0
Full Hard Disk Encryption
AgendaWhatWhyWhereWhenWho can do itHow
What is encryptionIn cryptography, encryption is theprocess of transforminginformation (referred to asplaintext) using an ...
What is FDEDisk encryption uses disk encryption softwareor hardware to encrypt every bit of data thatgoes on a disk or dis...
Why Disk/file Encryption ?Because (there are infinite reasons to do it):    Its last line of defense in case    everything e...
Where can we useFDE/encryption ?   Everywhere !!!
When ?* Its never too late.* When you feel its time !* when you start taking securityseriously !!!
Who can do it ?
How ?Open source to the rescue !Easy to use (those pointy clickythings, dont know what ? ), GUIsNo major performance hits
Here comes interesting stuff–     Various types of encryption for different     levels.             – Disk controller level ...
Encryption tools (continued)–     The biggest weakness with encryption tools     is not the algorithm, but how encryption ...
Disk controller encryptionPros                         Cons  As the encryption is         Only select few drives  done in ...
Disk/Volume encryption     (BitLocker, PGP Whole Disk             Encryption)Pros                           Cons   General...
Filesystem encryption (EncFS,           FileVault)Pros                        Cons   Able to resize             Sensitive ...
Directory/file level (EFS)Pros                      Cons  Excellent                 Confidential  recoverability.           ...
Row/Column level for           databasesPros                       Cons  Encryption is              Key management is an  ...
Hardware assisted encryption    (cryptographic tokens)Pros                          Cons  Protects against brute       Har...
Demo !!!1. True Crypt2. Encfs3. Luks/cryptsetup
Thanks
Upcoming SlideShare
Loading in...5
×

Hard Disk Encryptions

1,218

Published on

Hard Disk Encryptions by Imran @ null Hyderabad Meet, March, 2011

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,218
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
46
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Hard Disk Encryptions"

  1. 1. Full Hard Disk Encryption
  2. 2. AgendaWhatWhyWhereWhenWho can do itHow
  3. 3. What is encryptionIn cryptography, encryption is theprocess of transforminginformation (referred to asplaintext) using an algorithm(called cipher) to make itunreadable to anyone exceptthose possessing specialknowledge, usually referred to asa key. The result of the process is
  4. 4. What is FDEDisk encryption uses disk encryption softwareor hardware to encrypt every bit of data thatgoes on a disk or disk volume. The term "fulldisk encryption" (or whole disk encryption) isoften used to signify that everything on a diskis encrypted, including the programs that canencrypt bootable operating system partitionsDisk encryption prevents unauthorized accessto data storage.--source: wikipedia
  5. 5. Why Disk/file Encryption ?Because (there are infinite reasons to do it): Its last line of defense in case everything else fails information is more important than anything else nowadays of security,privacy, confidentiality and integrity
  6. 6. Where can we useFDE/encryption ? Everywhere !!!
  7. 7. When ?* Its never too late.* When you feel its time !* when you start taking securityseriously !!!
  8. 8. Who can do it ?
  9. 9. How ?Open source to the rescue !Easy to use (those pointy clickythings, dont know what ? ), GUIsNo major performance hits
  10. 10. Here comes interesting stuff– Various types of encryption for different levels. – Disk controller level – Volume level – Disk block level – Filesystem level – Directory level – File level – Row and column level (fordatabases)
  11. 11. Encryption tools (continued)– The biggest weakness with encryption tools is not the algorithm, but how encryption keys are managed. – Some tools allow only one passphrase, forcing groups of staff to share it, which can result in it being divulged. – Some tools store the passphrase in a weak manner, allowing for easy brute force cracking using rainbow tables or dictionaries. – Some tools may be poorly designedand leave sensitive information out of the
  12. 12. Disk controller encryptionPros Cons As the encryption is Only select few drives done in hardware, little have AES encryption to no performance loss on the drive controller is encountered. level. A secure erase and Key management is an repurposing of the issue with some drive can be done in drives, as they only milliseconds by wiping may have one and generating a new password that would master encryption key. have to be shared among staff.
  13. 13. Disk/Volume encryption (BitLocker, PGP Whole Disk Encryption)Pros Cons Generally excellent key Most are commercially licensed. management depending Malicious software that manages to get superuser access can pull on utility. the master decryption keys from Recovery of data by IT memory and set them aside for later use by an attacker. staff is doable. BitLocker May have performance issues if can store recovery keys used on volumes with high in Active Directory, PGP read/write throughput. can issue disk recovery May render data unrecoverable if tokens. used with RAID, depending on program. Encrypts everything on Only protects if the machine is the disk, OS, data, and powered off or volumes areall. This protects against unmounted.
  14. 14. Filesystem encryption (EncFS, FileVault)Pros Cons Able to resize Sensitive data, if stored filesystems without outside the protected having to copy data or filesystems can be left decrypt files. unprotected. None have any Backup programs can enterprise level recovery store the encrypted abilities. EncFS only has data. one passphrase, FileVault Users can have their can offer a recovery own encrypted passphrase, but that isn’t directories, protected scalable.against a root/admin
  15. 15. Directory/file level (EFS)Pros Cons Excellent Confidential recoverability. information can leak, if Multiple users can stored outside the EFS have access to groups protected directory. of encrypted files. Unless a backup program uses special semantics to back EFS protected files up, the backup will fail.
  16. 16. Row/Column level for databasesPros Cons Encryption is Key management is an independent of the issue. Where does the system. app keep its Resistant to authorization compromise even if credentials? superuser privileges Recovery of encrypted are obtained by data is iffish, depends unauthorized entities. on the database Most new DBMS program. programs support this. Sometimes hard to sync up encrypted
  17. 17. Hardware assisted encryption (cryptographic tokens)Pros Cons Protects against brute Hardware is sometimes hard force password guessing to find. For example, its by either disabling hard to find machines with access after a number of an onboard TPM/security chip. password guesses, or adding a significant delay Different drivers required for different cards. There is no between entries. real standard for Allows a machine to boot cryptographic token I/O, unattended while other than APDU. providing hard disk Hardware can fail, locking protection (Bitlocker). legitimate users out.
  18. 18. Demo !!!1. True Crypt2. Encfs3. Luks/cryptsetup
  19. 19. Thanks
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×