Solved

Full Disk Encryption vs File Based Encryption

Posted on 2007-11-20
2
771 Views
Last Modified: 2008-02-01
I've been testing full disk encryption and file encryption software to use for about 1000 laptops. The most secure option with fde is to utilize preboot authentication.  Has anyone had any experience using fde with preboot?  There are many challenges using the preboot authentication with multiple users and passwords.  Trying to decide if I should go with the file based encryption.  
0
Comment
Question by:DT3st3r
2 Comments
 
LVL 19

Accepted Solution

by:
SteveH_UK earned 50 total points
ID: 20326107
I don't have any experience with the product you mention, but whether to use file or volume encryption should not primarily be about which works.  They perform different tasks.

Full disk encryption is primarily aimed at safeguarding data when a hard disk is stolen.  Once the laptop is running, it has no value.  Any user account can read any data on the disk, including when it is hacked.

File encryption comes in two flavours:  manual and automatic.  Automatic encryption, such as using Microsoft's EFS technology, encrypts files for a particular user account.  Manual encryption methods require the user to manually encrypt a file.  In both cases, they have dependencies.  EFS depends on a pre-boot security key and the user's account password.  In a manual encryption solution, it will depend on the passphrase used.  Manual encryption often cannot encrypt everything, so if you need the swap file (Windows: pagefile) to be encrypted, it is not useful to you.

Check out another question in progress where I talk more about some cryptography and security issues that are relevant to this question:  

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_22971306.html
0
 

Author Comment

by:DT3st3r
ID: 20329539
Thanks for your reply SteveH.  I'm testing "file encryption" software from Credant.  I have to say I'm very impressed at how intuitive and easy to use.  The problem I have with full disk encryption in an enterprise with multiple users accessing the same laptop is the administrative nightmare it will create on the helpdesk side regarding password resets and multiple users trying to use the same laptop.  Thanks for your input.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now