10.7. Data Encryption
In the event that a laptop or USB drive is lost or stolen, usually the first concerns raised involve the data it contains rather than the financial loss caused by the equipment itself. At least I would hope so. There are a number of technical solutions to ensure that even if a laptop or other media is stolen it is impossible to retrieve its contents. Such solutions range from securing files, directories and partitions to encrypting the entire hard drive and I strongly recommend the latter.
A popular 'solution' at present is the use of ATA passwords, which lock the platters of the hard disk itself to prevent access to data. However, this is trivial to bypass and the underlying data itself is not encrypted. It should never be relied upon.
Deploying hard-disk encryption across the enterprise will greatly increase your peace of mind when it comes to data security but will certainly increase your user support work load. Therefore it is essential that users receive the training they need in this technology and that its implementation is formalized in the security policy. The following policy statements are suggested:
All user equipment comes with [insert preferred tool] hard-disk encryption installed. Users should not attempt to modify or tamper with this installation but are required to use it as provided.
The passwords and tokens required to access encrypted media should be kept secret and not shared with other people, including other users.
Additional non-networked ...
Get Unauthorised Access: Physical Penetration Testing For IT Security Teams now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
