Can you make an image (encrypted, of course), of the drive
without having the key? If not, how do you get your secretary or IT guy
to make a backup of the system?
Yes, the encrypted backup would have to include all of the data blocks
on the disk, which makes backups take longer and take more space,
but that is a good tradeoff for security in many cases.
I personally use TrueCrypt to completely encrypt the hard drive. Nice about it is that I can select what cyper to use and it's completely transparent to the OS with little overhead. Also use to encrypt my flash drives and external hard drives.
Recovery is easy. During creation it'll create a recovery CD with the original headers so if it ever gets damaged or lose the password long as you know the original password you can recover the data. Just have to keep the CD in a safe place...still requires a password to use the CD.
Wait, the key is stored on the drive protected only by physical barriers? Oh man. No wonder it only achieved Level 2 certification (there are 4 levels).
[citation][nom]randomizer[/nom]Wait, the key is stored on the drive protected only by physical barriers? Oh man. No wonder it only achieved Level 2 certification (there are 4 levels).[/citation]
Agreed. It's impressive technology, but if anyone really wants the data and has physical access to the drive they will still get it.
[citation][nom]theoutbound[/nom]Agreed. It's impressive technology, but if anyone really wants the data and has physical access to the drive they will still get it.[/citation]
If the drive had Level 3 or 4 certification it would have to erase all plain text cryptographic keys upon opening of the drive. It wouldn't be so much of an issue if that was the case here. But this drive won't do that.
[citation][nom]mark0718[/nom]Can you make an image (encrypted, of course), of the drivewithout having the key? If not, how do you get your secretary or IT guyto make a backup of the system?[/citation]
Most company systems will sync up to a profile which is stored on the company servers. The local hard drive could get trashed and a new drive put in and the profile syncs up again.
>FIPS 140-2 certification from the U.S.
>National Institute of Standards and Technology (NIST).
Isn't that like gov't saying, "Here is a lock for the chicken house that we designed for you. Don't worry. We won't ever use the key we designed to access it"
[citation][nom]digitalgriffin[/nom]>FIPS 140-2 certification from the U.S. >National Institute of Standards and Technology (NIST).Isn't that like gov't saying, "Here is a lock for the chicken house that we designed for you. Don't worry. We won't ever use the key we designed to access it"[/citation]
Not really, it's just a set standards just like any other set of standards (and pretty generally defined when you read the document) whether it's from UL, IEEE or any other of the bajillion standards agencies (private, public and gov't) that are out there. Put away the tinfoil hat, roads and hard hats have gov't standards too and it's hardly an evil gov't plot to steal your dvd collection.
Well it seems to be an overriding conflict of intrest maestintaolius.
Did you know the largest single contributor to anonymizer is the US government? When you make the US gov't the keepers to our secrets, who watches the keepers?