if there is a full disk encryption, is it worth doing it? Segate came up with the hardware technique of doing it ? Well if it is not breakable it is good, but what are the chances of it being broken ? Laptops get lost or stolen, is full-disk encryption the only solution or are there any other solutions that we are not able to think of? These are just few questions that came up on my mind. Once again sorry if they were addressed somewhere else or if they sound silly. Kind Regards, Shyaam --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
-- Saqib Ali, CISSP, ISSAP http://www.full-disk-encryption.net --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Trade off: Full disk Encryption vs. Necessity shyaam (Nov 16)
- Re: Trade off: Full disk Encryption vs. Necessity Saqib Ali (Nov 16)
- Re: Trade off: Full disk Encryption vs. Necessity Florian Rommel (Nov 16)
- Re: Trade off: Full disk Encryption vs. Necessity Jeffrey F. Bloss (Nov 17)
- Re: Trade off: Full disk Encryption vs. Necessity Saqib Ali (Nov 20)