[CALUG] Opinions on whole Disk encryption (for Linux)
Sean Wilkerson
sean at seanandheather.com
Sat Feb 2 11:43:46 EST 2008
Rob,
Your post touches on an important question of why you would go with disk
encryption. Disk encryption is a burden on the system, OS, and
administration. It can frequently be a burden on the user as well (even
in the COTS solutions I have seen). I would expect that if an entity
deployed disk encryption, it would be mostly to protect confidentiality,
when this exposure would out-weigh the need for availability (as you
noticed).
Disk/volume encryption has its benefits, and in some cases might be a
requirement, but front-end leg work to develop a policy and guidelines
for its deployment, use, and mgmt are critical. With the federal
government currently deploying Full-Disk-Encryption on many of its
mobile devices, the policies and mgmt are the biggest debates.
In a nutshell, if you wish to deploy full-disk-encryption you should
first deploy (and test) a backup and recovery solution which works, and
ensure you continue to maintain the DR procedure and backups once you
integrate the encrypted FS/device.
Sorry I can't help more with the original post as to *FOSS*
recommendations on full disk encryption, though I am enjoying reading
other's experiences.
Sean
Rob Payne wrote:
> I don't want the drag this off topic, but wanted to mention my
> experience. This is probably more of a lesson in the importance of
> backing up, but my experience with file vault in OS X left me very
> cautious about using disk encryption.
>
> I experienced a rare instance where I suddenly could do nothing to
> interact with the operating system, not even to diagnose the issue. In
> the end, the only thing I could do was turn off the machine. The
> sparseimage for my home directory was corrupted as a result. After
> weeks of troubleshooting I still could not recover the image and had to
> create a new user account
>
> Yep, should have backed up regularly. I guess my point is that power
> and operating system issues do happen from time to time and can be much
> more difficult and time consuming to recover from and cause more data
> loss (even if you back up) when using disk encryption.
>
> -Rob
>
>
> _______________________________________________
> CALUG mailing list
> CALUG at unknownlamer.org
> http://lists.unknownlamer.org/listinfo/calug
>
More information about the CALUG
mailing list