[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Hardware-based full disk encryption
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Hardware-based full disk encryption
- From: Bill Stout <billbrietstout@xxxxxxxxx>
- Date: Thu, 17 Jan 2008 10:38:22 -0800 (PST)
Hi Frank,
If it's to protect against computer loss or theft, FDE offers zero protection
when the theif boots the computer. The disk is unencrypted as far as the
filesystem drivers are concerned. Some vendors offer a pre-boot password, then
the protection is as strong as the password. FDE is of value if you throw a
disk away and it also prevents CD bootable password clearing tools from editing
the SAM.
Volume or container encryption will protect data, and is also useful to hide
tools from an AV file scan. Cryptainer is one example, available in both free
and commercial versions. Volume encryption won't encrypt temp directories,
there are many temp directory locations depending on from what source you
opened a file (email, browser, filesystem, word, etc). Volume encryption
products like Credant solve this problem by encrypting temp files.
HTH
Bill Stout
----- Original Message ----
From: Frank Sanders <franksanders6@xxxxxxxxx>
To: full-disclosure@xxxxxxxxxxxxxxxxx
Sent: Wednesday, January 16, 2008 4:53:39 AM
Subject: [Full-disclosure] Hardware-based full disk encryption
Can any one recommend such system ?
What are the Pros and Cons and from which vendor(s) do you know that they
already integrated it with which security model ?
-----Inline Attachment Follows-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/