When to encrypt
Silentsoul
Member Posts: 260
in Off-Topic
I will be starting my new job on Thursday, I will be getting a desktop and a laptop. The director has told me to do with them as I see fit as far as setup and what not. Since it is only me and the director and I will be in charge of repairing and running the network and system I will have a lot of confidential information so here is my question. In the world of all these lost laptops and information, should I take these work computers and use some sort of third party software to encrypt all or an area of the drive to ensure files stored on it are safe and confidential. Seems since I will be starting from scratch and with nothing on the computers this would be a good time to try it out. Thanks for your input.
Comments
-
Silentsoul Member Posts: 260Do you guys think it is a good idea to encrypt the drives on these new computers, or should I just not worry about it?
-
RTmarc Member Posts: 1,082 ■■■□□□□□□□PointSec is one of the best out there. If money is an issue, look at TrueCrypt (free - opensource). My thoughts on the subject is encrypt anything that leaves your corporate office; even things that don't can be encrypted. You would be surprised what information can be gleaned from a machine that you think has nothing confidential stored on it.
Full disk encryption is the only way to go. -
shednik Member Posts: 2,005RTmarc wrote:Full disk encryption is the only way to go.
+1...I was reading a blog post Network Security Blog, the article he cited stated "close to 10,278 laptops are reported lost every week." Full disk encryption is the way to go! -
dynamik Banned Posts: 12,312 ■■■■■■■■■□shednik wrote:RTmarc wrote:Full disk encryption is the only way to go.
+1...I was reading a blog post Network Security Blog, the article he cited stated "close to 10,278 laptops are reported lost every week." Full disk encryption is the way to go!
Yea, that number is ridiculous.
+1 for True Crypt. -
Ahriakin Member Posts: 1,799 ■■■■■■■■□□Truecrypt is superb, you can easily encrypt and then decrypt the drive when you are using it, no data loss either way so give it a try and if you don't like it just decrypt the drive. I'd definitely encrypt the Laptop(s), Desktops preferably but you do have more physical security (presumably) to mitigate risk so it's your call based on the chance of theft vs. the confidentiality of the data they house.We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
-
JDMurray Admin Posts: 13,089 AdminI secured my workstation (Vista Ultimate, 32-bit) with TrueCrypt 6.0a with full system disk encryption. When the computer boots, you must enter a pre-boot password or it will not boot. If you loose the password or the rescue disk, you are screwed. There may be a utility that will try to brute-forcing a TrueCrypted pre-boot password, but it would be quicker just guessing and hope that you remember.
I must say that, in reflection, disk encryption isn't necessary for a computer unless it (or its hard disks) will be leaving a secured area. Obviously, it's a must for laptops, but not for desktops, unless there is a danger of the computer being carried off. If you need to encrypt information in a folder or partition, you can use TrueCrypt, but Windows EFS or BitLocker would be more convenient.
Another problem with full disk encryption is that it's not possible to enter the pre-boot password remotely. If you work remotely over a VPN and install software or a Windows update that reboots your computer, you are screwed unless someone physically at the computer can enter the pre-boot password for you. THis is really a problem with unattended servers that are set to reboot when they auto-update or blue-screen.
I decrypted my system disk and it's all back to normal. I'll save the system disk encryption for laptops and just use encrypted volumes on my workstation. -
Ahriakin Member Posts: 1,799 ■■■■■■■■□□Technically though you need to lose the Password AND the Rescue Disk to be hosed, the rescue is there as an emergency decrypter even if you have changed your password since the initial install. Which also you means you really need to secure them too.
Encrypting a server would be pretty extreme to me, I can see why ultra secret stuff might need it but for the average business if your physical security is lax enough for the server to be taken anyway you're screwed well beyond worrying about encryption at all imho. Still I guess it's all about how far you want to go.We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place? -
Talic Member Posts: 423Is there any performance penalties with full disk encryption? If not, then I'll just do it with my T61 for the heck of it :P
Is it dual-boot friendly too? I always dual boot Linux and Vista 32 on my laptop. -
RTmarc Member Posts: 1,082 ■■■□□□□□□□Talic wrote:Is there any performance penalties with full disk encryption? If not, then I'll just do it with my T61 for the heck of it :P
Is it dual-boot friendly too? I always dual boot Linux and Vista 32 on my laptop.
TrueCrypt has an option that allows for dual booting. I've never used it so I can't speak to it being friendly or not but the option is there. -
JDMurray Admin Posts: 13,089 AdminTalic wrote:Is there any performance penalties with full disk encryption? If not, then I'll just do it with my T61 for the heck of it :P