Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Full Disk Encryption vs File Based Encryption

Posted on 2007-11-20
2
809 Views
Last Modified: 2008-02-01
I've been testing full disk encryption and file encryption software to use for about 1000 laptops. The most secure option with fde is to utilize preboot authentication.  Has anyone had any experience using fde with preboot?  There are many challenges using the preboot authentication with multiple users and passwords.  Trying to decide if I should go with the file based encryption.  
0
Comment
Question by:DT3st3r
2 Comments
 
LVL 19

Accepted Solution

by:
SteveH_UK earned 50 total points
ID: 20326107
I don't have any experience with the product you mention, but whether to use file or volume encryption should not primarily be about which works.  They perform different tasks.

Full disk encryption is primarily aimed at safeguarding data when a hard disk is stolen.  Once the laptop is running, it has no value.  Any user account can read any data on the disk, including when it is hacked.

File encryption comes in two flavours:  manual and automatic.  Automatic encryption, such as using Microsoft's EFS technology, encrypts files for a particular user account.  Manual encryption methods require the user to manually encrypt a file.  In both cases, they have dependencies.  EFS depends on a pre-boot security key and the user's account password.  In a manual encryption solution, it will depend on the passphrase used.  Manual encryption often cannot encrypt everything, so if you need the swap file (Windows: pagefile) to be encrypted, it is not useful to you.

Check out another question in progress where I talk more about some cryptography and security issues that are relevant to this question:  

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_22971306.html
0
 

Author Comment

by:DT3st3r
ID: 20329539
Thanks for your reply SteveH.  I'm testing "file encryption" software from Credant.  I have to say I'm very impressed at how intuitive and easy to use.  The problem I have with full disk encryption in an enterprise with multiple users accessing the same laptop is the administrative nightmare it will create on the helpdesk side regarding password resets and multiple users trying to use the same laptop.  Thanks for your input.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
My files are missing from my Folder Lock encrypted folder 2 61
CrytoWall Decryption Error 7 86
encryption on machine 7 87
Open Encryption Software Advice needed 4 68
Explore the encryption capabilities built into Google Apps and how these features can help you meet privacy policy and regulatory compliance, but are not a full solution. Understand and compare the most popular email encryption services for Google A…
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question