Re: Hardware-based full disk encryption

[Bill Stout <billbrietstout () yahoo com>]

Hi Frank,

If it's to protect against computer loss or theft, FDE offers zero protection when the theif boots the computer.  The 
disk is unencrypted as far as the filesystem drivers are concerned.  Some vendors offer a pre-boot password, then the 
protection is as strong as the password.  FDE is of value if you throw a disk away and it also prevents CD bootable 
password clearing tools from editing the SAM.

Volume or container encryption will protect data, and is also useful to hide tools from an AV file scan.  Cryptainer is 
one example, available in both free and commercial versions.  Volume encryption won't encrypt temp directories, there 
are many temp directory locations depending on from what source you opened a file (email, browser, filesystem, word, 
etc).  Volume encryption products like Credant solve this problem by encrypting temp files.

HTH

Bill Stout


----- Original Message ----
From: Frank Sanders <franksanders6 () gmail com>
To: full-disclosure () lists grok org uk
Sent: Wednesday, January 16, 2008 4:53:39 AM
Subject: [Full-disclosure] Hardware-based full disk encryption

Can any one recommend such system ?
 
What are the Pros and Cons and from which vendor(s) do you know that they already integrated it with which security 
model ?




-----Inline Attachment Follows-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/