Solved

Full Disk Encryption vs File Based Encryption

Posted on 2007-11-20
2
757 Views
Last Modified: 2008-02-01
I've been testing full disk encryption and file encryption software to use for about 1000 laptops. The most secure option with fde is to utilize preboot authentication.  Has anyone had any experience using fde with preboot?  There are many challenges using the preboot authentication with multiple users and passwords.  Trying to decide if I should go with the file based encryption.  
0
Comment
Question by:DT3st3r
2 Comments
 
LVL 19

Accepted Solution

by:
SteveH_UK earned 50 total points
ID: 20326107
I don't have any experience with the product you mention, but whether to use file or volume encryption should not primarily be about which works.  They perform different tasks.

Full disk encryption is primarily aimed at safeguarding data when a hard disk is stolen.  Once the laptop is running, it has no value.  Any user account can read any data on the disk, including when it is hacked.

File encryption comes in two flavours:  manual and automatic.  Automatic encryption, such as using Microsoft's EFS technology, encrypts files for a particular user account.  Manual encryption methods require the user to manually encrypt a file.  In both cases, they have dependencies.  EFS depends on a pre-boot security key and the user's account password.  In a manual encryption solution, it will depend on the passphrase used.  Manual encryption often cannot encrypt everything, so if you need the swap file (Windows: pagefile) to be encrypted, it is not useful to you.

Check out another question in progress where I talk more about some cryptography and security issues that are relevant to this question:  

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_22971306.html
0
 

Author Comment

by:DT3st3r
ID: 20329539
Thanks for your reply SteveH.  I'm testing "file encryption" software from Credant.  I have to say I'm very impressed at how intuitive and easy to use.  The problem I have with full disk encryption in an enterprise with multiple users accessing the same laptop is the administrative nightmare it will create on the helpdesk side regarding password resets and multiple users trying to use the same laptop.  Thanks for your input.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suppose you are a shopaholic and you shop online frequently from a website. That means that is obvious that you would have been registered yourself on that website. Now, once in a while that website that you always buy from becomes a victim of phish…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now