Re: FDE solution for laptops

["Albert R. Campa" <abcampa () gmail com>]

GuardianEdge for example, is what I just investigated we use, prompts
for encryption credentials, then after successful login, starts
booting windows. There is no further FDE interaction after that such
as login errors, etc, unless you change your password then it syncs it
with the encryption password.

LIke I said it was just this one instance of a users laptop with
pointsec that had all kinds of boot errors with pointsec.

One instance certainly isnt a reason not to take a look at it,
especially after so many of you have suggested it.

Oh and I do realize that the FDE messes with the OS, it encrypts it. ;)

Saludos

Albert

On Wed, Feb 27, 2008 at 9:46 PM, Scott <whip () supportmenot com> wrote:
> Pointsec will not attempt to connect to a network service until the
>  monitoring app has loaded within Windows - bootup error messages will be a
>  different issue. Even when the app tries to check for updated profiles, it
>  won't error if it is offline.
>
>  And how do you plan on encrypting the disk without touching the OS, when the
>  OS is installed on the disk? Pointsec (and other FDE products) don't change
>  anything directly with the OS (apart from installing monitoring apps) - it's
>  the MBR they modify.
>
>  As others have said, I highly recommened Pointsec too.
>
>
>  Cheers,
>  Scott
>
>
>  Need relief from IT support stress?
>  http://supportmenot.com
>
>
>  -----Original Message-----
>  From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
>
> Behalf Of Albert R. Campa
>  Sent: Friday, 22 February 2008 8:40 AM
>  To: Macy
>  Cc: ыфзкфт; security-basics () securityfocus com
>  Subject: Re: FDE solution for laptops
>
>  I had a user come in for a vuln scan with a lappy that had pointsec on
>  it and had all kinds of errors loading up and slowness. I guess it was
>  trying to contact the central server, but it wasnt on the network
>  so...
>
>  Seems easier just a disk encryption method that doesnt mess with the
>  OS. I believe there are others that create a small partition for it to
>  live on.
>
>  Saludos.
>
>  Albert
>
>
>
>  On Wed, Feb 20, 2008 at 10:12 AM, Macy <mwtorrey () hotmail com> wrote:
>  > Sapran,
>  >
>  >  We use and resell pointsec (now a check point company).    The reason I
>  >  suggest this is because it provides centralized management and remote
>  >  support (supports single sign-on using windows passwd, includes remote
>  >  support utilities in case users get locked out).
>  >
>  >  macy
>  >
>  >  --------------------------------------------------
>  >  From: "ыфзкфт" <sapran () gmail com>
>  >  Sent: Wednesday, February 20, 2008 9:47 AM
>  >  To: <security-basics () securityfocus com>
>  >  Subject: FDE solution for laptops
>  >
>  >
>  >
>  >  > Hi list!
>  >  >
>  >  > I am in search of a solution for full disk encryption. The main goal
>  >  > is to protect data stored at travelling managers' laptops from loss
>  >  > and/or theft of device.
>  >  >
>  >  > I had tried the shiny new TrueCrypt 5 with system drive/partition
>  >  > encryption, but it made an OEM XP boot into safe mode only, so I guess
>  >  > that's not a right choice.
>  >  >
>  >  > I will appreciate any help on topic.
>  >  >
>  >  > Here come some details:
>  >  > 1) We use mostly Dells: Inprisons, Inspirons and Vostros.
>  >  > 2) The encryption must be easily recoverable using rescue CD/DVD or
>  smth.
>  >  >
>  >  > --
>  >  > sapran
>  >  >
>  >
>
>  No virus found in this incoming message.
>  Checked by AVG Free Edition.
>  Version: 7.5.516 / Virus Database: 269.21.1/1302 - Release Date: 27/02/2008
>  4:34 PM
>
>
>  No virus found in this outgoing message.
>  Checked by AVG Free Edition.
>  Version: 7.5.516 / Virus Database: 269.21.1/1302 - Release Date: 27/02/2008
>  4:34 PM