Solved

Full Disk Encryption vs File Based Encryption

Posted on 2007-11-20
2
783 Views
Last Modified: 2008-02-01
I've been testing full disk encryption and file encryption software to use for about 1000 laptops. The most secure option with fde is to utilize preboot authentication.  Has anyone had any experience using fde with preboot?  There are many challenges using the preboot authentication with multiple users and passwords.  Trying to decide if I should go with the file based encryption.  
0
Comment
Question by:DT3st3r
2 Comments
 
LVL 19

Accepted Solution

by:
SteveH_UK earned 50 total points
ID: 20326107
I don't have any experience with the product you mention, but whether to use file or volume encryption should not primarily be about which works.  They perform different tasks.

Full disk encryption is primarily aimed at safeguarding data when a hard disk is stolen.  Once the laptop is running, it has no value.  Any user account can read any data on the disk, including when it is hacked.

File encryption comes in two flavours:  manual and automatic.  Automatic encryption, such as using Microsoft's EFS technology, encrypts files for a particular user account.  Manual encryption methods require the user to manually encrypt a file.  In both cases, they have dependencies.  EFS depends on a pre-boot security key and the user's account password.  In a manual encryption solution, it will depend on the passphrase used.  Manual encryption often cannot encrypt everything, so if you need the swap file (Windows: pagefile) to be encrypted, it is not useful to you.

Check out another question in progress where I talk more about some cryptography and security issues that are relevant to this question:  

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_22971306.html
0
 

Author Comment

by:DT3st3r
ID: 20329539
Thanks for your reply SteveH.  I'm testing "file encryption" software from Credant.  I have to say I'm very impressed at how intuitive and easy to use.  The problem I have with full disk encryption in an enterprise with multiple users accessing the same laptop is the administrative nightmare it will create on the helpdesk side regarding password resets and multiple users trying to use the same laptop.  Thanks for your input.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this era, as you know, cybercrime and other sorts of frauds using the internet has increased day by day. We should protect our information assets and confidential information from getting exploiting by the attacker or intruders. Most of the fraud…
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now