Yup it is a FUD that lot of people buy into. FDE is mostly for mobile devices where there is a chance of device being stolen or lost. What most people overlook is the fact that any diligent organization also backups the data from the computers to a in-house backup system or a off-site backup solution (e.g. http://www.evault.com/)
If you select a decent FDE solution it should be able to handle various disaster recovery option. Here are some scenarios: 1) The user forgets the pre-boot authentication password: Many FDE solutions (e.g. Secude, Pointsec) provide ways to recover password by using a offline Challenge Response mechanism. The user doesn't have to be on the network. All the user needs to do is to call the Helpdesk to perform a key recovery routine. 2) The HDD is physically damaged (partially). Again some FDE solutions provide way to decrypt the partial recoverable data without the need of the full HDD to be intact. 3) The HDD is completely damaged (no data recovery possible). Having FDE doesn't make things any worse. The user will have to retrieve data from the backup anyways, FDE or not. I am sure I am missing some, hopefully other readers will chip in. On 3/2/07, Allen <[EMAIL PROTECTED]> wrote: > Hi Gang, > > I've run into a FUD objection to FDE for health care laptops. > Apparently some blogger has been having an intelligent but not > well informed series of posts that say (as I've been told) that > the risks of data loss due to losing encryption keys and/or weak > passwords is so high that FDE is not a viable option to > protecting private data. > > While I will grant that this is possible, but I don't believe > this type of thinking really applies in an enterprise as it > assumes that there is no encryption key management solution in > place and that there is no strong password standards in place, > both of which are the case with the individual user that is not > part of a managed network. Is my thinking wrong? > > Are there any white papers or data anyone could point me to so I > can combat the FUD? Can anyone point me to the blog on this? I > can't seem to locate it and it's causing a major amount of grief > for protecting medical data in one location. I believe it is > because they really don't understand the structure that must be > in place and how it works. > > Thanks a bunch, > > Allen Schaaf > Business Process Analyst > Information Security Analyst > Training & Instructional Designer > Sr. Writer & Documentation Developer > Certified Network Security Analyst and > Intrusion Forensics Investigator - CEH, CHFI > Certified EC-Council Instructor - CEI > > Security is lot like democracy - everyone's for it but > few understand that you have to work at it constantly. > > _______________________________________________ > FDE mailing list > [email protected] > http://www.xml-dev.com/mailman/listinfo/fde > _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
