ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Software HDD Encryption: Poll

    Scheduled Pinned Locked Moved IT Discussion
    symantecmcafeesophos
    112 Posts 8 Posters 48.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • gjacobseG
      gjacobse
      last edited by

      @thecreativeone91 said:

      Bitlocker is in windows 7/8 Enterprise.

      We do not have Win 7 Enterprise.

      @thecreativeone91 said:

      @g.jacobse said:

      I'm looking at the three main players for Software HDD Encrypting: Symantec, McAfee and Sophos

      I'd avoid the first two here.

      Whats the main goal? What are you encrypting. Are you wanting just some files or the whole drive?

      My goal is to avoid them if possible.

      @scottalanmiller said:

      Yes, you can get drives that do this themselves without needing the software layer to handle it.

      Is it practical to order 65 hard drives, with many of the computers are older models? I have about twenty that I have ordered in the last 15 months.

      1 Reply Last reply Reply Quote 0
      • ?
        A Former User @scottalanmiller
        last edited by

        @scottalanmiller said:

        Yes, you can get drives that do this themselves without needing the software layer to handle it.

        You can even get Dell to load your CTO systems with them.

        1 Reply Last reply Reply Quote 0
        • gjacobseG
          gjacobse
          last edited by

          As for Encrypted HDDs I'm not sure I want to go this route as it would mean managing (x) number of devices from the device. I would rather have a central management console so that I can update the password if needed on any given device should the system become compromised. I have enough to do,.. I don't want to keep single managing devices if I don't have to.

          ? 2 Replies Last reply Reply Quote 0
          • ?
            A Former User @gjacobse
            last edited by

            @g.jacobse said:

            As for Encrypted HDDs I'm not sure I want to go this route as it would mean managing (x) number of devices from the device. I would rather have a central management console so that I can update the password if needed on any given device should the system become compromised. I have enough to do,.. I don't want to keep single managing devices if I don't have to.

            What's to manage with FDE Harddrives? The harddrive always encrypt - It's not possible to disable. You can change the encryption key in the bios but then you'd loose access to all data.

            1 Reply Last reply Reply Quote 1
            • scottalanmillerS
              scottalanmiller
              last edited by

              Nothing would be easier to manage than encrypted drives.

              gjacobseG 1 Reply Last reply Reply Quote 1
              • ?
                A Former User @gjacobse
                last edited by

                @g.jacobse said:

                so that I can update the password if needed on any given device should the system become compromised. I have enough to do,.. I don't want to keep single managing devices if I don't have to.

                What do you mean by Compromised? if if something gets on the system while it's running (virus etc) it will not see the encryption key. In fact it won't even know the drive is encrypted as the when logged in the files are un-encrypted.

                1 Reply Last reply Reply Quote 1
                • scottalanmillerS
                  scottalanmiller
                  last edited by

                  Drive encryption is only to protect against hardware theft - of someone pulling drives and running away with them. It has zero protection against compromise.

                  DashrenderD 1 Reply Last reply Reply Quote 1
                  • gjacobseG
                    gjacobse @scottalanmiller
                    last edited by

                    @scottalanmiller
                    So - Hard drives would be simpler than using a managed console? Where you are able to manage all (x) devices from a central location? Like updating the Admin / User passwords?

                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @gjacobse
                      last edited by

                      @g.jacobse said:

                      @scottalanmiller
                      So - Hard drives would be simpler than using a managed console? Where you are able to manage all (x) devices from a central location? Like updating the Admin / User passwords?

                      Under what circumstance would you ever manage them or change anything?

                      1 Reply Last reply Reply Quote 1
                      • gjacobseG
                        gjacobse
                        last edited by

                        There are a few times;
                        HDD password compromised by user (shared with someone that doesn't need it)
                        Defined password / security Policy dictates (not set currently)
                        IT staff departure

                        scottalanmillerS 3 Replies Last reply Reply Quote -1
                        • scottalanmillerS
                          scottalanmiller @gjacobse
                          last edited by

                          @g.jacobse said:

                          There are a few times;
                          HDD password compromised by user (shared with someone that doesn't need it)
                          Defined password / security Policy dictates (not set currently)
                          IT staff departure

                          Why would a user get an HDD encryption password?

                          1 Reply Last reply Reply Quote 1
                          • scottalanmillerS
                            scottalanmiller @gjacobse
                            last edited by

                            @g.jacobse said:

                            IT staff departure

                            Why would IT have it? There is no need for that. Use a break glass so that this doesn't happen.

                            1 Reply Last reply Reply Quote 1
                            • MattSpellerM
                              MattSpeller
                              last edited by

                              Are you looking to have a PW on boot?

                              gjacobseG 1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @gjacobse
                                last edited by

                                @g.jacobse said:

                                Defined password / security Policy dictates (not set currently)

                                This should be a key so not covered by a password policy.

                                1 Reply Last reply Reply Quote 1
                                • gjacobseG
                                  gjacobse @MattSpeller
                                  last edited by

                                  @MattSpeller said:

                                  Are you looking to have a PW on boot?

                                  Yes - Required password on boot. We must adhere to FIPs 140-2 for HIPPA and other compliance items.

                                  MattSpellerM scottalanmillerS 2 Replies Last reply Reply Quote 0
                                  • MattSpellerM
                                    MattSpeller @gjacobse
                                    last edited by

                                    @g.jacobse Ahhh ok now we're talking the same language.

                                    I'd opt for a BIOS pw - you can set them up with Dells, not sure what you're running. They can also be setup to completely wipe the drive after (10?) failed attempts.

                                    1 Reply Last reply Reply Quote 0
                                    • MattSpellerM
                                      MattSpeller
                                      last edited by

                                      HDD encryption is separate from the pw - thats where we were all confused.

                                      1 Reply Last reply Reply Quote 0
                                      • DashrenderD
                                        Dashrender @scottalanmiller
                                        last edited by

                                        @scottalanmiller said:

                                        Drive encryption is only to protect against hardware theft - of someone pulling drives and running away with them. It has zero protection against compromise.

                                        What about cases where the whole laptop is stolen? What prevents someone from just powering on the unit and trying to log in? Or is this not what drive encryption is for either?

                                        MattSpellerM scottalanmillerS 2 Replies Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @gjacobse
                                          last edited by

                                          @g.jacobse said:

                                          @MattSpeller said:

                                          Are you looking to have a PW on boot?

                                          Yes - Required password on boot. We must adhere to FIPs 140-2 for HIPPA and other compliance items.

                                          HIPAA does not require that.

                                          Are you sure that FIPs requires that? How is it stated?

                                          1 Reply Last reply Reply Quote 1
                                          • MattSpellerM
                                            MattSpeller @Dashrender
                                            last edited by

                                            @Dashrender If the whole laptop was stolen with full drive encryption then there is nothing to stop them powering it on and trying to log in. You'd need a BIOS / pre-OS password for that. FDE will make it so the drive is un-readable when you remove it from the laptop.

                                            scottalanmillerS 2 Replies Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 2 / 6
                                            • First post
                                              Last post