S,
How to defeat full disk encryption: Boot up
A workmate reminded me that the disk is decrypted during
startup by the decryption drivers. It's an all or nothing
deal. Once the computer has booted you have a normal; logon
prompt, network services (\notebookc$), USB devices, etc.
Check if the product protects against safeboot (F8)
interruption. A startup password could add security
depending on how strongly that is implemented, but most
users/companies want transparent operation.
Disk errors and failures are common on laptops, and FDE
vendors are very cautious about checking for existing disk
errors before installation so research the impact FDE has on
disk reliablity. I believe things like defragmentation are
no longer possible afterwards either (I may be wrong on
this).
Also keep in mind that you're loading more file system
filter drivers, and the Windows kernel (2003, XP) has only
three slots available. Combining things like AV, DFS,
Backup agents, and FDE may cause data corruption. Any two
security products loaded may not show an incompatibilty, but
three or more could be a problem. There is a special
request MS patch to increase the number of kernel slots for
file system filters, btw.
- File system filter drivers http://www.microsoft.com/whdc/driver/filterdrv/defaul
t.mspx
- Three file system filter limit patch http://support
.microsoft.com/kb/906866
For protection of data on the computer _after_ it's running,
you may consider products that offer more granular
file-level encryption like Credant Technologies or
Information Security Corp. These products encrypt what's
important (user files and temp files), but allow for
standard support, backup and recovery practices.
Bill Stout
----- Original Message ----
From: fac51 <fac51 yahoo.com>
To: security-basicssecurityfocus.com
Sent: Wednesday, October 17, 2007 2:04:30 AM
Subject: Laptop - Full Disk Encryption?
Does anyone know of a good full disk encryption product.
It will be used for senior management so it must be easy to
use and recover if the password is forgotten.
Assumptions are that laptop information security is
strongest if data is not saved locally but an audit has
revealed otherwise.
Technical Controls (proposed)
1. BIOS password. (currently not enforced)
2. Full disk or partition encryption. (currently not
enforced)
Is there anything else I should take into account?
I have read that encryption is useless if the password that
is used is not strong is this true?
Thanks in advance for any help, greatly appreciated.
S
____________________________________________________________
________________________
Don't let your dream ride pass you by. Make it a reality
with Yahoo! Autos.
http://autos.yahoo.
com/index.html
|