|
So why don't we use full disk encryption on all mobile devices?
2006 Security Breaches Matrix reveals that a large number of the data
leaks were caused due to stolen laptops, which can be easily mitigated by using full disk encryption on the laptop. So why not encrypt the whole drive? Cost and performance impact are the usual arguments. Tests show that access time for files increases by 56%-85% after full disk encryption. And the cost of FDE software usually ranges from $0-$300 depending on how good of a software and support you wanna get. So is it NOT worth it? Data from tests (performance impact) of the FDE products (PGP, Compusec, Pointsec and Utimaco): http://www.xml-dev.com/blog/index.ph...ewtopic&id=250 2006 Security Breaches Matrix: http://www.efortresses.com/refdocs/2...hes-Matrix.pdf |
Re: So why don't we use full disk encryption on all mobile devices?
On 12 Oct 2006 19:56:04 -0700, "Saqib Ali" <docbook.xml@gmail.com>
wrote: <snip> For most purposes the use of a disk password would be give adequate protection, no overhead on legitimate use and no additional cost. IBM laptops have had it for a long time. -- Jim Watt http://www.gibnet.com |
Re: So why don't we use full disk encryption on all mobile devices?
Jim Watt wrote:
> For most purposes the use of a disk password would be > give adequate protection, no overhead on legitimate use > and no additional cost. adequate == none? Just moves the plates to another electronic board and you've got full access. Even I'm competent enough to do that. |
Re: So why don't we use full disk encryption on all mobile devices?
Sebastian Gottschalk wrote:
> > Jim Watt wrote: > > > For most purposes the use of a disk password would be > > give adequate protection, no overhead on legitimate use > > and no additional cost. > > adequate == none? Just moves the plates to another electronic board and > you've got full access. Even I'm competent enough to do that. Wrong. A hard drive password will protect data, even if the drive is moved to another "home." Notan |
Re: So why don't we use full disk encryption on all mobile devices?
Sebastian Gottschalk wrote:
> adequate == none? Just moves the plates to another electronic board and > you've got full access. Even I'm competent enough to do that. After Full Disk Encryption, I DON'T think you can simply move the platters to different board and you get full access. I think you are talking about ATA Drive Lock saqib http://www.full-disk-encryption.net |
Re: So why don't we use full disk encryption on all mobile devices?
Saqib Ali wrote:
> Sebastian Gottschalk wrote: >> adequate == none? Just moves the plates to another electronic board and >> you've got full access. Even I'm competent enough to do that. > > After Full Disk Encryption, I DON'T think you can simply move the > platters to different board and you get full access. I think you are > talking about ATA Drive Lock Exactly that's what the IBM password lock thing is about. |
Re: So why don't we use full disk encryption on all mobile devices?
> > After Full Disk Encryption, I DON'T think you can simply move the
> > platters to different board and you get full access. I think you are > > talking about ATA Drive Lock > > Exactly that's what the IBM password lock thing is about. oops sorry. I didn't realize the original poster was talking about ATA Drive lock. I thought they were talking about Utimaco which is a FDE solution and ships for free with IBM/Lenovo laptops. saqib http://www.full-disk-encryption.net |
Re: So why don't we use full disk encryption on all mobile devices?
On Fri, 13 Oct 2006 12:01:09 +0200, Sebastian Gottschalk
<seppi@seppig.de> wrote: >Jim Watt wrote: > >> For most purposes the use of a disk password would be >> give adequate protection, no overhead on legitimate use >> and no additional cost. > >adequate == none? Just moves the plates to another electronic board and >you've got full access. Even I'm competent enough to do that. But you are incapable of removing malware without flattening the system ... However, these days drive electronics are not interchangable and its the control board you would need to change, rather than opening the enclosure and whipping out the platters (to give them the correct name) There are better ways around it, but not for the average or even above average laptop thief. -- Jim Watt http://www.gibnet.com |
Re: So why don't we use full disk encryption on all mobile devices?
> > After Full Disk Encryption, I DON'T think you can simply move the
> > platters to different board and you get full access. I think you are > > talking about ATA Drive Lock > > Exactly that's what the IBM password lock thing is about. However I will add that Seagate's FDE.2 drives encrypt everything by default before "placing it on the platter" So the mere act of enabling ATA Drive Lock on a Seagate FDE.2 drive does the trick. Even if you take out the platters and place it in a different enclosure you won't be able to access the data. See: http://www.seagate.com/docs/pdf/mark...400_fde_bb.pdf Also Seagate has plugged all the known ATA Drive Lock hacks (as far as I know). saqib http://www.full-disk-encryption.net |
Re: So why don't we use full disk encryption on all mobile devices?
Saqib Ali wrote:
>>> After Full Disk Encryption, I DON'T think you can simply move the >>> platters to different board and you get full access. I think you are >>> talking about ATA Drive Lock >> >> Exactly that's what the IBM password lock thing is about. > > However I will add that Seagate's FDE.2 drives encrypt everything by > default before "placing it on the platter" So the mere act of enabling > ATA Drive Lock on a Seagate FDE.2 drive does the trick. Even if you > take out the platters and place it in a different enclosure you won't > be able to access the data. > See: > http://www.seagate.com/docs/pdf/mark...400_fde_bb.pdf Reading that, it seems to suck: - can interfere with TPM - of course it can't be snoop-proof as claimed - proprietary scheme - most likely it's ECB and has no MAC - stupid talking about buzzwords like "intellectual property" > Also Seagate has plugged all the known ATA Drive Lock hacks (as far as > I know). So what? You also always read, change and write back the firmware. |
| All times are GMT. The time now is 02:26 PM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.