art

geek

howto

music

politics

Home » Uncategorized

U.S. gov’t mandates laptop security

Finally, after all of the crazy data theft, the Bush Administration is giving federal civilian agencies 45 days to comply with new recommendations for laptop encryption and two-factor authentication. I can’t believe this wasn’t a standard before, but oh well, from now on out this has to be. Next up, private industries, while not under any direct order, it’s going to be something they have to do to give their customers the assurance that they’re doing something about the problem. See Breaches since Choicepoint or my other Choicepoint story for more background on the extent of this issue.

Tags:

Related posts

Comments »

  • Saqib Ali said:

    These might help:
    http://www.full-disc-encryption.com/Full_Disc_Encryption.html

    There are some agencies in DC looking into full disc encryption. The following are some reasons why full disc encryption is preferable.

    1) Encryption of temporary / swap is important as confidential data
    maybe revealed from these files in case of HDD theft.

    2) Quick Erase functionality as advertised by Seagate’s FDE.2 drive
    provide immediate data destruction by replacing the AES key on the
    ASIC. This can save thousands of dollar the agency spends in proper
    destruction of the HDD. Once the encryption key is removed the HDD can be repurposed.
    See
    http://www.seagate.com/docs/pdf/marketing/po_momentus_5400_fde_bb.pdf

    3) user-proof. everything is encrypted if FDE is enabled. This the key. The employee who has sensitive data on his/her laptop should not have to decide which file/folders to encrypts. That decision must be made for them, which is to encrypt everything. No exceptions!!!

    4) pre-boot authentication using bio-metric or secure tokens or smart-cards.

    5) Hardware based Full Disc Encryption is fast, and creates minimum overhead, so the employee has NO excuse to NOT encrypt data..

    - 9 July 2006 at 9:27 pm
  • fak3r (author) said:

    Excellent reply, I’ve been playing around with Truecrypt, a free (but not GPL) app that lets you create an encrypted volume (from a file or device) on you system. It’s a snap to setup, but is obviously only a first step whereas your solution is much more end to end, and more apt to provide the security data needs in the future. Well, make that now, but you know how long it will take businesses to catch up/on.

    Thanks for the reply.

    - 13 July 2006 at 9:26 am
  • Saqib Ali said:

    Actually I don’t think full/whole disc encryption is too far. Dell laptops are shipping with a free copy of the WaveSys SecurityCenter which allows for non-TPM Full Disc Encryption. Anyone who has any confidential data, should utilize this free application.

    plus Seagate mobile drive will have and ASIC chip for Full Disc Encryption.

    - 13 July 2006 at 10:19 am

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.



Private