U.S. gov't mandates laptop security

Finally, after all of the crazy data theft, the Bush Administration is giving federal civilian agencies 45 days to comply with new recommendations for laptop encryption and two-factor authentication. I can’t believe this wasn’t a standard before, but oh well, from now on out this has to be. Next up, private industries, while not under any direct order, it’s going to be something they have to do to give their customers the assurance that they’re doing something about the problem. See Breaches since Choicepoint or my other Choicepoint story for more background on the extent of this issue.




Posted on July 6, 2006 by . This entry was posted in General and tagged . Bookmark the permalink.
  • http://www.capital-punishment.net/ Saqib Ali

    These might help:
    http://www.full-disc-encryption.com/Full_Disc_Encryption.html

    There are some agencies in DC looking into full disc encryption. The following are some reasons why full disc encryption is preferable.

    1) Encryption of temporary / swap is important as confidential data
    maybe revealed from these files in case of HDD theft.

    2) Quick Erase functionality as advertised by Seagate’s FDE.2 drive
    provide immediate data destruction by replacing the AES key on the
    ASIC. This can save thousands of dollar the agency spends in proper
    destruction of the HDD. Once the encryption key is removed the HDD can be repurposed.
    See
    http://www.seagate.com/docs/pdf/marketing/po_momentus_5400_fde_bb.pdf

    3) user-proof. everything is encrypted if FDE is enabled. This the key. The employee who has sensitive data on his/her laptop should not have to decide which file/folders to encrypts. That decision must be made for them, which is to encrypt everything. No exceptions!!!

    4) pre-boot authentication using bio-metric or secure tokens or smart-cards.

    5) Hardware based Full Disc Encryption is fast, and creates minimum overhead, so the employee has NO excuse to NOT encrypt data..

  • http://www.capital-punishment.net Saqib Ali

    These might help:
    http://www.full-disc-encryption.com/Full_Disc_Encryption.html

    There are some agencies in DC looking into full disc encryption. The following are some reasons why full disc encryption is preferable.

    1) Encryption of temporary / swap is important as confidential data
    maybe revealed from these files in case of HDD theft.

    2) Quick Erase functionality as advertised by Seagate’s FDE.2 drive
    provide immediate data destruction by replacing the AES key on the
    ASIC. This can save thousands of dollar the agency spends in proper
    destruction of the HDD. Once the encryption key is removed the HDD can be repurposed.
    See
    http://www.seagate.com/docs/pdf/marketing/po_momentus_5400_fde_bb.pdf

    3) user-proof. everything is encrypted if FDE is enabled. This the key. The employee who has sensitive data on his/her laptop should not have to decide which file/folders to encrypts. That decision must be made for them, which is to encrypt everything. No exceptions!!!

    4) pre-boot authentication using bio-metric or secure tokens or smart-cards.

    5) Hardware based Full Disc Encryption is fast, and creates minimum overhead, so the employee has NO excuse to NOT encrypt data..

  • http://fak3r.com/ fak3r

    Excellent reply, I’ve been playing around with Truecrypt, a free (but not GPL) app that lets you create an encrypted volume (from a file or device) on you system. It’s a snap to setup, but is obviously only a first step whereas your solution is much more end to end, and more apt to provide the security data needs in the future. Well, make that now, but you know how long it will take businesses to catch up/on.

    Thanks for the reply.

  • http://fak3r.com fak3r

    Excellent reply, I’ve been playing around with Truecrypt, a free (but not GPL) app that lets you create an encrypted volume (from a file or device) on you system. It’s a snap to setup, but is obviously only a first step whereas your solution is much more end to end, and more apt to provide the security data needs in the future. Well, make that now, but you know how long it will take businesses to catch up/on.

    Thanks for the reply.

  • http://www.full-disc-encryption.com/blog/ Saqib Ali

    Actually I don’t think full/whole disc encryption is too far. Dell laptops are shipping with a free copy of the WaveSys SecurityCenter which allows for non-TPM Full Disc Encryption. Anyone who has any confidential data, should utilize this free application.

    plus Seagate mobile drive will have and ASIC chip for Full Disc Encryption.

  • http://www.full-disc-encryption.com/blog/ Saqib Ali

    Actually I don’t think full/whole disc encryption is too far. Dell laptops are shipping with a free copy of the WaveSys SecurityCenter which allows for non-TPM Full Disc Encryption. Anyone who has any confidential data, should utilize this free application.

    plus Seagate mobile drive will have and ASIC chip for Full Disc Encryption.

Read previous post:
See the ISS and Shuttle Discovery over your city

NASA has a page where you can find out when you can see the ISS and Shuttle Discovery as they [...]

Close