Protecting the Operating System

Hello,
I have just come to the conclusion that the only way to protect the machine
with free physical access to anauthorized personnel is... to encrypt it.
Unfortunately it seems that this can be done only the lonely by DriveCrypt
software which costs a lot. It's wonderful stuff indeed allowing to encrypt
the drive with authentication feature at the pre-boot level! The encryption
seems excellent AES-256 algotithm. It's only drawback (except for the price)
is that it doesn't see Linux partitions (not to mention that it doesn't run
on Linux)which makes them liable to potential attack. It looks like for now
only Windows operationg system may be securely locked unless you run Linux
as a VMware guest system on the DriveCrypted Windows host. I wonder what are
your experiences with respect to securing the stand alone box with
uncontrolled physical access, like at the University (my case).
P.S. Have just noticed free stuff called CompuSec PC Security Suite which
seems both Windows and Linux compatible though as compared to DriveCrypt it
uses weaker encrypting algorithm AES-128 and looks like is much slower. I
cannot wait to hear your comments.
Kindest regards,
--
Ricardo

Re: Protecting the Operating System

Post removed (X-No-Archive: yes)

Re: Protecting the Operating System

Ricardo,

There are a dozen or so full/whole disc encryption solutions available
with pre-boot authentication option. See the URL below for list:

http://www.full-disc-encryption.com/Full_Disc_Encryption.htm l

I use CompuSec. It is free and has support for Linux. It has pre-boot
authentication and has a builting credential manager. One thing that is
missing support for Trusted Platform Module (TPM). TPM can make the key
recovery possible and simplify single sign on.

You might also want to take a look at hardware based Full Disc
Encryption. There are few vendors that provide that. The above URL
lists a few. Hardware based FDE works regardless of the OS you are
using.

If you are using a notebook Ce-Infosys has PCMCIA card or Seagate
Technology will soon have FDE HDD for notebooks:
http://www.seagate.com/docs/pdf/marketing/po_momentus_5400_f de_bb.pdf

Also check out the Wikipedia article about Full Disc Encryption:
http://en.wikipedia.org/wiki/FDE
It talks about "Full disk encryption vs. file or directory encryption"

P.S. If you have any feedback about DriveCrypt, please do send it to
me. I am looking to buy that product as well.


Ricardo wrote:
> Hello,
> I have just come to the conclusion that the only way to protect the machine
> with free physical access to anauthorized personnel is... to encrypt it.
> Unfortunately it seems that this can be done only the lonely by DriveCrypt
> software which costs a lot. It's wonderful stuff indeed allowing to encrypt
> the drive with authentication feature at the pre-boot level! The encryption
> seems excellent AES-256 algotithm. It's only drawback (except for the price)
> is that it doesn't see Linux partitions (not to mention that it doesn't run
> on Linux)which makes them liable to potential attack. It looks like for now
> only Windows operationg system may be securely locked unless you run Linux
> as a VMware guest system on the DriveCrypted Windows host. I wonder what are
> your experiences with respect to securing the stand alone box with
> uncontrolled physical access, like at the University (my case).
> P.S. Have just noticed free stuff called CompuSec PC Security Suite which
> seems both Windows and Linux compatible though as compared to DriveCrypt it
> uses weaker encrypting algorithm AES-128 and looks like is much slower. I
> cannot wait to hear your comments.
> Kindest regards,
> --
> Ricardo

Re: Protecting the Operating System

Post removed (X-No-Archive: yes)

Re: Protecting the Operating System

Ricardo wrote:
> Hello,
> I have just come to the conclusion that the only way to protect the machine
> with free physical access to anauthorized personnel is... to encrypt it.
> Unfortunately it seems that this can be done only the lonely by DriveCrypt
> software which costs a lot. It's wonderful stuff indeed allowing to encrypt
> the drive with authentication feature at the pre-boot level! The encryption
> seems excellent AES-256 algotithm. It's only drawback (except for the price)
> is that it doesn't see Linux partitions (not to mention that it doesn't run
> on Linux)which makes them liable to potential attack. It looks like for now
> only Windows operationg system may be securely locked unless you run Linux
> as a VMware guest system on the DriveCrypted Windows host. I wonder what are
> your experiences with respect to securing the stand alone box with
> uncontrolled physical access, like at the University (my case).
> P.S. Have just noticed free stuff called CompuSec PC Security Suite which
> seems both Windows and Linux compatible though as compared to DriveCrypt it
> uses weaker encrypting algorithm AES-128 and looks like is much slower. I
> cannot wait to hear your comments.
> Kindest regards,
> --

Why not just use PGP Desktop personal edition or GPG which is free.
Since you're at a Uni*, why wouldn't you just get yourself a jump drive
and store your files there.
> Ricardo

Re: Protecting the Operating System

> "1344 bit military strong encryption" matches very well with the crypto
> snake-oil FAQ.

hehe. i m in total agreement with that. when will crypto vendors learn
that proprietary algorithms are NOT a selling point?



--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------

Re: Protecting the Operating System

"Saqib Ali" wrote in message
news:1159199369.450631.89590@b28g2000cwb.googlegroups.com...
>> "1344 bit military strong encryption" matches very well with the crypto
>> snake-oil FAQ.
>
> hehe. i m in total agreement with that. when will crypto vendors learn
> that proprietary algorithms are NOT a selling point?

Whenever technical people start making the purchasing decisions

...

Re: Protecting the Operating System

U¿ytkownik "Ricardo" napisa³ w wiadomo¶ci
news:553bf$4514d105$57cf8a7f$13585@news.chello.pl...
> ...
Thank you all very much for your comments.
Regards,
Ricardo

Re: Protecting the Operating System

Post removed (X-No-Archive: yes)