Full Disk Encryption

brady

brady

Secured
Guru
VIP
Local time
1:28 AM
Messages
1,426
Location
San Diego
Howdy, I am currently using "TrueCrypt" at the moment. This solution is viable but very user unfriendly, our password policy for compliance and regulation(s) is currently 18+ characters due to bruteforce and dictionary cracks, thus giving the remote user a headache. This solution also requires a password right after powering up, this is problematic due to prompted restarts after patches and whatnot prompting the need for remote user interaction to get the machine back "online" for scans and further updates. Is anyone out there deploying disk encryption to "remote" users that may be using a better solution?
 

My Computer

OS
7 Pro
brady said:
Howdy, I am currently using "TrueCrypt" at the moment. This solution is viable but very user unfriendly, our password policy for compliance and regulation(s) is currently 18+ characters due to bruteforce and dictionary cracks, thus giving the remote user a headache. This solution also requires a password right after powering up, this is problematic due to prompted restarts after patches and whatnot prompting the need for remote user interaction to get the machine back "online" for scans and further updates. Is anyone out there deploying disk encryption to "remote" users that may be using a better solution?
Click to expand...
.
Since the issue is retyping difficult passwords perhaps a usb device, such as the Yubikey, would help?
 

My Computer

Computer type
PC/Desktop
OS
Windows 7 x64
CPU
Intel Core2 Extreme Q6850 3.00GHz
Motherboard
EVGA 132-CK-NF79
Memory
8 GB
Graphics Card(s)
Radeon R7 260X
Sound Card
Xonar DS
Hard Drives
Hitachi Deskstar 1 tb
I don't know how about automated decryption upon login?
Just map everything to a seperate drive, and the OS is unencrypted.
I know that MS has something of that sort, never used it though due to me dualbooting all the time.

Almost every OS has the possibility to automate scriptexecution upon login/logof or startup/shutdown, how about writing some scripts
decrypting the drives using a key residing with you?

Problem is,the key isn't with the user and the user doesn't want to enter the password.
The Password/keyfile has to reside on the server hence you have a securityproblem.
Automated decryption/mounting has the problem that the chain of security is only as strong as it's weekest links.

Are the ecrypted hdd's on the same system or are we talking about a network?
sincerly

s0s0
 

My Computer

OS
Windows 7
You must log in or register to reply here.
Back
Top