[unisog] Drive Encryption (was: Windows Encrypted File System (EFS))

Jim Dillon Jim.Dillon at cusys.edu
Wed Feb 15 20:11:37 GMT 2006



I've been testing Kensington's PC-Key encryption, a USB Dongle/Key and
full drive (almost) encryption.  I've had some doubts about how well it
was working, but after viewing the filespace using a Knoppix disk and
doing the same in safe mode it appears to be working as advertised.


Kensington has been a royal pain - I do not recommend them as a vendor,
but the product seems to work well.  I notice no slowdown (using it on a
2.2 GHz notebook), encrypts all but the Windows and C:Root directories
plus a few designated files, and is pretty much undetectable once
booted.  You can remove the key once you've booted, but can't boot
without it.  We paid about $56 for it I think.


Your certificate for emergency decryption is stored by Kensington, and
is protected by your own three challenge/response questions in case the
key is lost.  Encryption took about 3.5 hours on my box, had problems
with our network policy (related to screen blankers) but otherwise
worked as advertised.  No documentation, and terrible customer support,
the worst I've ever encountered.


All that aside, it appears to be working fine, no hiccups or slowdowns.
It claims to be AES 128 encryption, and having the two-factor protection
is nice.  There is some user awareness though, as the root, Windows, and
Program Files directories are not encrypted.  Of course it is a Windows
product as well so it won't help you if you are using Linux or
something.  It will encrypt all attached drives and devices if you wish.


May be worth a look - better than volume only encryption in that it does
cover most of the entire disk, and is two-factor.  I wish I could trust
the vendor a bit more than I do, their help-desk experience is akin to
driving nails under your fingernails while they pour lemon-juice on
them.  I know of no other full-disk solution though that doesn't have a
reputation for slowing down your average processing, and this one does
not appear to significantly.  As a user, you have to remember that
compression is out once encrypted, including WinZip - no one will ever
be able to read your zipped files and such, you have to do that in an
unencrypted volume.  Should be obvious, but it has caught me 3 times; I
miss my WinZip.


Best regards,





Jim Dillon, CISA, CISSP

IT Audit Manager, CU Internal Audit

jim.dillon at cusys.edu





From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Andy Johnston
Sent: Wednesday, February 15, 2006 8:21 AM
To: UNIversity Security Operations Group
Subject: [unisog] Drive Encryption (was: Windows Encrypted File System


Along these lines, does anyone have experience with drive encryption
packages such as PGP Desktop?  Or anything (including  EFS, if you have
a policy requiring it) that uses encryption to secure stored data?  Has
anything like this been implemented in a university setting (or a part
of one)?  If so, does it help and how much of a pain is it to support?  

Subjective opinions and hearsay appreciated.


- Andy

Stasiniewicz, Adam wrote: 

It does have its uses.  It is designed to be a transparent file system
encryption system.  It is not designed to replace GPG, PGP, or any other
file based encryption system.  If you are looking for something that
protects files while in transit, EFS is not for you.  If you are looking
for something to secure file stored on a HD that has a risk of being
stolen, EFS might be an option for you.

	Clyde Hoadley, CISSP, GSEC
	Security & Disaster Recovery Coordinator
	Department of Information Technology
	Metropolitan State College of Denver
	<hoadleyc at mscd.edu> <mailto:hoadleyc at mscd.edu> 
	(303) 556-5074 (office)
	(720) 232-4737 (personal cell)
	unisog mailing list
	unisog at lists.sans.org

unisog mailing list
unisog at lists.sans.org

* Andy Johnston (andy at umbc.edu)      *                               *
* IT Security                        *PGP key:(afj2005) 4096/1BB51DFA*
* UMBC OIT                           * 88 CA 0D 45 C2 0E 0B 0F 3F 55 *
* 410-455-2583 (v)/410-455-1065 (f)  * 7A BD FE 3C 84 6F 1B B5 1D FA *
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/unisog/attachments/20060215/62ae1514/attachment-0001.htm

More information about the unisog mailing list