illurity-logo
Log in

Site menu:

Categories

Tags

Site search

October 2018
M T W T F S S
« Dec    
1234567
891011121314
15161718192021
22232425262728
293031  

Links:

Archives

Full Disk Encryption

The US Government is in the process of doing a product comparison to select a solution (or solutions) for full disk encryption after last year’s mandate. Full disk encryption has advantages over file-based encryption, including non-selectively encrypting the whole disk, including system and boot partitions.

Very useful toward the devaluation of data in the event of theft, but the language of the mandate (“Encrypt all data on mobile computers/devices which carry agency data…”) is not explicitly clear on the treatment of removable storage devices like USB drives. Given the likelihood of losing these devices, the requirement for their encryption should be even stronger.

Another approach to FDE that comes to mind is virtualization: Run a simple base-OS (e.g. a minimalist/unencumbered Linux or Windows) where the only application is a VM player. The user then runs the virtualized PC as the primary environment. The base-OS encrypts the VM files (easily including system and swap spaces). Virtual “bare-metal” backup of the entire primary PC also becomes very simple. Widespread adoption could take some time due to performance issues (which are being constantly ameliorated by VM software and hardware advancements) but building some automation around such an approach could make it serviceable at least in business environments.

Share: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Twitter
  • LinkedIn
  • Facebook
  • email
  • Google Bookmarks
  • del.icio.us
  • StumbleUpon
  • Reddit

You must be logged in to post a comment.