It is possible I have a "real misunderstanding" of secrity and encryption. There are probably many posters with a better understanding than I.
But it is not just about the technology, it is about practical application of the technology. The majority of the posts on this thread home in on the issue of practicality not technology. In the real world people are not doing the things we expect or want them to. It is hard enough to get them to use the security tools.
In the response you say "software is fine" with a "few provisos".
But the "few provisos" can be real, practical cases where the system could be compromised.
DaMish said: " . . . you can no longer trust the onboard software to not be modified to save/transmit your password/key. "
And it is not just the case where a laptop is lost and recovered. How often do you find your users have downloaded all kinds of spyware and junk code onto their systems just to get a smiley cursor?
Do your execs stick their laptop in the bottom drawer overnight when they head out early to play golf?
Maybe software basd encryption is fine if you have an extremely disciplined user base. But then, it is only a few days since Symantec had to patch a major flaw in their anti-virus.
My belief is that the encryption implementation must be isolated from the system using a hardware based approach.
For me, software based encryption is not "fine" enough in the real world. Give me a hardware based solution (at the right price please).
Can anyone point me at some good hardware solutions?
It is not as easy for a large organisation. But it is possible:
* It has to be seamless, because some people will always take short-cuts
* It has to be full-disk capable. Preferably flexible partitioning.
* Big organisations need to be able to centrally and remotely administer (in case you lose your password)
* It should be flexible, e.g multiple partitions, able to automatically change behaviour if you log into an unsecure hot-spot
* Finally, it should be hardware based, not software based. Software can always be compromised. If your information is that valuable, then someone will hack it.
Secure Systems has had a product for two years (www.securesystems.com.au). Also there is a company in the UK - cant remember their name.
Slashdot Mirror
It is possible I have a "real misunderstanding" of secrity and encryption. There are probably many posters with a better understanding than I.
But it is not just about the technology, it is about practical application of the technology. The majority of the posts on this thread home in on the issue of practicality not technology. In the real world people are not doing the things we expect or want them to. It is hard enough to get them to use the security tools.
In the response you say "software is fine" with a "few provisos".
But the "few provisos" can be real, practical cases where the system could be compromised.
DaMish said: " . . . you can no longer trust the onboard software to not be modified to save/transmit your password/key. "
And it is not just the case where a laptop is lost and recovered. How often do you find your users have downloaded all kinds of spyware and junk code onto their systems just to get a smiley cursor?
Do your execs stick their laptop in the bottom drawer overnight when they head out early to play golf?
Maybe software basd encryption is fine if you have an extremely disciplined user base. But then, it is only a few days since Symantec had to patch a major flaw in their anti-virus.
My belief is that the encryption implementation must be isolated from the system using a hardware based approach.
For me, software based encryption is not "fine" enough in the real world. Give me a hardware based solution (at the right price please).
Can anyone point me at some good hardware solutions?
It is not as easy for a large organisation. But it is possible:
* It has to be seamless, because some people will always take short-cuts
* It has to be full-disk capable. Preferably flexible partitioning.
* Big organisations need to be able to centrally and remotely administer (in case you lose your password)
* It should be flexible, e.g multiple partitions, able to automatically change behaviour if you log into an unsecure hot-spot
* Finally, it should be hardware based, not software based. Software can always be compromised. If your information is that valuable, then someone will hack it.
Secure Systems has had a product for two years (www.securesystems.com.au). Also there is a company in the UK - cant remember their name.