[SATLUG] Drive Encryption

Ernest de Leon dryicezero at gmail.com
Fri May 25 10:43:52 CDT 2007 

Thanks for all of the input everyone.  A few more details and questions
though.  I am pretty much in charge of all IT decisions, and there is no
oversight authority.  We are a local government agency, so our policies will
more easily reflect what we need to accomplish.  With that said, we are
completely free to do whatever we want (within legal and ethical bounds of
course) with respect to IT.  I have used truecrypt before, and I am very
familiar with how to use it.  What I am more concerned with is the security
involved.  Being that EnCase has now reached beyond law enforcement and
government agencies, I am sure that there are some malicious people out
there with bootleg versions of the software.  I am mainly concerned with our
mobile population.  Is it more logical to use whole drive encryption or to
use the containers to hold sensitive data on the laptops?  If a laptop is
lost or stolen, and someone with EnCase or any other forensic tools gets a
hold of that laptop, can they pull the sensitive data from the laptop?  I am
not too concerned with the OS itself or the normal applications, just the
data that is saved.  A lot of work is done through the VPN, so most data is
saved on our network servers.  If a user needs to save a document locally,
however, if I use the TC container, is that secure with a reasonable amount
of certainty?  I understand that no method is 100% effective and thwarting
every single malicious person out there, but I'd like to have the highest
level of security while not adversely affecting productivity too much.

Thanks,
Ernest

On 5/23/07, Daniel J. Givens <daniel at rugmonster.org> wrote:
>
> Ernest de Leon wrote:
> > Recently, my
> > organization (government) purchased a copy of the EnCase software to
> search
> > several computers... If so, are fully encrypted drives immune to
> > the EnCase search methods?  What do you recommend for encrypting our
> > sensitive data so that not even software like EnCase can pull data from
> our
> > servers.
>
> Make sure you check with your organization on the encryption policies so
> you aren't setting yourself or anyone else up for termination. If it is
> a government network, anything plugged into it is likely to be required
> to be accessible for monitoring. Any information assurance office should
> be under strict policy to maintain the security of information on those
> systems (that's their job). If you are a contractor and using government
> systems or systems on a government network to store "sensitive"
> information that you don't want them being privy to, I would suggest you
> pull it off and host it on a corporate or personal storage medium. Check
> with your local IA folks to make sure on the policy. I doubt they will
> be cool with you trying to hide stuff on their network unless it was for
> official business and sanctioned by them.
>
> ~Daniel
> --
> _______________________________________________
> SATLUG mailing list
> SATLUG at satlug.org
> http://alamo.satlug.org/mailman/listinfo/satlug to unsubscribe
> Powered by Rackspace (www.rackspace.com)
>



-- 
# Ernest De Leon

"If Microsoft is 'flexible' it explains how their head got where it is."

More information about the SATLUG mailing list