|
Posted by Saqib Ali on July 9, 2007, 1:56 am
If you were Registered and logged in, you could reply and use other advanced thread options
Please vote for you favorite Full Disk Encryption FDE solution at the
following URL:
http://security-basics.blogspot.com/2007/07/full-disk-encryption-survey.html
or
http://tinyurl.com/2oy7k4
Please consider the following when voting:
1. Easy of use
2. Transparency to the user
3. Directory integration (e.g. integration with Active Directory or
LDAP)
4. Key Management (Backup, recovery, archiving)
5. Password recovery
6. Cost
7. User Interface
8. Reliability
9. Performance
10. Overall Functionality
|
|
Posted by Vanguard on July 9, 2007, 2:15 am
If you were Registered and logged in, you could reply and use other advanced thread options
"Saqib Ali" wrote in message
> Please vote for you favorite Full Disk Encryption FDE solution at the
> following URL:
> http://security-basics.blogspot.com/2007/07/full-disk-encryption-survey.html
> or
> http://tinyurl.com/2oy7k4
In order for any product to be favorite requires that user also report
what OTHER similar products they trialed or used. A user that has only
used one FDE product doesn't have a favorite. I have one sister, so the
joke goes "you're my favorite sister". You do not let the user report
what other FDE products they have used or how many total FDE products
they have used (which must be greater than one). The survey is
worthless without this info.
|
|
Posted by benb on July 12, 2007, 3:49 pm
If you were Registered and logged in, you could reply and use other advanced thread options > "Saqib Ali" wrote in message
>> Please vote for you favorite Full Disk Encryption FDE solution at the
>> following URL:
>> http://security-basics.blogspot.com/2007/07/full-disk-encryption-survey.html
>> or
>> http://tinyurl.com/2oy7k4
>
>
> In order for any product to be favorite requires that user also report
> what OTHER similar products they trialed or used. A user that has only
> used one FDE product doesn't have a favorite. I have one sister, so the
> joke goes "you're my favorite sister". You do not let the user report
> what other FDE products they have used or how many total FDE products they
> have used (which must be greater than one). The survey is worthless
> without this info.
>
I'll be keeping an eye on this survey, as I'm currently researching an FDE
solutions for about 20 of our users laptops. So far I've downloaded and
tested PGP WDE, next is CompuSec, I have a trial of SafeGuard Easy on order
(hopefully arrive in the post next week), and I'm arranging a conference
call with someone from PointSec to setup a trial of that product.
If anyone has any experience with any of the or other products, I'd be
interested in your views. Our requirements are:
Full Disk Encryption
Pre Boot Authentication
Activate Directory Integration
Easy Deployment (MSI/group policy)
Automated Encryption (no user intervention)
Cheers
Ben
|
|
Posted by Sebastian G. on July 12, 2007, 9:07 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> I'll be keeping an eye on this survey, as I'm currently researching an FDE
> solutions for about 20 of our users laptops. So far I've downloaded and
> tested PGP WDE, next is CompuSec, I have a trial of SafeGuard Easy on order
> (hopefully arrive in the post next week), and I'm arranging a conference
> call with someone from PointSec to setup a trial of that product.
>
> If anyone has any experience with any of the or other products, I'd be
> interested in your views.
Trivial: CompuSec is insecure by design. Just create a password reset floppy
on a second machine, start the recovery at the first, insert it, and there
you go. A trivial proof that they must have stored the key on the encrypted
disk as well.
SafeGuard Easy... well, has this shit become working now? On two test
machines I saw the boot loader completely crashing, totally ignoring any
keyboard response, or not accepting any of the correct passwords.
> Our requirements are:
> Full Disk Encryption
> Pre Boot Authentication
> Activate Directory Integration
> Easy Deployment (MSI/group policy)
> Automated Encryption (no user intervention)
Hm... what about actual security? In terms of encryption this means to only
Open Source software, due to a matter of trust and verification of the
implementation. CompuSec has already been mentioned. SafeGuard Easy has been
proven to be horrible insecure, f.e. not properly locking memory regions
and then letting the keys being swapped out.
|
|
Posted by benb on July 13, 2007, 4:23 am
If you were Registered and logged in, you could reply and use other advanced thread options > benb wrote:
>
>
> Trivial: CompuSec is insecure by design. Just create a password reset
> floppy
> on a second machine, start the recovery at the first, insert it, and there
> you go. A trivial proof that they must have stored the key on the
> encrypted
> disk as well.
Yeah I tested it at home last night and didn't like it at all. There are a
number of other failings as well. Such as only allowing 1 user login, if a
consultant sends a machine in for repair, it would be useful to be able to
login without them having to expose their password. Another is only allowing
alphanumerical charactors in the login name, our users logon to the domain
as joe.bloggs, but they couldn't use this to login to CompuSec as it
contains a period, so its another username for them to remember. There is no
windows/directory service synchronisation, so it means another password for
users to remember, increasing the likihood of users writing down passwords
somewhere.
> SafeGuard Easy... well, has this shit become working now? On two test
> machines I saw the boot loader completely crashing, totally ignoring any
> keyboard response, or not accepting any of the correct passwords.
Thanks for the warning, I was going to install it on my laptop to test, but
I think I'll use a spare now, until I know it works! I've heard from other
people that it is stable, and offers all of the requirements listed below.
>> Our requirements are:
>
>> Full Disk Encryption
>> Pre Boot Authentication
>> Activate Directory Integration
>> Easy Deployment (MSI/group policy)
>> Automated Encryption (no user intervention)
>
> Hm... what about actual security? In terms of encryption this means to
> only
> Open Source software, due to a matter of trust and verification of the
> implementation. CompuSec has already been mentioned. SafeGuard Easy has
> been
> proven to be horrible insecure, f.e. not properly locking memory regions
> and then letting the keys being swapped out.
I assumed that most of the products mentioned used at least AES 128, and so
were fairly equal in that respect. Certainly all the datasheets for PGP WDE,
SafeGuard Easy, PointSec & CompuSec state that they are capable of AES 256,
and PointSec & SafeGuard say they are FIPS 140-2 compliant.
My major reason for looking into this is in the event that one of our
consultants has a laptop stolen, and someone might be able to retrieve
clients confidential information from the hard disk. We're not a goverment
organisation, bank or anything, but it would damage the company's reputation
if a client were to find their information had been lost/made public!
Ben
|
| Similar Threads | Posted | | So why don't we use full disk encryption on all mobile devices? | October 12, 2006, 10:56 pm |
| U.S. Gov't to use Full Disk Encryption on All Computers | December 29, 2006, 5:35 pm |
| What is the earliest version with full harddisk encryption (not only files) ? | July 27, 2005, 9:05 am |
| Searching tool for FULL disc encryption (not only volume files) | July 28, 2005, 11:06 am |
| Mailing List dedicated to Full Disc Encryption use and implementation strategy | October 1, 2006, 7:28 pm |
| Recommendations for hard disk encryption tool? | July 26, 2006, 9:08 am |
| Security career survey | March 21, 2008, 2:50 pm |
| Survey on Supercomputer Cluster Security | May 21, 2007, 2:47 pm |
| Security Breaches Pandemic - Deloitte Touche 2006 Global Security Survey | June 29, 2006, 12:42 am |
| Full-disclosure Down any news. | December 10, 2004, 10:32 am |
|
XML site map