ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Software HDD Encryption: Poll

    Scheduled Pinned Locked Moved IT Discussion
    symantecmcafeesophos
    112 Posts 8 Posters 48.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User @scottalanmiller
      last edited by

      @scottalanmiller said:

      Yes, you can get drives that do this themselves without needing the software layer to handle it.

      You can even get Dell to load your CTO systems with them.

      1 Reply Last reply Reply Quote 0
      • gjacobseG
        gjacobse
        last edited by

        As for Encrypted HDDs I'm not sure I want to go this route as it would mean managing (x) number of devices from the device. I would rather have a central management console so that I can update the password if needed on any given device should the system become compromised. I have enough to do,.. I don't want to keep single managing devices if I don't have to.

        ? 2 Replies Last reply Reply Quote 0
        • ?
          A Former User @gjacobse
          last edited by

          @g.jacobse said:

          As for Encrypted HDDs I'm not sure I want to go this route as it would mean managing (x) number of devices from the device. I would rather have a central management console so that I can update the password if needed on any given device should the system become compromised. I have enough to do,.. I don't want to keep single managing devices if I don't have to.

          What's to manage with FDE Harddrives? The harddrive always encrypt - It's not possible to disable. You can change the encryption key in the bios but then you'd loose access to all data.

          1 Reply Last reply Reply Quote 1
          • scottalanmillerS
            scottalanmiller
            last edited by

            Nothing would be easier to manage than encrypted drives.

            gjacobseG 1 Reply Last reply Reply Quote 1
            • ?
              A Former User @gjacobse
              last edited by

              @g.jacobse said:

              so that I can update the password if needed on any given device should the system become compromised. I have enough to do,.. I don't want to keep single managing devices if I don't have to.

              What do you mean by Compromised? if if something gets on the system while it's running (virus etc) it will not see the encryption key. In fact it won't even know the drive is encrypted as the when logged in the files are un-encrypted.

              1 Reply Last reply Reply Quote 1
              • scottalanmillerS
                scottalanmiller
                last edited by

                Drive encryption is only to protect against hardware theft - of someone pulling drives and running away with them. It has zero protection against compromise.

                DashrenderD 1 Reply Last reply Reply Quote 1
                • gjacobseG
                  gjacobse @scottalanmiller
                  last edited by

                  @scottalanmiller
                  So - Hard drives would be simpler than using a managed console? Where you are able to manage all (x) devices from a central location? Like updating the Admin / User passwords?

                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @gjacobse
                    last edited by

                    @g.jacobse said:

                    @scottalanmiller
                    So - Hard drives would be simpler than using a managed console? Where you are able to manage all (x) devices from a central location? Like updating the Admin / User passwords?

                    Under what circumstance would you ever manage them or change anything?

                    1 Reply Last reply Reply Quote 1
                    • gjacobseG
                      gjacobse
                      last edited by

                      There are a few times;
                      HDD password compromised by user (shared with someone that doesn't need it)
                      Defined password / security Policy dictates (not set currently)
                      IT staff departure

                      scottalanmillerS 3 Replies Last reply Reply Quote -1
                      • scottalanmillerS
                        scottalanmiller @gjacobse
                        last edited by

                        @g.jacobse said:

                        There are a few times;
                        HDD password compromised by user (shared with someone that doesn't need it)
                        Defined password / security Policy dictates (not set currently)
                        IT staff departure

                        Why would a user get an HDD encryption password?

                        1 Reply Last reply Reply Quote 1
                        • scottalanmillerS
                          scottalanmiller @gjacobse
                          last edited by

                          @g.jacobse said:

                          IT staff departure

                          Why would IT have it? There is no need for that. Use a break glass so that this doesn't happen.

                          1 Reply Last reply Reply Quote 1
                          • MattSpellerM
                            MattSpeller
                            last edited by

                            Are you looking to have a PW on boot?

                            gjacobseG 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @gjacobse
                              last edited by

                              @g.jacobse said:

                              Defined password / security Policy dictates (not set currently)

                              This should be a key so not covered by a password policy.

                              1 Reply Last reply Reply Quote 1
                              • gjacobseG
                                gjacobse @MattSpeller
                                last edited by

                                @MattSpeller said:

                                Are you looking to have a PW on boot?

                                Yes - Required password on boot. We must adhere to FIPs 140-2 for HIPPA and other compliance items.

                                MattSpellerM scottalanmillerS 2 Replies Last reply Reply Quote 0
                                • MattSpellerM
                                  MattSpeller @gjacobse
                                  last edited by

                                  @g.jacobse Ahhh ok now we're talking the same language.

                                  I'd opt for a BIOS pw - you can set them up with Dells, not sure what you're running. They can also be setup to completely wipe the drive after (10?) failed attempts.

                                  1 Reply Last reply Reply Quote 0
                                  • MattSpellerM
                                    MattSpeller
                                    last edited by

                                    HDD encryption is separate from the pw - thats where we were all confused.

                                    1 Reply Last reply Reply Quote 0
                                    • DashrenderD
                                      Dashrender @scottalanmiller
                                      last edited by

                                      @scottalanmiller said:

                                      Drive encryption is only to protect against hardware theft - of someone pulling drives and running away with them. It has zero protection against compromise.

                                      What about cases where the whole laptop is stolen? What prevents someone from just powering on the unit and trying to log in? Or is this not what drive encryption is for either?

                                      MattSpellerM scottalanmillerS 2 Replies Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @gjacobse
                                        last edited by

                                        @g.jacobse said:

                                        @MattSpeller said:

                                        Are you looking to have a PW on boot?

                                        Yes - Required password on boot. We must adhere to FIPs 140-2 for HIPPA and other compliance items.

                                        HIPAA does not require that.

                                        Are you sure that FIPs requires that? How is it stated?

                                        1 Reply Last reply Reply Quote 1
                                        • MattSpellerM
                                          MattSpeller @Dashrender
                                          last edited by

                                          @Dashrender If the whole laptop was stolen with full drive encryption then there is nothing to stop them powering it on and trying to log in. You'd need a BIOS / pre-OS password for that. FDE will make it so the drive is un-readable when you remove it from the laptop.

                                          scottalanmillerS 2 Replies Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller @MattSpeller
                                            last edited by

                                            @MattSpeller said:

                                            @Dashrender If the whole laptop was stolen with full drive encryption then there is nothing to stop them powering it on and trying to log in. You'd need a BIOS / pre-OS password for that. FDE will make it so the drive is un-readable when you remove it from the laptop.

                                            Not really. You only need a post-OS encryption of the data. The OS is like the BIOS here. Just more robust. No need to encrypt that.

                                            MattSpellerM 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 1 / 6
                                            • First post
                                              Last post