[unisog] Full Disc Encryption use and implementation strategy Discussion Forum

Saqib Ali docbook.xml at gmail.com
Tue Oct 3 02:51:39 GMT 2006


In the light of recent laptops theft and data security breaches, large
corporations, educational and government institutions are looking at
various Full
Disc Encryption (FDE) solution to protect their confidential data on
mobile devices. While it may be easy to choose and implement a Full
Disk Encryption in a small office, it is not the case with large
institutions. These institutions are struggling with the design and
architecture of the FDE and key management solutions. The design has
to account for the key management solution in case of accidental
destruction of the encryption key or employee leaving the company
without handing over the encryption tokens/keys. The design also has
to account for requirements for proper imaging of the HDD in case the
OS and all the data have to be revived to its original form. Hardware
Token and USB Key as a mean of authentication is also a point of
discussion.

There are multiple tools available in the market that allow for full
disk encryption. However they vary greatly. They are divided into two
main categories – hardware based and software based. The hardware
based full disk encryption solutions are considerably faster than the
software based solutions, and usually produce no overhead for the CPU
or the HDD. The software based solutions, while inexpensive, create
considerable overhead for the CPU depending on the type of encryption
used.

A limited number of full disk encryption solutions also support
Trusted Platform Module to tie the encrypted HDD to a particular
platform. TPM can make the key recovery possible and simplify single
sign on.

To address the questions and concerns mentioned above I have decided
to create a mailing list dedicated to Full Disk Encryption Technology
and Key Management solutions.

To subscribe, please email fde-subscribe at www.xml-dev.com
or visit:
http://www.xml-dev.com/mailman/listinfo/fde

("This is a Ad-Free Mailing List, so please DO NOT join if you only want
to advertise your products"). Also please DON'T inquire about adding
Ads to footer of the email.

Vendors are welcome to join if they bring constructive feedback to the
discussion.

This mailing list will be moderated for all new members.

Thanks
Saqib Ali


-- 
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------



More information about the unisog mailing list