You have commented 339 times on Rantburg.

Your Name
Your e-mail (optional)
Website (optional)
My Original Nic        Pic-a-Nic        Sorry. Comments have been closed on this article.
Bold Italic Underline Strike Bullet Blockquote Small Big Link Squish Foto Photo
Submit your comments on this article
Science & Technology
Gummint to Use Full Disk Encryption on all Computers
2007-01-07
To address the issue of data leaks of the kind we've seen so often in the last year because of stolen or missing laptops, writes Saqib Ali, the Feds are planning to use Full Disk Encryption (FDE) on all Government-owned computers.
"On June 23, 2006 a Presidential Mandate was put in place requiring all agency laptops to fully encrypt data on the HDD. The U.S. Government is currently conducting the largest single side-by-side comparison and competition for the selection of a Full Disk Encryption product. The selected product will be deployed on Millions of computers in the U.S. federal government space. This implementation will end up being the largest single implementation ever, and all of the information regarding the competition is in the public domain. The evaluation will come to an end in 90 days. You can view all the vendors competing and list of requirements."
Posted by:Steve White

#12  I was thinking last year about becoming a distributor for these little fingerprint reader security devices you can buy at Fry's for $50.

The one's that work with xerox copies of fingers? How about the government stops buying Laptops and computers cannot be taken off premises?
Posted by: Nimble Spemble   2007-01-07 17:32  

#11  Anybody know if the biometric devices that are cheap and easily available actually work?

I was thinking last year about becoming a distributor for these little fingerprint reader security devices you can buy at Fry's for $50.


Posted by: FOTSGreg   2007-01-07 17:27  

#10  What it takes.

You also have to consider whether swap and cache are encrypted.

Many notebook drives have password access. This is sufficient for many applications. Also, Seagate sells drives that encrypt at the hardware level.
Posted by: KBK   2007-01-07 16:37  

#9  This will work well except for the post-it note with the password attached to the PC.
Posted by: DMFD   2007-01-07 14:00  

#8  Security questions are kept on a sheet of paper hidden under the desk blotter of the Security Director.
Posted by: jds   2007-01-07 13:45  

#7  We just had one of these installed on all our laptops at work. It registers a 'security question' and (I think) with a central server. If you forget your password you call them and answer the 'security question' they open up a 'backdoor' somehow.

I have to wonder where they keep all the 'security questions'....
Posted by: CrazyFool   2007-01-07 11:47  

#6  Heh heh, 'Moosey
I like break an anvil with a feather.
Posted by: Shipman   2007-01-07 09:06  

#5  "Sir, I've got a Private working for me who could fuck up a steel ball. Now, please tell me again about this new, 'foolproof, easy to use' system."

-- an NCO I once knew
Posted by: Anonymoose   2007-01-07 09:00  

#4  If you read the description of FDE on Wikipedia, you won't be impressed with the technology even with the 256 bit AES keys.

The encryption chip doesn't raise my flag, but a dongle would be better in that it combines physical security with disk/software security plus the dongle addresses the boot time vulnerability that is inherent in FDE.

The best security is always physical security. If the Bad Guyz™ can't latch onto your packets, your hardware or your keys, they can't crack your computer encryption no matter how weak it may be.

If the government has bought into the notion that FDE is a cureall for sloppy security we may as well award the NY Times the Presidential Medal of Freedom for their advanced work in computer security because that's as close to keeping secrets on government computers as we will ever get.

Posted by: badanov   2007-01-07 08:39  

#3  Hard drives are easy to remove from computers, and need protection at that level.
Posted by: Anguper Hupomosing9418   2007-01-07 06:04  

#2  If disk encryption is such a great idea, why have I never come across a single instance of any organization or individual using it.

A much better idea is a RSA type device that generates a unique key required to start the computer.

Posted by: phil_b   2007-01-07 04:43  

#1  LOL don't lose the key.
Posted by: Sock Puppet of Doom   2007-01-07 02:05  

00:00