ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Local Encryption ... Why Not?

    Scheduled Pinned Locked Moved IT Discussion
    357 Posts 15 Posters 190.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BRRABillB
      BRRABill @scottalanmiller
      last edited by

      @scottalanmiller said:

      I understand in the HIPAA world because security is not a related topic and laws are, it's probably worth encrypting local drives, even if we lose data, because we don't care about losing data, we care about getting sued. But it is really important to understand that the reasons we do it for HIPAA are not security related and that HIPAA discussions don't apply to non-HIPAA discussions.

      Agreed.

      Though I also use SED personally. Just in case.

      I'm a "WHAT IF"-er. 😉

      1 Reply Last reply Reply Quote 0
      • BRRABillB
        BRRABill
        last edited by

        You know, whilst at lunch today, this paper thing (and encryption in general) kind of clicked for me.

        (This story might seem long winded, but it has a point)

        I had my trusty little Moleskin mini notebook with me, with notes I had jotted down on Christmas gifts. I usually put this thing in my shirt pocket, but I have no shirt pocket today, so I put it in my back pants pocket. Then I thought ... what if this thing fell out of my pocket? So what? I said to myself. Ah. There it is. There is nothing of value in there. I don't write anything personal or sensitive in there. If I ever did need to, I would encode it, as we have been talking about. Like add 5 to all the PIN numbers or something. But generally I would know better than to store anything important in a notebook I carry around in my pocket and could lose.

        Now, being the paranoid type, I would still worry that I had something in there. Because sometimes I admit I am a little careless about things. But for the most part I wouldn't worry about it.

        Same things holds for other notebooks I have. I write some more sensitive stuff in them, but they are more for my inside the office use. Very slim chance of them getting lost. Though I always write code in those too, just to protect from prying eyes.

        1 Reply Last reply Reply Quote 1
        • scottalanmillerS
          scottalanmiller
          last edited by

          Here is someone fearful of encryption ending up, by accident, acting like a threat: http://community.spiceworks.com/topic/1357724-de-encrypting-network-shares-server-question

          DashrenderD BRRABillB 2 Replies Last reply Reply Quote 0
          • DashrenderD
            Dashrender @scottalanmiller
            last edited by

            @scottalanmiller said:

            Here is someone fearful of encryption ending up, by accident, acting like a threat: http://community.spiceworks.com/topic/1357724-de-encrypting-network-shares-server-question

            I'm not sure how he would prevent someone from putting encrypted files onto the network?

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller
              last edited by

              Yeah, he can prevent one system from doing it, but not someone encrypting files and dropping them.

              1 Reply Last reply Reply Quote 1
              • BRRABillB
                BRRABill @scottalanmiller
                last edited by

                @scottalanmiller said:

                Here is someone fearful of encryption ending up, by accident, acting like a threat: http://community.spiceworks.com/topic/1357724-de-encrypting-network-shares-server-question

                I never said there weren't risks.

                You always have to have systems to get around the encryption for your own uses, and also good backups.

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @BRRABill
                  last edited by

                  @BRRABill said:

                  @scottalanmiller said:

                  Here is someone fearful of encryption ending up, by accident, acting like a threat: http://community.spiceworks.com/topic/1357724-de-encrypting-network-shares-server-question

                  I never said there weren't risks.

                  You always have to have systems to get around the encryption for your own uses, and also good backups.

                  But if there are risks, that answers the "why not" question. It's only in cases where there is no or effectively no downsides (good examples are virtualize every server and open sources is always better than closed source for end users) where you don't have to weigh the options. But with encryption, it's not a clear win. The weighting leans heavily towards encryption, I grant you, but there are downsides strong enough to warrant needing to consider if it is truly adding enough to make up for what it takes away. It remains situational.

                  BRRABillB 1 Reply Last reply Reply Quote 0
                  • BRRABillB
                    BRRABill @scottalanmiller
                    last edited by

                    @scottalanmiller said:

                    But if there are risks, that answers the "why not" question. It's only in cases where there is no or effectively no downsides (good examples are virtualize every server and open sources is always better than closed source for end users) where you don't have to weigh the options. But with encryption, it's not a clear win. The weighting leans heavily towards encryption, I grant you, but there are downsides strong enough to warrant needing to consider if it is truly adding enough to make up for what it takes away. It remains situational.

                    True, though as I have said (and as the recent article posted from InfoWorld) if we can somehow move to a world where everything is encrypted, and there is little cost, that would be ideal, I think.

                    1 Reply Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender
                      last edited by

                      Considering the current political climate - I'm wondering how long until HIPAA is repealed because of it's leanings toward encryption. LOL

                      I say this in complete jest, but damn.. those fools!

                      1 Reply Last reply Reply Quote 1
                      • BRRABillB
                        BRRABill
                        last edited by

                        I'm really torn in the discussion of a governmental backdoor to all encryption, as they want.

                        One one hand, I don't trust the government, and I do think we should be able to protect our data.

                        On the other hand, people always say "what if your child was abducted and the info was on the person's phone but they couldn't access it", or to be able to intercept terroristic threats.

                        So I see both sides.

                        Typically, though, I lean towards encryption.

                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                        • DashrenderD
                          Dashrender
                          last edited by

                          And yet, when pressed for information that was obtained in places where they did manage to solve a crime because they broke/hacked/found password to encrypted files - they remain mute.

                          I really don't think they get as much as they want us to believe they could by decrypting everything.

                          Not only that - making the companies do this does NOTHING to actually help against someone who wants a real secure system - they simply will break the law and use products that don't have those back doors.

                          1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @BRRABill
                            last edited by

                            @BRRABill said:

                            I'm really torn in the discussion of a governmental backdoor to all encryption, as they want.

                            One one hand, I don't trust the government, and I do think we should be able to protect our data.

                            On the other hand, people always say "what if your child was abducted and the info was on the person's phone but they couldn't access it", or to be able to intercept terroristic threats.

                            So I see both sides.

                            Typically, though, I lean towards encryption.

                            Problem is that back doors can be used by abductors and terrorists too. It's not just by the government. And which is a bigger threat, terrorists or the government? Terrorists pose practically no threat. They make the news but cause very little damage. The government, however, is a major threat to freedom and safety. Giving the government access to that stuff doesn't only create safety, it takes it away too. The question is, how much does it do of which?

                            Anything that gives good guys access gives bad guys access. There is no technology that only helps good people.

                            1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller
                              last edited by

                              So another question becomes, if you are okay with encryption that has a back door, are you really using encryption?

                              DashrenderD BRRABillB 2 Replies Last reply Reply Quote 0
                              • DashrenderD
                                Dashrender @scottalanmiller
                                last edited by

                                @scottalanmiller said:

                                So another question becomes, if you are okay with encryption that has a back door, are you really using encryption?

                                hence my quandary about HIPAA (even though it's not directly encryption related). lol

                                1 Reply Last reply Reply Quote 0
                                • BRRABillB
                                  BRRABill @scottalanmiller
                                  last edited by

                                  @scottalanmiller said:

                                  So another question becomes, if you are okay with encryption that has a back door, are you really using encryption?

                                  My feeling on encryption is really to prevent against the common thief.

                                  I agree with you, once they have the physical system, you have no protection.

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @BRRABill
                                    last edited by

                                    @BRRABill said:

                                    @scottalanmiller said:

                                    So another question becomes, if you are okay with encryption that has a back door, are you really using encryption?

                                    My feeling on encryption is really to prevent against the common thief.

                                    I agree with you, once they have the physical system, you have no protection.

                                    But a backdoor is designed to defeat the encryption, it's basically an "off switch." It means that potentially anyone has access and that the encryption wasn't to prevent theft. If there are backdoors, what was the encryption for?

                                    BRRABillB 1 Reply Last reply Reply Quote 0
                                    • BRRABillB
                                      BRRABill @scottalanmiller
                                      last edited by

                                      @scottalanmiller said:

                                      But a backdoor is designed to defeat the encryption, it's basically an "off switch." It means that potentially anyone has access and that the encryption wasn't to prevent theft. If there are backdoors, what was the encryption for?

                                      My assumption is that only the company itself (such as Apple) and the government have access to this backdoor.

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @BRRABill
                                        last edited by

                                        @BRRABill said:

                                        @scottalanmiller said:

                                        But a backdoor is designed to defeat the encryption, it's basically an "off switch." It means that potentially anyone has access and that the encryption wasn't to prevent theft. If there are backdoors, what was the encryption for?

                                        My assumption is that only the company itself (such as Apple) and the government have access to this backdoor.

                                        Why would you assume that? What makes that even remotely likely?

                                        BRRABillB 1 Reply Last reply Reply Quote 0
                                        • BRRABillB
                                          BRRABill @scottalanmiller
                                          last edited by

                                          @scottalanmiller said:

                                          Why would you assume that? What makes that even remotely likely?

                                          You think random people would just have access to it?

                                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller
                                            last edited by

                                            Backdoors, by their very nature, tend to spread. They are difficult to hide for one thing as the code, even closed code, gives them away if studied. And once exposed they are unstoppable. All it takes is one person being aware of them and telling someone else and all security is disabled almost instantly and automatically. Barracuda tried this, for example, and for a little while only the bad guys knew about it. Now it is public knowledge and anyone can look up how to backdoor through their firewalls.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 17
                                            • 18
                                            • 5 / 18
                                            • First post
                                              Last post