ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Local Encryption ... Why Not?

    IT Discussion
    15
    357
    173.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stacksofplates @dafyre
      last edited by

      @dafyre said in Local Encryption ... Why Not?:

      @stacksofplates said in Local Encryption ... Why Not?:

      @stacksofplates said in Local Encryption ... Why Not?:

      @scottalanmiller said in Local Encryption ... Why Not?:

      @brrabill said in Local Encryption ... Why Not?:

      Still think FDE is a good way to go to protect against the non "deep state" hackers.

      FDE does nothing against hacking, though, but is effective against people who walk off with your desktops. But hackers would never even know FDE was there, it's bypassed once the machine is powered on.

      Unless you use LUKS with passwords or something like a Yubikey.

      This is a gripe I've had with Bitlocker. Ya it's encrypted so someone can't just take a drive, but if they take the whole system it's unencrypted with the push of a button.

      It depends on if you are using a passphrase on the disk or if your computer has a TPM module. If it's TPM, then you're right. If you have a passphrase, then you're in a little better shape.

      Right. I'm referring to TPM.

      1 Reply Last reply Reply Quote 0
      • S
        stacksofplates @Carnival Boy
        last edited by

        @carnival-boy said in Local Encryption ... Why Not?:

        @stacksofplates said in Local Encryption ... Why Not?:

        This is a gripe I've had with Bitlocker. Ya it's encrypted so someone can't just take a drive, but if they take the whole system it's unencrypted with the push of a button.

        How? I'm not familiar with Bitlocker although it is installed on my laptop.

        If it's using TPM to unlock, all you have to do is turn it on.

        C 1 Reply Last reply Reply Quote 0
        • S
          stacksofplates @hobbit666
          last edited by

          @hobbit666 said in Local Encryption ... Why Not?:

          Just been re-reading some of this,

          I need to "reinstall" my computer, might do it this afternoon. (need to install another SSD coz i can ๐Ÿ™‚ )

          Might give Scott's idea of nothing stored on the local machine a go ๐Ÿ™‚ have everything On-Line, maybe not even use Outlook ๐Ÿ™‚ . Most of the files i need/use are either in SharePoint or my OneDrive (or should be going forward)

          All of my dotfiles are in version control. Every time I open a new terminal it checks for changes. So really the only thing that's local for me is the applications that are installed (and keys).

          0_1523021232192_terminal.png

          1 Reply Last reply Reply Quote 1
          • C
            Carnival Boy @stacksofplates
            last edited by

            @stacksofplates said in Local Encryption ... Why Not?:

            If it's using TPM to unlock, all you have to do is turn it on.

            Sure, but Bitlocker with TPM allows you to setup a pre-boot pin, so all good.

            S S 2 Replies Last reply Reply Quote 0
            • S
              scottalanmiller @Carnival Boy
              last edited by

              @carnival-boy said in Local Encryption ... Why Not?:

              @stacksofplates said in Local Encryption ... Why Not?:

              If it's using TPM to unlock, all you have to do is turn it on.

              Sure, but Bitlocker with TPM allows you to setup a pre-boot pin, so all good.

              Yeah, if you do that, TPM does good stuff for mobile devices.

              1 Reply Last reply Reply Quote 0
              • S
                stacksofplates @Carnival Boy
                last edited by

                @carnival-boy said in Local Encryption ... Why Not?:

                @stacksofplates said in Local Encryption ... Why Not?:

                If it's using TPM to unlock, all you have to do is turn it on.

                Sure, but Bitlocker with TPM allows you to setup a pre-boot pin, so all good.

                Right, as long as you require something. Iโ€™ve seen some that just do TPM and nothing else. I guess itโ€™s not a gripe I have with Bitlocker. Just the fact that people donโ€™t pay attention to that. LUKS forces a password or some type of key.

                1 Reply Last reply Reply Quote 1
                • S
                  scottalanmiller
                  last edited by

                  Had a customer a few weeks ago lose their laptop because they encrypted it but couldn't figure out their password. Non-replaceable part. So it was hosed.

                  O 1 Reply Last reply Reply Quote 0
                  • J
                    jmoore
                    last edited by

                    I've advocated we store nothing on our laptops but so far its had little effect. We are very backward here unfortunately. I think storing mostly online is very good and makes services like Nextcloud very valuable in this scenario.

                    D S 2 Replies Last reply Reply Quote 0
                    • D
                      DustinB3403 @jmoore
                      last edited by

                      @jmoore said in Local Encryption ... Why Not?:

                      I've advocated we store nothing on our laptops but so far its had little effect. We are very backward here unfortunately. I think storing mostly online is very good and makes services like Nextcloud very valuable in this scenario.

                      Keeping files on a laptop aren't really the issue here. The customer in Scott's case setup disk or file system encryption and had no recovery method to get into the file system. Seemingly with some hardware encryption that once set it just had to get tossed out.

                      Encryption of any kind is a good thing generally speaking (not including ransomware) as its an easy to add level of security, but you need to have recovery methods otherwise you're up the creek without a paddle.

                      J S 2 Replies Last reply Reply Quote 0
                      • O
                        Obsolesce @scottalanmiller
                        last edited by Obsolesce

                        @scottalanmiller said in Local Encryption ... Why Not?:

                        Had a customer a few weeks ago lose their laptop because they encrypted it but couldn't figure out their password. Non-replaceable part. So it was hosed.

                        It's funny how a place with a handful of devices has problems with that, but a place that has 25 thousand encrypted devices across ~30 countries literally has not a single issue with it.

                        S 1 Reply Last reply Reply Quote 0
                        • J
                          jmoore @DustinB3403
                          last edited by

                          @DustinB3403 said in Local Encryption ... Why Not?:

                          @jmoore said in Local Encryption ... Why Not?:

                          I've advocated we store nothing on our laptops but so far its had little effect. We are very backward here unfortunately. I think storing mostly online is very good and makes services like Nextcloud very valuable in this scenario.

                          Keeping files on a laptop aren't really the issue here. The customer in Scott's case setup disk or file system encryption and had no recovery method to get into the file system. Seemingly with some hardware encryption that once set it just had to get tossed out.

                          Encryption of any kind is a good thing generally speaking (not including ransomware) as its an easy to add level of security, but you need to have recovery methods otherwise you're up the creek without a paddle.

                          Yeah totally agree. The person at our school had a bunch of financial data on it and got it stolen. So big fail there for us.

                          1 Reply Last reply Reply Quote 0
                          • S
                            scottalanmiller @Obsolesce
                            last edited by

                            @Obsolesce said in Local Encryption ... Why Not?:

                            @scottalanmiller said in Local Encryption ... Why Not?:

                            Had a customer a few weeks ago lose their laptop because they encrypted it but couldn't figure out their password. Non-replaceable part. So it was hosed.

                            It's funny how a place with a handful of devices has problems with that, but a place that has 25 thousand encrypted devices across ~30 countries literally has not a single issue with it.

                            Because one has IT doing it, and one has the end user doing it without consulting IT, obviously.

                            1 Reply Last reply Reply Quote 0
                            • S
                              scottalanmiller @jmoore
                              last edited by

                              @jmoore said in Local Encryption ... Why Not?:

                              I've advocated we store nothing on our laptops but so far its had little effect. We are very backward here unfortunately. I think storing mostly online is very good and makes services like Nextcloud very valuable in this scenario.

                              It was turned on by the vendor when delivered. Nothing was stored on the device and they had no idea that there was encryption on it.

                              DashrenderD 1 Reply Last reply Reply Quote 0
                              • S
                                scottalanmiller @DustinB3403
                                last edited by

                                @DustinB3403 said in Local Encryption ... Why Not?:

                                @jmoore said in Local Encryption ... Why Not?:

                                I've advocated we store nothing on our laptops but so far its had little effect. We are very backward here unfortunately. I think storing mostly online is very good and makes services like Nextcloud very valuable in this scenario.

                                Keeping files on a laptop aren't really the issue here. The customer in Scott's case setup disk or file system encryption and had no recovery method to get into the file system. Seemingly with some hardware encryption that once set it just had to get tossed out.

                                Encryption of any kind is a good thing generally speaking (not including ransomware) as its an easy to add level of security, but you need to have recovery methods otherwise you're up the creek without a paddle.

                                It's that they bought from a bad vendor who did it to them. They didn't set up encryption or install the device. They just went to a store and bought it. The problem is, consumer equipment from consumer vendors, in this case.

                                1 Reply Last reply Reply Quote 1
                                • DashrenderD
                                  Dashrender @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in Local Encryption ... Why Not?:

                                  @jmoore said in Local Encryption ... Why Not?:

                                  I've advocated we store nothing on our laptops but so far its had little effect. We are very backward here unfortunately. I think storing mostly online is very good and makes services like Nextcloud very valuable in this scenario.

                                  It was turned on by the vendor when delivered. Nothing was stored on the device and they had no idea that there was encryption on it.

                                  A new laptop showed up that way once - I was like - wth?

                                  S 1 Reply Last reply Reply Quote 0
                                  • S
                                    stacksofplates @Dashrender
                                    last edited by

                                    @Dashrender said in Local Encryption ... Why Not?:

                                    @scottalanmiller said in Local Encryption ... Why Not?:

                                    @jmoore said in Local Encryption ... Why Not?:

                                    I've advocated we store nothing on our laptops but so far its had little effect. We are very backward here unfortunately. I think storing mostly online is very good and makes services like Nextcloud very valuable in this scenario.

                                    It was turned on by the vendor when delivered. Nothing was stored on the device and they had no idea that there was encryption on it.

                                    A new laptop showed up that way once - I was like - wth?

                                    I think the bigger question was, it didn't get reimaged to whatever standard they're using?

                                    S 1 Reply Last reply Reply Quote 1
                                    • V
                                      VoIP_n00b
                                      last edited by

                                      Why no backups?

                                      D S 2 Replies Last reply Reply Quote -2
                                      • D
                                        DustinB3403 @VoIP_n00b
                                        last edited by

                                        @VoIP_n00b said in Local Encryption ... Why Not?:

                                        Why no backups?

                                        Because the logistics of getting backups going for user laptops is difficult if not impossible

                                        S 1 Reply Last reply Reply Quote 0
                                        • S
                                          scottalanmiller @VoIP_n00b
                                          last edited by

                                          @VoIP_n00b said in Local Encryption ... Why Not?:

                                          Why no backups?

                                          Backup of an encrypted system is still encrypted.

                                          1 Reply Last reply Reply Quote 0
                                          • S
                                            scottalanmiller @DustinB3403
                                            last edited by

                                            @DustinB3403 said in Local Encryption ... Why Not?:

                                            @VoIP_n00b said in Local Encryption ... Why Not?:

                                            Why no backups?

                                            Because the logistics of getting backups going for user laptops is difficult if not impossible

                                            And there is no data on them. Just can't get them to boot and the cost to fix it is costly. And since it's just a tablet, the cost of people working on it to reinstall an OS that they don't readily have and someone needing to go on site to deal with it is a problem.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 17
                                            • 18
                                            • 1 / 18
                                            • First post
                                              Last post