Laptop - Full Disk Encryption?

Does anyone know of a good full disk encryption product.
It will be used for senior management so it must be easy to
use and recover if the password is forgotten.

Assumptions are that laptop information security is
strongest if data is not saved locally but an audit has
revealed otherwise.

Technical Controls (proposed)

1. BIOS password. (currently not enforced)
2. Full disk or partition encryption. (currently not
enforced)

Is there anything else I should take into account?

I have read that encryption is useless if the password that
is used is not strong is this true?


Thanks in advance for any help, greatly appreciated.

S


     
____________________________________________________________
________________________
Don't let your dream ride pass you by. Make it a reality
with Yahoo! Autos.
http://autos.yahoo.
com/index.html
 

I'm a bit of a newb myself, but for password recovery we
have them
written down and sealed in envelopes then placed in a safe.
A trusted
individual has access to them in case someone forgets a
password.   

Use strong passwords.

Just my $.02 

Will 

-----Original Message-----
From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com]
On Behalf Of fac51
Sent: Wednesday, October 17, 2007 1:05 PM
To: security-basicssecurityfocus.com
Subject: Laptop - Full Disk Encryption?

Does anyone know of a good full disk encryption product.
It will be used for senior management so it must be easy to
use and
recover if the password is forgotten.

Assumptions are that laptop information security is
strongest if data is
not saved locally but an audit has revealed otherwise.

Technical Controls (proposed)

1. BIOS password. (currently not enforced) 2. Full disk or
partition
encryption. (currently not enforced)

Is there anything else I should take into account?

I have read that encryption is useless if the password that
is used is
not strong is this true?


Thanks in advance for any help, greatly appreciated.

S


 
____________________________________________________________
____________
____________
Don't let your dream ride pass you by. Make it a reality
with Yahoo!
Autos.
http://autos.yahoo.
com/index.html
 

What we implemented for our laptops was Pointsec's whole
disk encryption
coupled with the RSA SecurID instead of letting them use
passwords.  It
is completely transparent to the user except for the added
step of
Pointsec's pre-boot authentication.  It is fairly easy to
recover and it
has a remote help feature.

JD

-----Original Message-----
From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com]
On Behalf Of fac51
Sent: Wednesday, October 17, 2007 05:05
To: security-basicssecurityfocus.com
Subject: Laptop - Full Disk Encryption?

Does anyone know of a good full disk encryption product.
It will be used for senior management so it must be easy to
use and
recover if the password is forgotten.

Assumptions are that laptop information security is
strongest if data is
not saved locally but an audit has revealed otherwise.

Technical Controls (proposed)

1. BIOS password. (currently not enforced)
2. Full disk or partition encryption. (currently not
enforced)

Is there anything else I should take into account?

I have read that encryption is useless if the password that
is used is
not strong is this true?


Thanks in advance for any help, greatly appreciated.

S


 
____________________________________________________________
____________
____________
Don't let your dream ride pass you by. Make it a reality
with Yahoo!
Autos.
http://autos.yahoo.
com/index.html
 



-----------------------------------------------------
This e-mail is confidential and may well be legally
privileged. If you have received it in error, you are
on notice of its status. Please notify us immediately
by reply e-mail and then delete this message from 
your system. Please do not copy it or use it for any
purposes, or disclose its contents to any other
person. To do so could violate state and federal
privacy laws. Thank you for your cooperation.

If the password is easy to recover, wouldn't this defeat the
point of 
the encryption?

-J

fac51 wrote:
> Does anyone know of a good full disk encryption
product.
> It will be used for senior management so it must be
easy to use and recover if the password is forgotten.
>
> Assumptions are that laptop information security is
strongest if data is not saved locally but an audit has
revealed otherwise.
>
> Technical Controls (proposed)
>
> 1. BIOS password. (currently not enforced)
> 2. Full disk or partition encryption. (currently not
enforced)
>
> Is there anything else I should take into account?
>
> I have read that encryption is useless if the password
that is used is not strong is this true?
>
>
> Thanks in advance for any help, greatly appreciated.
>
> S
>
>
>      
____________________________________________________________
________________________
> Don't let your dream ride pass you by. Make it a
reality with Yahoo! Autos.
> http://autos.yahoo.
com/index.html
>  
>
>
>   

Hello there,

This topic was discussed in this list before. There are a
couple out 
there like Safeboot (acquired by McAfee), PGP, Pointsec,
Ultimaco, SecureDoc.

You have rightly pointed out that key/password management is
more 
important than the encryption method deployed (most products
support 
AES anyway).

Rgds,

JW

At 05:04 PM 17-10-07, fac51 wrote:
>Does anyone know of a good full disk encryption product.
It will be 
>used for senior management so it must be easy to use and
recover if 
>the password is forgotten. Assumptions are that laptop
information 
>security is strongest if data is not saved locally but
an audit has 
>revealed otherwise. Technical Controls (proposed) 1.
BIOS password. 
>(currently not enforced) 2. Full disk or partition
encryption. 
>(currently not enforced) Is there anything else I should
take into 
>account? I have read that encryption is useless if the
password that 
>is used is not strong is this true? Thanks in advance
for any help, 
>greatly appreciated. 
>S 
>________________________________________________________
____________________________ 
>Don't let your dream ride pass you by. Make it a reality
with Yahoo! 
>Autos. http://autos.yahoo.
com/index.html

Check out this solution: http://www.winmagic.com/


Tiago Filipe Dias 

-----Original Message-----
From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com]
On Behalf Of fac51
Sent: quarta-feira, 17 de Outubro de 2007 10:05
To: security-basicssecurityfocus.com
Subject: Laptop - Full Disk Encryption?

Does anyone know of a good full disk encryption product.
It will be used for senior management so it must be easy to
use and
recover if the password is forgotten.

Assumptions are that laptop information security is
strongest if data is
not saved locally but an audit has revealed otherwise.

Technical Controls (proposed)

1. BIOS password. (currently not enforced)
2. Full disk or partition encryption. (currently not
enforced)

Is there anything else I should take into account?

I have read that encryption is useless if the password that
is used is
not strong is this true?


Thanks in advance for any help, greatly appreciated.

S


 
____________________________________________________________
____________
____________
Don't let your dream ride pass you by. Make it a reality
with Yahoo!
Autos.
http://autos.yahoo.
com/index.html 
 
*Disclaimer
Deloitte refers to one or more of Deloitte Touche Tohmatsu,
a Swiss Verein, its member firms, and their respective
subsidiaries and affiliates.  As a Swiss Verein
(association), neither Deloitte Touche Tohmatsu nor any of
its member firms has any liability for each other's acts or
omissions.  Each of the member firms is a separate and
independent legal entity operating under the names
"Deloitte," "Deloitte & Touche,"
"Deloitte Touche Tohmatsu," or other related
names.  Services are provided by the member firms or their
subsidiaries or affiliates and not by the Deloitte Touche
Tohmatsu Verein.
Privileged/Confidential Information may be contained in this
message. If you are not the addressee indicated in this
message (or responsible for delivery of the message to such
person), you may not copy or deliver this message to anyone.
In such case, you should destroy this message and kindly
notify the sender by reply email. Please advise immediately
if you or your employer do not consent to Internet email for
messages of this kind. Opinions, conclusions and other
information in this message that do not relate to the
official business of my firm shall be understood as neither
given nor endorsed by it.

We've started to roll out PGP WDE, and I like it a lot.  It
has a couple
of Boss-friendly feature:

- multiple password access to the encrypted disk/partition
(e.g., one for
the user, one for an admin)

- Single sign-on - It can be set to use the user's Windows
logon as the
disk encryption password, so the user only need enter the
password once. 
PGP WDE will synchronize when the user changes their
password.

- Keyserver integration - PGP's WDE has good integration
with their
keyserver, never need to lose the keys.

Rich Borroff
Network and Server Manager
Harvard University - DCE
617-998-8526


security-basics-return-46188securityfocus.com on
Wednesday, October 17,
2007 at 5:04 AM -0500 wrote:
>Does anyone know of a good full disk encryption
product.
>It will be used for senior management so it must be easy
to use and
>recover if the password is forgotten.
>
>Assumptions are that laptop information security is
strongest if data is
>not saved locally but an audit has revealed otherwise.
>
>Technical Controls (proposed)
>
>1. BIOS password. (currently not enforced)
>2. Full disk or partition encryption. (currently not
enforced)
>
>Is there anything else I should take into account?
>
>I have read that encryption is useless if the password
that is used is
>not strong is this true?
>
>
>Thanks in advance for any help, greatly appreciated.
>
>S
>
>
>     
>________________________________________________________
____________________________
>Don't let your dream ride pass you by. Make it a reality
with Yahoo!
>Autos.
>http://autos.yahoo.
com/index.html
> 
>
>
>

We've started to roll out PGP WDE, and I like it a lot.  It
has a couple
of Boss-friendly feature:

- multiple password access to the encrypted disk/partition
(e.g., one for
the user, one for an admin)

- Single sign-on - It can be set to use the user's Windows
logon as the
disk encryption password, so the user only need enter the
password once. 
PGP WDE will synchronize when the user changes their
password.

- Keyserver integration - PGP's WDE has good integration
with their
keyserver, never need to lose the keys.

Rich Borroff
Network and Server Manager
Harvard University - DCE
617-998-8526


security-basics-return-46188securityfocus.com on
Wednesday, October 17,
2007 at 5:04 AM -0500 wrote:
>Does anyone know of a good full disk encryption
product.
>It will be used for senior management so it must be easy
to use and
>recover if the password is forgotten.
>
>Assumptions are that laptop information security is
strongest if data is
>not saved locally but an audit has revealed otherwise.
>
>Technical Controls (proposed)
>
>1. BIOS password. (currently not enforced)
>2. Full disk or partition encryption. (currently not
enforced)
>
>Is there anything else I should take into account?
>
>I have read that encryption is useless if the password
that is used is
>not strong is this true?
>
>
>Thanks in advance for any help, greatly appreciated.
>
>S
>
>
>     
>________________________________________________________
____________________________
>Don't let your dream ride pass you by. Make it a reality
with Yahoo!
>Autos.
>http://autos.yahoo.
com/index.html
> 
>
>
>

Here is a list of FDE products to choose from:
http://www.full-disk-encryption.net/Full_Disc_Encry
ption.html

Make sure the product you select has Centralized recovery
password
retrieval capability (e.g. Wavesys)

On 10/17/07, fac51 <fac51yahoo.com> wrote:
> Does anyone know of a good full disk encryption
product.
> It will be used for senior management so it must be
easy to use and recover if the password is forgotten.
>
> Assumptions are that laptop information security is
strongest if data is not saved locally but an audit has
revealed otherwise.
>
> Technical Controls (proposed)
>
> 1. BIOS password. (currently not enforced)
> 2. Full disk or partition encryption. (currently not
enforced)
>
> Is there anything else I should take into account?
>
> I have read that encryption is useless if the password
that is used is not strong is this true?
>
>
> Thanks in advance for any help, greatly appreciated.
>
> S
>
>
>      
____________________________________________________________
________________________
> Don't let your dream ride pass you by. Make it a
reality with Yahoo! Autos.
> http://autos.yahoo.
com/index.html
>
>
>
>

On 2007-10-23 Bill Stout wrote:
> How to defeat full disk encryption:  Boot up

Wow, you mean disk encryption won't protect from attack
vectors it
wasn't designed to protect from in the first place? Big
surprise here.
Not.

[...]
> For protection of data on the computer _after_ it's
running, you may
> consider products that offer more granular file-level
encryption like
> Credant Technologies or Information Security Corp. 
These products
> encrypt what's important (user files and temp files),
but allow for
> standard support, backup and recovery practices.

For protection of data on the computer _after_ it's running,
you have a
kernel which implements and enforces access controls and
privileges.

Besides, how do those file-level encryption systems make
sure every kind
of temporary data an application may create on the disk is
encrypted?
How do they ensure no unencrypted user data is left after
the encryption
system is put in place? How do they handle paged data? How
do they
handle (read "ensure confidentiality of") the
keys?

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior
to patches
becoming available."
--Jason Coombs on Bugtraq