Main Menu

Full Disk Encryption - FDE

Started by JohnGage, November 14, 2011, 04:30:48 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

JohnGage

Looking at some options in this regard but first want to make sure I have my head properly wrapped around the whole idea.

Server holds data and only PCs with the client software (and crypto key) installed can access server data. - Correct?
Clients are also encrypted and a passphrase is provided by user before OS login. - Also correct?

For a few reasons I am considering TrueCrypt for workstations and a commercial product (PGP?) for the server.  My thought process is I don't want to rely on the TC forums for a problem on my server.  I know it's a popular product but I need someone to call if a problem comes up.  If TC somehow bombs on a workstation there shouldn't have been any irreplaceable data anyway.  Commercial product on the server so I get the security of a support contract at minimal cost of only 1 license per server.

Can anyone confirm my thoughts and give their .02 on my preliminary plan?
John Gage
Systems Admin
Knight Crockett Miller Insurance Group - Toledo, OH
4 locations in Ohio and Indiana

53 users TAM Online

Bloody Jack Kidd

I think these technologies encrypt data, while it's on the disk only and the decryption engine sits at a fairly low-level in order for the data to be decrypted so the OS can read it's own files.  I assume once a higher level protocol, like SMB, has the data, it's already decrypted.

From what I understand, the primary reason for using whole disk encryption is to protect the data from compromise should the hardware fall into the wrong hands.
Sysadmin - Parallel42

Mark

I think the point Rick might be trying to make (and I'd agree with) is that it may be unnecessary to encrypt the server disks... unless they travel.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Bloody Jack Kidd

it's nice to have a translator on hand...

;)
Sysadmin - Parallel42

Jan Regnier

Not that I can contribute anything to this conversation - but thought I would mention that Sophos has Full Disk Encryption - not sure if it is available NOW but I did just listen to a webinar regarding Endpoint 10 that is supposed to be released in December and that was one of the areas briefly discussed along with Patch assessment for PCs and Web security that will be Add-Ons to your current licenses.
Jan Regnier
jan.regnier@meyersglaros.com
Meyers Glaros Group, Merrillville, IN 26 Users
EPIC 2020, Office 365, Indio

Bloody Jack Kidd

Hey - I was in that webinar too - I didn't see you!
Sysadmin - Parallel42

Jan Regnier

Did they list attendees?  I didn't see a list...I thought it would be a lot of people since it was Users only. 
Jan Regnier
jan.regnier@meyersglaros.com
Meyers Glaros Group, Merrillville, IN 26 Users
EPIC 2020, Office 365, Indio

Bloody Jack Kidd

No list - I was being facetious... but I did attend the webinar.  It was good - nice new features, but unfortunately they cost extra.
Sysadmin - Parallel42

Jan Regnier

LOL - many times the attendees are listed for these things!  Yes - I thought the same thing.....not that I would be taking advantage of all the things offered..but since we seem to working OK...that old saying....If it's not broke don't fix it.....applies here.
Jan Regnier
jan.regnier@meyersglaros.com
Meyers Glaros Group, Merrillville, IN 26 Users
EPIC 2020, Office 365, Indio