Re: Whole disk encryption

Mon, 28 Aug 2006 07:11:09 -0700 

Thanks everyone for your responses!
I agree with the virtual partition instead of whole-disk. It is my understanding that in the virtual partition, the files will remain encrypted until you open them, thus also protecting them from the network. Whole-disk will decrypt everything after you enter the password on boot-up. 

Sarah


At 10:35 PM 8/24/2006, you wrote:

Hi Sarah,
hi group,

as a security auditor and consultant I normally suggest

(1) to implement as many security as available, but no more security than 
really needed.
The need should follow an individual risk classification to all IT assets 
/ data of a company.



It doesn't make sense to encrypt a folder/partition with none critical 
data on it.
But it really makes sense to encrypt folders/partitions of sensitive data 
(e.g. internal strategics/business plans, internal financial statements, 
company secrets, ...).


Everytime you encrypt / decrypt a file, folder or partition you will have
- file access to the harddisk,
- processor load,
- memory access
- ...

This influences the performance of each system. On some systems more 
significant than on others.



So on company wide file servers, an encrypted partition should exist, 
there people have to store their classified files aligned to their given 
rights and according the company security policy / risk classification.
On mobile devices people should have an encrypted directory or partition, 
which is access-protected by password or comparable methods and can be 
mounted (dismounted), when needed (not needed) and there they have to 
store their classified files according the company security policy / risk 
classification.


This strategy follows the given suggestion (1).


Ok. When influenced by real great paranoia, a company also can create a 
policy, that all HDD need to be encryted. But this is part of the same 
category, like prohibiting the connection of any hardware to any network. ;-)


Cheers,
Dietrich

>Sarah wrote:
>

>What is the consensus of the group on the use of whole disk encryption 
in an enterprise 
environment? >------------------------------------------------------------ 
---------------

>---------------------------------------------------------------------------


Sarah Felske
Server Administrator
Information Technology Service

Bowling Green State University 



---------------------------------------------------------------------------
---------------------------------------------------------------------------




























					Reply via email to