dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
29
Shady Bimmer
Premium Member
join:2001-12-03

Shady Bimmer to Kilroy

Premium Member

to Kilroy

Re: Chrome users at risk for Identity Theft

said by Kilroy:

Implement the security that makes you comfortable and that you feel like dealing with.

That still doesn't help answer the question. I had already provided my suggestion to XXXXXXXXXXX1 See Profile in another forum here.

Full disk encryption is to protect the data from unauthorized physical access. This would include the case of a lost or stolen laptop. It could also include the case of returned a failed drive to a vendor under warranty, or giving/selling the drive to another individual. Yes, secure erasing would help in that last case, but it is far easier to recover data from an erased drive (even "secure" erase that is not secure enough) than from an encrypted drive.

Kilroy
MVM
join:2002-11-21
Saint Paul, MN

Kilroy

MVM

It does answer the question. Only you can decide the security that makes you comfortable and that you are willing to deal with. I can create a very secure security plan, including back ups, but the trouble required is not worth the data being secured.
said by Shady Bimmer:

it is far easier to recover data from an erased drive (even "secure" erase that is not secure enough) than from an encrypted drive.

And you can provide documentation of a successful recovery of securely erased drive? I have real world experience of entire drives of encrypted data being lost due to a few bad sectors. I also have real world experience of users who back up their encrypted data to a portable hard drive unencrpyted and store said hard drive with their laptop. Security may make you feel safe and secure, but the reality is you are probably neither from someone determined to access your data. Users will make every attempt to weaken your security while following your security policies.

Personally I have sufficient security in place to thwart the passerby, but do not go overboard to prevent a determined party.
Shady Bimmer
Premium Member
join:2001-12-03

Shady Bimmer

Premium Member

said by Kilroy:

It does answer the question. Only you can decide the security that makes you comfortable and that you are willing to deal with. I can create a very secure security plan, including back ups, but the trouble required is not worth the data being secured.

You did not provide advice to help answer the question, but this is a pointless discussion.
said by Kilroy :

And you can provide documentation of a successful recovery of securely erased drive?

Did you miss the comment about "not secure enough"? It takes a bit to properly securely erase a drive such that it can not be recovered.
said by Kilroy:

Personally I have sufficient security in place to thwart the passerby, but do not go overboard to prevent a determined party.

So you think full disk encryption on a laptop drive is going overboard (your words, not mine)? If that is your opinion that is fine but I think it shows there is no need to continue further.

Kilroy
MVM
join:2002-11-21
Saint Paul, MN

Kilroy

MVM

said by Shady Bimmer:

So you think full disk encryption on a laptop drive is going overboard (your words, not mine)?

You can point this out to me? I don't own a laptop. I use one for work and it is encrypted with BitLocker. If my work laptop becomes corrupted and cannot be read it is not an issue, there is nothing of value stored on it, it is a tool.

I cannot advise someone else on how much security they should have. I can create a layered security solution that offers much protection, but it still will not prevent a determined organization from obtaining the data while still being useful.

Case in point as soon as the machine connects to a device, network, or other machine you have created a hole in the security.

When you figure that we're running billions of lines of code, written by millions of different people, on thousands of hardware combinations it is amazing that anything works and your security can be compromised by any link in the chain.