ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Software HDD Encryption: Poll

    Scheduled Pinned Locked Moved IT Discussion
    symantecmcafeesophos
    112 Posts 8 Posters 48.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      Nothing would be easier to manage than encrypted drives.

      gjacobseG 1 Reply Last reply Reply Quote 1
      • ?
        A Former User @gjacobse
        last edited by

        @g.jacobse said:

        so that I can update the password if needed on any given device should the system become compromised. I have enough to do,.. I don't want to keep single managing devices if I don't have to.

        What do you mean by Compromised? if if something gets on the system while it's running (virus etc) it will not see the encryption key. In fact it won't even know the drive is encrypted as the when logged in the files are un-encrypted.

        1 Reply Last reply Reply Quote 1
        • scottalanmillerS
          scottalanmiller
          last edited by

          Drive encryption is only to protect against hardware theft - of someone pulling drives and running away with them. It has zero protection against compromise.

          DashrenderD 1 Reply Last reply Reply Quote 1
          • gjacobseG
            gjacobse @scottalanmiller
            last edited by

            @scottalanmiller
            So - Hard drives would be simpler than using a managed console? Where you are able to manage all (x) devices from a central location? Like updating the Admin / User passwords?

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @gjacobse
              last edited by

              @g.jacobse said:

              @scottalanmiller
              So - Hard drives would be simpler than using a managed console? Where you are able to manage all (x) devices from a central location? Like updating the Admin / User passwords?

              Under what circumstance would you ever manage them or change anything?

              1 Reply Last reply Reply Quote 1
              • gjacobseG
                gjacobse
                last edited by

                There are a few times;
                HDD password compromised by user (shared with someone that doesn't need it)
                Defined password / security Policy dictates (not set currently)
                IT staff departure

                scottalanmillerS 3 Replies Last reply Reply Quote -1
                • scottalanmillerS
                  scottalanmiller @gjacobse
                  last edited by

                  @g.jacobse said:

                  There are a few times;
                  HDD password compromised by user (shared with someone that doesn't need it)
                  Defined password / security Policy dictates (not set currently)
                  IT staff departure

                  Why would a user get an HDD encryption password?

                  1 Reply Last reply Reply Quote 1
                  • scottalanmillerS
                    scottalanmiller @gjacobse
                    last edited by

                    @g.jacobse said:

                    IT staff departure

                    Why would IT have it? There is no need for that. Use a break glass so that this doesn't happen.

                    1 Reply Last reply Reply Quote 1
                    • MattSpellerM
                      MattSpeller
                      last edited by

                      Are you looking to have a PW on boot?

                      gjacobseG 1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @gjacobse
                        last edited by

                        @g.jacobse said:

                        Defined password / security Policy dictates (not set currently)

                        This should be a key so not covered by a password policy.

                        1 Reply Last reply Reply Quote 1
                        • gjacobseG
                          gjacobse @MattSpeller
                          last edited by

                          @MattSpeller said:

                          Are you looking to have a PW on boot?

                          Yes - Required password on boot. We must adhere to FIPs 140-2 for HIPPA and other compliance items.

                          MattSpellerM scottalanmillerS 2 Replies Last reply Reply Quote 0
                          • MattSpellerM
                            MattSpeller @gjacobse
                            last edited by

                            @g.jacobse Ahhh ok now we're talking the same language.

                            I'd opt for a BIOS pw - you can set them up with Dells, not sure what you're running. They can also be setup to completely wipe the drive after (10?) failed attempts.

                            1 Reply Last reply Reply Quote 0
                            • MattSpellerM
                              MattSpeller
                              last edited by

                              HDD encryption is separate from the pw - thats where we were all confused.

                              1 Reply Last reply Reply Quote 0
                              • DashrenderD
                                Dashrender @scottalanmiller
                                last edited by

                                @scottalanmiller said:

                                Drive encryption is only to protect against hardware theft - of someone pulling drives and running away with them. It has zero protection against compromise.

                                What about cases where the whole laptop is stolen? What prevents someone from just powering on the unit and trying to log in? Or is this not what drive encryption is for either?

                                MattSpellerM scottalanmillerS 2 Replies Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @gjacobse
                                  last edited by

                                  @g.jacobse said:

                                  @MattSpeller said:

                                  Are you looking to have a PW on boot?

                                  Yes - Required password on boot. We must adhere to FIPs 140-2 for HIPPA and other compliance items.

                                  HIPAA does not require that.

                                  Are you sure that FIPs requires that? How is it stated?

                                  1 Reply Last reply Reply Quote 1
                                  • MattSpellerM
                                    MattSpeller @Dashrender
                                    last edited by

                                    @Dashrender If the whole laptop was stolen with full drive encryption then there is nothing to stop them powering it on and trying to log in. You'd need a BIOS / pre-OS password for that. FDE will make it so the drive is un-readable when you remove it from the laptop.

                                    scottalanmillerS 2 Replies Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @MattSpeller
                                      last edited by

                                      @MattSpeller said:

                                      @Dashrender If the whole laptop was stolen with full drive encryption then there is nothing to stop them powering it on and trying to log in. You'd need a BIOS / pre-OS password for that. FDE will make it so the drive is un-readable when you remove it from the laptop.

                                      Not really. You only need a post-OS encryption of the data. The OS is like the BIOS here. Just more robust. No need to encrypt that.

                                      MattSpellerM 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @MattSpeller
                                        last edited by

                                        @MattSpeller said:

                                        You'd need a BIOS / pre-OS password for that. FDE will make it so the drive is un-readable when you remove it from the laptop.

                                        Other ways to do that.

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @Dashrender
                                          last edited by

                                          @Dashrender said:

                                          What about cases where the whole laptop is stolen? What prevents someone from just powering on the unit and trying to log in? Or is this not what drive encryption is for either?

                                          This is a misconception of value. Likewise to someone "trying to log in", if the entire drive is encrypted what is to prevent someone from "just trying to unencrypt the drive?" All you are doing is exchanging the word used, not the action. You've prevented nothing in this case.

                                          1 Reply Last reply Reply Quote 0
                                          • MattSpellerM
                                            MattSpeller @scottalanmiller
                                            last edited by MattSpeller

                                            @scottalanmiller Sorry, I wasn't clear - there is nothing to stop them powering on the laptop with FDE and trying to log into the OS. FDE is for protection from removal.

                                            scottalanmillerS 1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 1 / 6
                                            • First post
                                              Last post