Submit your comments on this article |
Science & Technology |
Gummint to Use Full Disk Encryption on all Computers |
2007-01-07 |
To address the issue of data leaks of the kind we've seen so often in the last year because of stolen or missing laptops, writes Saqib Ali, the Feds are planning to use Full Disk Encryption (FDE) on all Government-owned computers. "On June 23, 2006 a Presidential Mandate was put in place requiring all agency laptops to fully encrypt data on the HDD. The U.S. Government is currently conducting the largest single side-by-side comparison and competition for the selection of a Full Disk Encryption product. The selected product will be deployed on Millions of computers in the U.S. federal government space. This implementation will end up being the largest single implementation ever, and all of the information regarding the competition is in the public domain. The evaluation will come to an end in 90 days. You can view all the vendors competing and list of requirements." |
Posted by:Steve White |
#12 I was thinking last year about becoming a distributor for these little fingerprint reader security devices you can buy at Fry's for $50. The one's that work with xerox copies of fingers? How about the government stops buying Laptops and computers cannot be taken off premises? |
Posted by: Nimble Spemble 2007-01-07 17:32 |
#11 Anybody know if the biometric devices that are cheap and easily available actually work? I was thinking last year about becoming a distributor for these little fingerprint reader security devices you can buy at Fry's for $50. |
Posted by: FOTSGreg 2007-01-07 17:27 |
#10 What it takes. You also have to consider whether swap and cache are encrypted. Many notebook drives have password access. This is sufficient for many applications. Also, Seagate sells drives that encrypt at the hardware level. |
Posted by: KBK 2007-01-07 16:37 |
#9 This will work well except for the post-it note with the password attached to the PC. |
Posted by: DMFD 2007-01-07 14:00 |
#8 Security questions are kept on a sheet of paper hidden under the desk blotter of the Security Director. |
Posted by: jds 2007-01-07 13:45 |
#7 We just had one of these installed on all our laptops at work. It registers a 'security question' and (I think) with a central server. If you forget your password you call them and answer the 'security question' they open up a 'backdoor' somehow. I have to wonder where they keep all the 'security questions'.... |
Posted by: CrazyFool 2007-01-07 11:47 |
#6 Heh heh, 'Moosey I like break an anvil with a feather. |
Posted by: Shipman 2007-01-07 09:06 |
#5 "Sir, I've got a Private working for me who could fuck up a steel ball. Now, please tell me again about this new, 'foolproof, easy to use' system." -- an NCO I once knew |
Posted by: Anonymoose 2007-01-07 09:00 |
#4 If you read the description of FDE on Wikipedia, you won't be impressed with the technology even with the 256 bit AES keys. The encryption chip doesn't raise my flag, but a dongle would be better in that it combines physical security with disk/software security plus the dongle addresses the boot time vulnerability that is inherent in FDE. The best security is always physical security. If the Bad Guyz can't latch onto your packets, your hardware or your keys, they can't crack your computer encryption no matter how weak it may be. If the government has bought into the notion that FDE is a cureall for sloppy security we may as well award the NY Times the Presidential Medal of Freedom for their advanced work in computer security because that's as close to keeping secrets on government computers as we will ever get. |
Posted by: badanov 2007-01-07 08:39 |
#3 Hard drives are easy to remove from computers, and need protection at that level. |
Posted by: Anguper Hupomosing9418 2007-01-07 06:04 |
#2 If disk encryption is such a great idea, why have I never come across a single instance of any organization or individual using it. A much better idea is a RSA type device that generates a unique key required to start the computer. |
Posted by: phil_b 2007-01-07 04:43 |
#1 LOL don't lose the key. |
Posted by: Sock Puppet of Doom 2007-01-07 02:05 |