sl125
Member of DD Central
Posts: 85 
Likes: 64
|
Post by sl125 on Feb 9, 2017 18:06:36 GMT
Encryption sounds simple. If you are one person it is as simple as it sounds. If you are a company it is not. It's easy to say but hard to do. No, not that hard. I was involved in several projects along these lines nearly a decade ago, and there were several options for business-wide manageable encryption even then. If it's "not that hard", then why do so many data breaches occur, and why are such breaches becoming more common? Maybe the options you had a decade ago are no longer relevant today. Increasingly, it is getting much harder to implement robust enterprise security, simply because there are now so many types of threats and attack vectors, especially as more services are provided in the cloud. The NCSC has an interesting set of guides: www.ncsc.gov.uk/guidance/implementing-cloud-security-principles
|
|
adrianc
Member of DD Central
Posts: 10,031
Likes: 5,152
|
Post by adrianc on Feb 9, 2017 18:20:39 GMT
No, not that hard. I was involved in several projects along these lines nearly a decade ago, and there were several options for business-wide manageable encryption even then. If it's "not that hard", then why do so many data breaches occur, and why are such breaches becoming more common? Complacency and indolence. The usual reasons.
|
|
kulerucket
Member of DD Central
Posts: 336
Likes: 93
|
Post by kulerucket on Feb 9, 2017 18:59:18 GMT
I agree it's not hard at all. There are plenty of modern off-the-shelf full disk encryption solutions that work as a layer below even the disk partitioning layer. Some of them totally free. My work laptop for instance forced me to set the encryption up the first time I booted it and from then on it's totally seamless. Password protection for the user account is worthless without encryption.
|
|
twoheads
Member of DD Central
Programming
Posts: 1,089
Likes: 1,192
|
Post by twoheads on Feb 9, 2017 19:00:14 GMT
The article made no reference to "encryption", only that laptops were "password protected". Password protected laptops ≠ Encryption! Indeed...
At least with MS windows: if you don't know the password, simply remove the disk drive and insert it into a system in which you are an administrator.
In most circumstances, if the data on the disk has not been encrypted then you will immediately have full access to it. It is possible that a knowledgeable user could have protected their files from administrator access; but such user's are few and far between.
If the data is encrypted however, you will need to break the encryption which will take a chunk of work and may be very difficult indeed.
|
|
kulerucket
Member of DD Central
Posts: 336
Likes: 93
|
Post by kulerucket on Feb 9, 2017 19:31:02 GMT
You don't even need to get a screwdriver out. A Trinity Rescue Kit boot disk will just let you reset the local Administrator password. Job done. Breaking 2048 bit encryption is more than very difficult, it's not possible unless you have a spare few quadrillion years or can build a functional quantum computer. EDIT: I'm reminded of this xkcd.com/538/ |
|
dzo
Member of DD Central
Posts: 158
Likes: 150
|
Post by dzo on Feb 9, 2017 20:14:47 GMT
I believe it's still possible to gain administrator access on (unencrypted) Windows by renaming executables so they get run on startup.
That's an improvement from the Windows 95 days where you could just open task manager and kill the logon task.
|
|
