Given the origins of computing in the coding and decoding of messages, it’s fair to say that the heritage of encryption is as noteworthy as what we now call IT. Indeed the principles of algorithmic codification of data, and the maths behind them, go back way beyond the illustrious efforts of Alan Turing and his ilk in the Second …
IWhere I work in the public sector we have all laptops encrypted, and no remote reset capability for the passwords, since its too much of a potential security breach. Fair enough, but this all generates some tens of support calls per week, and have to involve laptop owner lising with an engineer to meet up at an appropriate location so there's physical access to reset he password. The extra support overhead is getting worryingly significant, not to mention the productivity loss whilst the machine is unusable.
It's not as if the technology doesn't exist
just tell them
that if they forget the password, they're fired.
I don't phone up my boss every 5 minutes moaning that I've forgotten how to do my job and need to be retrained. So why should I see it acceptable to phone him up asking for a new password all the time?
I have to remember dozens of codes and passwords and I don't complain. It's called being a professional.
Yeah, it should be done but.....
Well, at my company all laptops need to be encrypted. We used whole disk encryption, so you need to enter a password in order to boot the machine. Seemed relatively painless. However, if your hard drive crashes (been there, done that) life gets complex in a hurry.
Also, in a multiboot environment, there are also additional complexities. Like how to share data between 2 protected partitions. Um, I could use a clear data partition, but that kind of defeats the whole purpose doesn't it? Password encrypt individual files on the data partition? As the article said, that could be weak.
Store data in the cloud? Yeah, right!
Anyway, it's a good idea, but there are issues.
...does not beed to be encrypted if it is completely overwritten with random data on the shutdown of the PC. It would typciallly take about one minute or less to do that upon shutdown. The same is true with temporary directories.
Except of course that the swap file contains TONS of personal data. Whatever you open (emails, word documents) is stored in memory, lots of that ends up in the swap file.
If you don't encrypt the swap partition all an attacker has to do is pull the plug either on a running system or one in standby. Pull the drive and read the file, personal data say bye-bye.
The swap HAS to be encrypted, there is no choice there.
Note also that this sort of technique can even be used to pull data out of DRAMs, put the chips out of a running system and read them with another specialized device and much of your data will still be there. ALOT harder to acquire the necessary hardware, but easy if you have the right equipment.
RE: Swap File
In most cases the swap file does need to be, at all. With the possible exception for low-end laptops, every computer nowadays has multiple gigs of RAM. How often do you really need to work with more data than that at once anyway?
Encrypted or not, disks are already much slower than RAM. If you're using the disk as memory either something is really wrong, or you just don't care about performance.
Like anything else
It's all about time and trouble. Portable drives will always have the disadvantage of time not being an issue and that means stupid levels of encryption which will one day be obsolete and easy to crack anyway and hopefully the encrypted data will be more obsolete. Sure, it's better to keep everyone on a short leash and keep the data centrally located with limited secure physical access required but that isn't always practical. The trick is to maintain a reasonable balance and have a well defined security policy that is easy to follow.
Any state not requiring theft disclosure of encrypted drives is not one I wish to do business in. I can see it now, "Yes, rot13 encryption has been applied to all drives. We no longer need to disclose a theft".
That said, I'd wager half of data recovery is simply due to someone lost their sticky note, I mean, forgot their password. Every drive encryption will just make that situation worse.
We use full disk encryption at work
It runs fine, although it means that laptops essentially become non-portable machines because they cannot be run, away from a wall socket, for any great length of time (they're Dells, however, so it is debatable whether this ever was the case). Also, Windows Update usually has to be hand-held throughout its download and install process and the BITS manager is always fund to be not running, and has to be restarted from the command line using Registry commands, as nothing else is able to revive it.
I suspect part of the problem may be caused by attempts by the Update service to delta the image on the drive with the intended post-install image. This is feasable, fo course, but any system of delta update using encrypted data needs to stream the encrypted target file through memory as an unencrypted image, and compare that with a streamed image of the intended post-install version, then work out the delta, then send the delta, so that the machine can again stream the unencrypted file through memory, adding the delta as it goes, re-encrypting it, and writing the modified encrypted file back to disc. Presumably, this is broken in the imlementation we use at work, so we manually download full updates (from wherever they have been hiddenon, on the Windows Update website, this month) and install the by hand. This, in turn, is workable, but only because we are an IT department, willing to each spend half a day, at least once a month, updating the software on our bloody computers.
I understand Apple users with PGP full-disc installed, are also advised to use Combo updates, instead of Delta updates, for their machines - presumably for similar reasons.
I doubt it would be possible to automagically *police* (no pun intended) users with portable devices and so on, since the risk always exists that they'll just email the wrong data to the wrong person, anyway! Some times, it is best not to try and code your way around a human problem, and train people in data management, instead. Hopefully wireless and other point-to-point technologies capable of on-the-fly encryption will eventually render portable permanent flash-storage devices, as relevant as floppy discs?
Should be mandatory for laptop users
I have form as I once 'lost' a laptop. Spent a long time worrying that the data had been compromised; e.g. whole contact list, emails going back to the ark, letters to the bank... I was really lucky as I don't *think* that it was misused and hope that someone formatted the hard disc. Never again though...
Full disc encryption does have one massive advantage; once it is set up you can forget about it. That's really important when comparing it to other encryption schemes such as encrypting individual files, partitions, etc. where you need to be aware of what's going on. Another major advantage on a Mac is that the standard Time Machine backup works properly (TM doesn't work with VileVault).
I recently installed the PGP Whole Disc Encryption on a MacBook Pro. Apart from the 9 hours to encrypt the hard disc -- where you can still use the machine, just not turn it off or sleep it -- there was little hassle. It does have some impact on performance when compared with FileVault, but not too much. The real advantage is that the machine now works well with Time Machine and also you can share web services for development purposes (which used to be a right PITA with FileVault).
Whole disc encryption (with long pass phrases) should be mandatory for anyone with a laptop computer.
In local government...
...laptop hard drives now have to be encrypted. Also, software is being deployed so we can only use approved, encrypted USB memory sticks. Control systems to block CD/DVD writing are also being deployed.
It has been a while coming, during which there have been other losses. But it is, finally, here.
All those losses were preventable
It those dopes had decided on *some* sort of encryption standard earlier it wouldn't have been a problem at all, but the first decent civil servant who wanted to do the right thing was faced with the question "encrypt? what with?". That's also why there has never been procedures mandating encryption - it's pointless mandating something that cannot be done.
The reason for that may be obvious, thinking of the usual tendencies inside UK government. Crypto availability would have impaired one specific department's ability to snoop upon all the others, and it's so hard to let go..
Yeah, but with mcafee in our council..
I mean...More fucking holes than swiss cheese....
Utter shite software.
Weak link in the chain
The most secure encryption in the world won't help if the users leave their passwords lying around... oooh for instance on their desks.. where any 9 year old can pick them up.
PEBCAK sums it up.
facepalm icon please!
Is it that simple?
The article states:
"For an individual user installing their own software it’s not such an issue – you set up your own password and keep tabs on it in the normal way"
But I don't understand how this works.
The data is stored on the disk, encrypted by an algorithm and a key.
The computer program to decrypt this is stored on the disk, un-encrypted (so that it can be run).
The key is also stored on the disk (so that the program can use it together with the algoritm to decrypt the data.)
There is a "password" that tells the computer program that it is allowed to decrypt the data.
Is that it?
Unless at least the key is stored in something that verifies the password in hardware, and deletes it if a hack attempt is detected, it seems to me that it isn't secure against a determined hacker.
The key is stored on the disk encrypted with your password, usually using something like PKCS5. It's not a yes/no equation.
so, it is secure against cracking/jacking - the weakness is social engineering.
You haven't used PKI, have you?
The "password" isn't just there for verification reasons. The harddrive key isn't stored "in the clear" at all, it is also encrypted itself using *noather* key, which is derived from the aforementioned "password". So either you guess the password, or engage on brute-force cracking the HD key. Good luck with that!
OTOH, there are those nifty solutions involving freezing the RAM sticks and dumping its contents... but that would take a determined hacker with physical access to the laptop while it is still running.
My other half is forced to run full disk encryption on her laptop. It takes 1/2 an hour to start.
Yes of course, every hard drive needs it.
Not only protects complete hard drive encryption everything stored on it from nosy outsiders, it also prevents them from adding nasty stuff to your OS, using WinPE or Knoppix. So besides confidentiality, it also adds protection to the integrity of your systems.
After that, go for a policy that forces the encryption of everything that is copied from a company computer to any USB stick.
After that go for DLP to protect from confidential being data sent out to websites, e-mail addresses or over IM. Or you begin with that.
There are also many legacy systems out there doing hugely important jobs for which there is no encryption product available. A lot of these systems, including government and banking systems, are going nowhere anytime soon because there's no budget, and no desire to rewrite a system from scratch that does a perfectly good job, and for which there is no pathway to modern software / hardware.
Theres nothing that a good squirt of hot glue cant fix, once your keyboard and mouse are firmly glued in place that is.
If in doubt, deny all access, convenience and usability just leads to potential exploitability.
Full disk encryption still to hungry
I'd argue that this is still the case, at least if you're dealing with large files (eg video/audio). The difference between copying 10GB of data to a 128-bit AES encrypted disk image on OS X and the unenecrypted disk itself is significant, and that's on a slow-turning platter: SSD disks would have an even bigger difference.
Where the disk is limited by bus speed, eg USB2.0, there's an argument for this I agree.
I use truecrypt on my machines - I encrypt the whole drive. I haven't seen any kind of performance hit and the only inconvenience is typing an extra password at boot. As far as I'm aware, this is pretty secure and I also have the paranoids option of adding more hidden volumes with plauable denaiability sub volumes hidden inside them.
Obviously, this doesn't cover me using USB sticks etc, but I feel confident enough that if my computers did get stolen, none of my data would be able to be (easily) recovered without my password.
What he said
I also run my personal machine with the whole O/S encrypted via Truecrypt and can't say I've every experienced any noticeable ill effects. It's possible it could be a little faster sans-encryption but it's only 18 months old and still seems fast to me.
It's certainly a better solution than my current work laptop (Dell) where the hard drive is password protected NOT encrypted, so I have the hassle of entering a password to make it boot but the data still gets written to disk in clear!
Not sure on corruption..
I'm not quite sure what PGP does, but there is an option to improve its ability to recover from a crash. For anyone using Windows this is a must.
I haven't seen how good truecrypt is in crash recovery, and I'm not going to try :-)
Encryption isn't enough...
...you need to widen the discussion to include key handling or even better, workable trust mechanisms.
i.e. keeping the keys safe yet conveniently available be they simple passwords (or pass phrases) or something more complicated, such as certificates and multi-part binary keys.
If keys are used, then the matter of 'trust' enters the discussion in short order, especially as a distributed trust model, such as web-of-trust, or key custodians, or similar more sophisticated models offer more control over convenience, security (however measured), and the normal situations, such as loss of keys and similar problems, which need to be addressed too.
Just discussing the encryption of disks and similar storage misses the main issue and problems of such a technology for normal every day usage.
Its a shame the article didnt end with the deliverance of Bitlocker-to-go and group policy to start the process of locking down those 'pesky usb ports' as per the author...
Within linux, it makes sense to only encrypt the /home drive/partition leaving the rest unencrypted. This allows the machine to run fast and only user data slows down.
TrueCrypt is an open-source solution that works well in encrypting thumb drives and even allows hidden operating system. This would be the solution for those who live in the US and travel afar having to go through airport "security" or border patrol where they habitually steal your hardware.
In my company, we can't take unencryted OR encrypted sensitive data to/from the US, as the "security" personel might take your data and force you to reveal the passcodes.
Obviously to get our sensitive business data...
And in $MEGACORP
we have encrypted hard disks when in Europe but have to have the encryption reversed if we go to various arabic and communistical countries where the US rules forbid the 'export' of encryption technology with long keys.
AC because of new corporate rules on blogging. Sigh.
I don't see what is the problem with writing passwords on post it notes. Most data loss will occur through physical loss of mobile storage, or via data transmission. The post it notes stuck to my monitor are perfectly safe from those. In fact where else would you like me to store my good passwords? In my mobile phone?! That is just as likely to get stolen. Sorry, brain is not an option.
One password to rule them all
I wouldn't put my passwords on a standard mobile phone ... but some smartphones have a "password vault" app which securely stores your passwords. My Blackberry has such an app, and if I ever lose the thing, not only will the other user be unable to read my passwords, my backup can be easily restored unto another BB and I will be able to get my password store as well!
Oh yes, the passwords are encrypted, even when backed up. :)
I do write down my passwords. I have way too many to rely on my memory.
I don't leave them on a Post-It note stuck to my monitor (which I have seen done).
There's a whole range of options here, balancing the risks pf password loss (my memory), password theft (the written copy), and computer hassles (my web browser offering to keep a site password for me: OK for this place, not OK for my banking).
I write this using an encrypted pc (this is: encrypted bios & peripherals &hd, using smart card and pin),
My home pc is also encrypted.
And of course, you lose some speed, but at least you are secure from some wrongdoers... including some who wear blue..
Forget key handling, use the employee acces card as a smart card and then use a PIN, and use that as key for decoding the HDD & ports & bios. And encrypt that card, of course.
That way, if the user leaves the card inside the laptop, he won't be able to take it out of the building.. and he really needs the access card!!
Yep, smart cards and passwords are great.
Right up until the time when the VP of Marketing leaves his fob at home, lives 4 hours away, has a critical presentation that is only on his laptop because he was updating it last night, and is one of the protected species even if the rest of management were of the mind to give him the boot in the first place.
Me, I'd issue them to everybody and make it required even for desktops. But then again I'm the sort who doesn't get promoted because I would have sent the above VP home to get his fob instead of crapping a solution for him.
Do one better. issue them to everyone. Rather then have it decrypt a HD, have it open an encrypted session to a machine in my datacenter. (smartcard & password required) That way they can sit down at any terminal insert their card and it is their machine. They cant leave the presentation at home. (Sun was pushing this for years, it's always been spot on too!). You have two-factor authentication (something you have (smart-card) & somthing you know (password)).
Put a little wrist-band on it with a keyring (ie engourage putting car/house keys with it).
Encourage good beavior (keeping it with things they can't loose). Make data accessable, but not actually leave site. This is the Ideal.
As a vendor who makes full disk encryption software, key management, USB stick protection etc, I'm happy this issue is still being discussed (though, without mentioning McAfee as a vendor!).
It's true, FDE is a sledgehammer approach to the problem, but, it also gives great piece of mind and as your article says, protects against data disclosure regulation. It would be much neater to only encrypt sensitive data, but it's difficult to trust that qualification to individuals, and though automatic identification is getting better, it's still not at the stage when we can get a high level of confidence that ALL sensitive data will be caught by it.
On the horizon we have OPAL self-encrypting hard disks, and Intel motherboards have crypto coprocessor options, both of these will make the impact to the end user much less.
The key thing is the management, and user experience - that's where we, and other vendors spend most of our time. Encryption is easy, but presenting it to the masses in a consumable way, well, that's where the magic happens.
All the negative points seem to be from the software layer, using up computer resources or causing incompatibility with the OS - surely the solution is to build the encryption into the hardware so its transparent to the OS.
Seagate (and others I'm sure) make full disk encrypted (FDE) hard drives - as long as the processing power on the board is fast enough there should be no slowdown in performance and the OS will run as normal. Combine the risk of large fines with the support costs for software based FDE and the extra cost of these drives will start to look minimal.
Why not use drives with built-in encryption?
Perhaps these are difficult or expensive to obtain for an individual, but a large organisation ought to be able to get drives with built-in encryption. That would solve the performance and power problems (custom hardware is efficient). So why don't they do that? Do they not trust the disc drive manufactures not to have either screwed up the implementation or deliberately inserted a back door?
I'm surprised hardware-encrypted drives wasn't mentioned as a solution. They're an option on most laptops and (from what I hear) incur no performance penalty since the encryption processor is fast enough to keep up with the data in and out. There may even be ways to manage them from an Enterprise perspective, but the poster who mentions increased support calls does have a point.
Oddly enough, I hosed up the MBR on my work laptop this weekend, which runs a commercial software encryption tool. Waiting for IT support to come fix it since 'FIXMBR' didn't work. That's the main problem with software encryption, you can't use any standard tools to fix it.
Windows encryption provision is historically erratic.
An encryption system - or data compression too - provided in one Microsoft Windows version, has been liable to disappear in the next version. So if you used that feature to achieve data security, (1) you have to disable it before you upgrade, and (2) ha ha ha ha ha ha. You dummy.
One reason I don't encrypt
.. is that I am concerned that if my hard drive were to fail, data recovery would be utterly impossible. It seems like to use encryption, you need to make sure your backup strategy is bang-on, and that's just not likely for most home users.
Argument for no encryption for home users
The average home user has the attention span of a peanut and can't remember how to open the laptop half the time, let alone remember a password.
If a computer can't boot, or the user forgets their password, there is some reassurance for them that their data is not lost forever. In a Corporate environment all information should be held centrally so across-the-board encryption is only logical.
Defence in depth??
I have to agree with Anonymous Coward @ 19/04/2010 14:27. It is all well and good talking about whole drive encryption, but wouldn’t any self-respecting systems engineer/architect/administrator be looking at from a Defence In Depth point of view? Do they encrypt the whole HDD, enforce policies to prevent copying of unencrypted data to an external source (USB Pen/HDD, CD, DVD or Blu-Ray [if you’re lucky enough to have a machine with it, and what to pay a fortune for the media]). Do they also then install tooling or configure policies to prevent the use of USB pens or other media that you don't wish to allow, or block access to CD and DVD drive for writing (and possible reading to prevent someone bring in virus etc etc).
What is also forgotten here is how do they ensure that all the users are compliant? Do they have a tool that can check every laptop and workstation to ensure it meets our company’s’ standards?
Also going back to points made fairly early on by Anonymous Coward @ 19/04/2010 13:27 and Daniel 1 @ 19/04/2010 13:47, support. By adding the above requirements on our systems we have to ensure that our user base are supported, that the tooling is available from a central location (or as required for the domain or maybe legal issues) so that if the NTLDR file becomes corrupt that the end user is able to get their machine back up and running as quick as possible (I have felt this pain... and it’s not fun).
Also something people probably don't think of here, backups. If you are going to encrypt a whole drive, and data is stored on its local drives, that data needs to be backed up (especially if you disabled USB and other external media). So there will be a requirement for some centralised backup of user data (There should be one already... but are the users using it? and does it meet the legal requirements). More staff required for supporting the new servers, SANS and the software.
Do they then install roles like Windows Rights Management, so that the owner of a document can prevent someone for sending an email with a confidential document attached, or at least if they do or try it is either denied or the person receiving the email is prevented from opening the attachment. What about Data Protection Manager…….
Then of course training as mentioned by quite a few. If the user doesn’t know it’s wrong how do they know not to do it… people are still getting caught by phishing emails or accidentally installing malware and viruses.
All the above costs, some as a one off and others as continuing expense. Like everything in business it comes down to the impact the release of the "sensitive information" will have on your company, its brand and the cost (penalties and loss of customers/contracts) and ROI. If something will have a high impact on your company... they will implement some, most or all of the above (plus other bits and bobs), if it has a low impact.... don't worry they probably won't bother until it becomes too high of a risk.
As for home users, it may be easy to do whole drive encryption, but how many users would know how to install it, uninstall it, fix an issue the their machine doesn’t boot (granted the last point is probably true even if it wasn’t encrypted). With education more people probably would, but as for other measure were other servers are required no.
I find this stuff really interesting (yes I need to get out more!), but the issue should never be addressed on its own, and could easily of taken up 20 to 100 pages to cover all the bases... granted not as snappy.
While recognizing the value of encryption,
I have to admit I hate supporting it, particularly as a third party add-on to Windows. The encryption process itself takes forever, and runs the gerbils too hard. If power fails during the encryption you get to rebuild the whole drive. If the system glitches the wrong way during an update, if you are lucky you get to decrypt the drive and execute a software repair. If you aren't so lucky, you are trying to preserve the data from a dead drive before rebuilding it. Either way there's a long encryption time waiting for you on the other side. At the one company where I worked on the Encrypt All The Laptops Project we had about 1 in 10 laptops fail during the encryption process, even after doing updates and defrags BEFORE the encryption was started. Yeah, that was mostly due to hideously old hardware, unfortunately I'm discovering they were decent at updating at good intervals compared to other organizations.
Oh, and the particular software I am supporting at the moment bolluxes up the hard drive if I run defrag on it. Just love that after I've spent 3 tech hours and 48 clock hours getting the damned thing built.
If it were built into the OS from the get go, and you also work to resolve the portable drives issues I might be more supportive of the concept.
Had to run Dell BIOS level full disk encryption at a previous job, and while it worked ok most of the time (aside from being one of the many reasons our computers were next to unusably slow) it really got worrying when you had some sort of hardware failure.
Since we all had the same or similar laptops, if someone managed to put a hammer through their monitor, it would be nice to be able to swap hard drives with another machine and keep moving, at least until you can replace the original. But the Dells used a machine-specific key, in addition to the boot password, so there was pretty much no getting your data off your drive when the machine was unbootable. That's not so terrible for the smashed monitor scenario, but it's my experience that laptop motherboards die unexpectedly, and that's hardly a reason to lose all of your data.
Problem with really good security is it really works. A few years back I came across some HP laptops with bios-level boot-time passwords that couldn't be reset except by paying HP megabucks to replace a chip on the mobo. Of course, by the time I (in IT disposals) got them they were bin fodder, despite the fact they were in perfectly good condition and hardwarily in GWO. Passwords get lost. All the time. Normal users simply do not understand the concept of none-reversible, irretrivable, no-way-in-hell-really-and-truly-gone-forever.
That's just stupid
Why would anyone buy laptops with a feature like that? Theoretically it might be a deterrent to thieves, but in practice the thief isn't going to know about it until after they've stolen it and they're not likely to then give it back.
All you need is this: When the machine boots the BIOS notices that the drive is encrypted and asks for the key. You get as many guesses as you like, though you could implement an exponentially increasing delay between guesses if you feel like it. At any point you can give up guessing and ask the BIOS to reset the drive: effectively treating it as empty. You can then reinstall your OS. If you feel like it you can also implement a simple password to stop a mischievous child from wiping the disc, but that password must be resettable by opening the case and pressing a button inside or temporarily disconnecting the battery or some other simple operation that IT Support can do whenever required.
If the manufactures can't implement that simple recipe they're morons.
It is Mandatory
The UK Government issued internal directives several years ago that require all electronic data held on hard disks or any storage device to be encrypted using high strength disk level encryption.
It's a directive that is widely ignored, they also spent hundreds of millions on the GSI - Government Secured Intranet so that data could be passed around securely yet they still shove un-encrypted untracked CDs around in the internal post (by internal I mean external postal contractors using uncleared casual labour).
Electronic Data is on the whole not treated like a real 'secured' document despite the fact a DVD can hold hundreds of thousands of restricted documents.
It comes down to holding individuals in departments ro account for failures in applying policies, procedures and in giving adequate training.
- Leaked screenshots show next Windows kernel to be a perfect 10
- Product round-up Coming clean: Ten cordless vacuum cleaners
- Something for the Weekend, Sir? I need a password to BRAKE? What? No! STOP! Aaaargh!
- Episode 13 BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
- Vulture at the Wheel Ford's B-Max: Fiesta-based runaround that goes THUNK