Full Disk Encryption

brady

brady

Secured
Guru
VIP
Local time
9:33 PM
Messages
1,426
Location
San Diego
Howdy, I am currently using "TrueCrypt" at the moment. This solution is viable but very user unfriendly, our password policy for compliance and regulation(s) is currently 18+ characters due to bruteforce and dictionary cracks, thus giving the remote user a headache. This solution also requires a password right after powering up, this is problematic due to prompted restarts after patches and whatnot prompting the need for remote user interaction to get the machine back "online" for scans and further updates. Is anyone out there deploying disk encryption to "remote" users that may be using a better solution?
 

My Computer My Computer

At a glance

7 Pro
OS
7 Pro
brady said:
Howdy, I am currently using "TrueCrypt" at the moment. This solution is viable but very user unfriendly, our password policy for compliance and regulation(s) is currently 18+ characters due to bruteforce and dictionary cracks, thus giving the remote user a headache. This solution also requires a password right after powering up, this is problematic due to prompted restarts after patches and whatnot prompting the need for remote user interaction to get the machine back "online" for scans and further updates. Is anyone out there deploying disk encryption to "remote" users that may be using a better solution?
Click to expand...
.
Since the issue is retyping difficult passwords perhaps a usb device, such as the Yubikey, would help?
 

My Computer My Computer

At a glance

Windows 7 x64Intel Core2 Extreme Q6850 3.00GHz8 GBRadeon R7 260X
Computer type
PC/Desktop
OS
Windows 7 x64
CPU
Intel Core2 Extreme Q6850 3.00GHz
Motherboard
EVGA 132-CK-NF79
Memory
8 GB
Graphics Card(s)
Radeon R7 260X
Sound Card
Xonar DS
Hard Drives
Hitachi Deskstar 1 tb
Richter said:
I don't think many users encrypt their drives though ;)
Click to expand...

We do when OTS requires it ;)
Victek said:
Since the issue is retyping difficult passwords perhaps a usb device, such as the Yubikey, would help?
Click to expand...

This would also break regulation due it being in control of the "end user"
 

My Computer My Computer

At a glance

7 Pro
OS
7 Pro
I don't know how about automated decryption upon login?
Just map everything to a seperate drive, and the OS is unencrypted.
I know that MS has something of that sort, never used it though due to me dualbooting all the time.

Almost every OS has the possibility to automate scriptexecution upon login/logof or startup/shutdown, how about writing some scripts
decrypting the drives using a key residing with you?

Problem is,the key isn't with the user and the user doesn't want to enter the password.
The Password/keyfile has to reside on the server hence you have a securityproblem.
Automated decryption/mounting has the problem that the chain of security is only as strong as it's weekest links.

Are the ecrypted hdd's on the same system or are we talking about a network?
sincerly

s0s0
 

My Computer My Computer

At a glance

Windows 7
OS
Windows 7
You must log in or register to reply here.

Similar threads

Flaws in self-encrypting SSDs let attackers bypass disk encryption
Replies
2
Views
1K
Brds7t7
Brds7t7
Solved Whole disk encryption for GPT filesystem running 7
Replies
5
Views
17K
computergeekguy
computergeekguy
My Review of Samsung 840 EVO SSD Full Drive Encryption.
Replies
5
Views
57K
up2trix
U
Full Disk Encryption
Replies
2
Views
5K
Maguscreed
Maguscreed
Solved Failed boot into Windows 7 after converting from dynamic to basic disk
Replies
10
Views
11K
gregrocker
gregrocker
Back
Top