DELETED_5350

smoove said:
Currently got 7 2tb hard drives almost full of data. How hard would it to implement encryption of all the drives including my OS? BUT still make is just as useable as a desktop OS for everyday use?

Just paranoid of it getting stolen (had a lot of burglaries around here lately).

Thanks.
Click to expand...

If your asking the question I advise you keep away from this as it's not for the faint hearted. There is a chance you may run into a problem with so little knowledge n loose every single bit of data.

Sin_Chase said:
I am no security guru but from a security point of view if one of your administrators go into your Active Directory and nuke your BitLocker keys you are screwed.
Click to expand...

In that case from a security point of view one administrator may delete all the accounts on AD and backups from the backup system. Someone that has access to BitLocker keys will b trusted to a high level.

Bry said:
(as long as its implemented correctly of course)
Click to expand...

One of the biggest problems in IT in this day and age.
 
Last edited:
mrbell1984 said:
In that case from a security point of view one administrator may delete all the accounts on AD and backups from the backup system. Someone that has access to BitLocker keys will b trusted to a high level.
Click to expand...
Furthermore, it's my (admittedly rather limited) understanding that when you're dealing with a very sophisticated security threat, then once it's believed an attacker may have gained access to a running system, that system should automatically be considered compromised, *regardless* of any encryption used (eg the possibility of "evil maid" attacks).

Like the others, I can't see how BitLocker would be vulnerable if the attacker can't get past pre-boot authentication, but the best encryption in the world is only as good as the operator who uses it (stating the obvious I suppose).
 
CaptainCrash said:
Furthermore, it's my (admittedly rather limited) understanding that when you're dealing with a very sophisticated security threat, then once it's believed an attacker may have gained access to a running system, that system should automatically be considered compromised, *regardless* of any encryption used (eg the possibility of "evil maid" attacks).

Like the others, I can't see how BitLocker would be vulnerable if the attacker can't get past pre-boot authentication, but the best encryption in the world is only as good as the operator who uses it (stating the obvious I suppose).
Click to expand...

Correct and agreed. These systems are only as good as people make them out to be and how much knowledge is known about them.
 
Bry said:
well bitlocker has been approved for usage by CESG for data up to restricted level. If its good enough for CESG its good enough for home usage (as long as its implemented correctly of course)
Click to expand...

I too was just about to post the above as I've had to check the product out as I've been looking at using BitLocker to replace BeCrypt 2 fact auth for when our customer decides that they want to try out W7.

I too would be interested in any articles relating to the ineffectiveness of BitLocker.
 
Bitlocker is used on my netbook in case it is lost or stolen mainly due to its portability. My main desktop I have held off so far.
 
Bry said:
well bitlocker has been approved for usage by CESG for data up to restricted level. If its good enough for CESG its good enough for home usage (as long as its implemented correctly of course)
Click to expand...

That is is.

CaptainCrash said:
Like the others, I can't see how BitLocker would be vulnerable if the attacker can't get past pre-boot authentication, but the best encryption in the world is only as good as the operator who uses it (stating the obvious I suppose).
Click to expand...

Unless the password is on a post it note stuck to the lid of the laptop ;)

I think the criticisms of omgz it's not secure come partly from the inherent dislike a lot of people have for MS, coupled with the Vista effect of it must just be rubbish anyway.

I've not really seen any hard evidence that Bitlocker is insecure and no good compared to it's peers.
 
Last edited:
nkata said:
Bitlocker is used on my netbook in case it is lost or stolen mainly due to its portability. My main desktop I have held off so far.
Click to expand...
Me too.

I think it would be naive and presumptious for non-experts to assume that, because they're using three-letter-agency-proof encryption, their (kiddyporn stash/plan to bomb Canary Wharf/Justin Bieber collection) is somehow immune from discovery... apart from all the potential user error gotchas, if push came to shove, a serious attacker could just kidnap your (wife/kids/gerbil) and present them back to you one small piece at a time, until you disclosed the passphrase.

Having said that, it really boils down to: is the value of the data worth more to an attacker than the overall cost of retrieving it, and for most "normal" purposes the answer will be a resounding no.
 
Ev0 said:
That is is.



Unless the password is on a post it note stuck to the lid of the laptop ;)
Click to expand...


Don't get me started on number of times I have asked for an encryption password only to find the user pulls it out on a post it note from inside the laptop bag :O
 
Use truecrypt, bitlocker has nsa backdoors. If you are going to encrypt your data, you obiviously have something to hide from the nsa...

"helping"

http://www.npr.org/blogs/thetwo-way/2009/11/nsa_microsoft_windows_7.html

Only problem with truecrypt is that there is no management console and if you lose the key, your data is gone.

I find the best way to encrypt data is to use truecrypt and create an encrypted file that can be mounted like an ISO image to a virtual drive within truecrypt. That way the drive is not encrypted just the data.
 
Last edited:
re bitlocker - an MS trainer recently told us of a lecturer at a seminar which cracked bitlocker in under 30 mins on stage. apparently it involved hibernate and the encryption keys being written to the hibernate file in plain text..
 
groen said:
Use truecrypt, bitlocker has nsa backdoors. If you are going to encrypt your data, you obiviously have something to hide from the nsa...
Click to expand...

use bitlocker as he already has it,

if the authorities want the data he will HAVE to give them the password or go to prison...

truecrypt only If the data will put OP in prison for more than 2 years (im assuming truecrypt does not have back doors i dont know its secure)
 
groen said:
I find the best way to encrypt data is to use truecrypt and create an encrypted file that can be mounted like an ISO image to a virtual drive within truecrypt. That way the drive is not encrypted just the data.
Click to expand...

That's what I do for a few things here at work, more so to stop others who might have access to our server from snooping :p You've still got to be mindful of any temp files/working directories etc though in this case.

As said if the NSA are after the data then they'll get it one way or another ;)

neil_g said:
re bitlocker - an MS trainer recently told us of a lecturer at a seminar which cracked bitlocker in under 30 mins on stage. apparently it involved hibernate and the encryption keys being written to the hibernate file in plain text..
Click to expand...

It's a known issue with many encryption systems that the keys are held in memory when you sleep/hibernate though I thought?

And that's not exactly cracking it, you need physical access to the machine and be able to somehow get at the file which whilst possible isn't exactly trivial.

A lot of the so called issues with Bitlocker people are higlighting are actually present other encryption software products.
 
edscdk said:
use bitlocker as he already has it,

if the authorities want the data he will HAVE to give them the password or go to prison...

truecrypt only If the data will put OP in prison for more than 2 years (im assuming truecrypt does not have back doors i dont know its secure)
Click to expand...

Has to give them a password ;)

TrueCrypt support plausible deniability, if you know what you are doing that is. It's a VERY VERY difficult thing to achieve fully but possible, fake OSes that get used, real OSes, fake data that gets 'used'. Making sure write cycles on disks appear normal to properly obfuscate hidden data/partitions/OSes etc.
 
You must log in or register to reply here.
Back
Top Bottom