Sign In
Register
Help
Posted 15 December 2009 - 07:41 AM
Quote
Full Disk Encryption: What It Can And Can't Do For Your Data
Protection depends on how implementation -- and user know-how
Dec 14, 2009 | 04:39 PM
By Serdar Yegulalp, InformationWeek
Special to Dark ]Reading
[b]How Disk Encryption Works
System-disk encryption, or full-disk encryption, involves encrypting the operating system partition on a computer and then booting and running with the system drive encrypted at all times. If the computer is stolen or lost, all the data on the drive -- including the OS itself -- is unreadable without that volume's key. The data on the system can be considered a write-off without the need to remotely wipe the device.
When you boot an encrypted system, you need to provide a decryption key at boot time. The key could be any number of different things -- a password; a USB flash drive with the decryption key; an RSA token-generating device; a fingerprint in conjunction with a Trusted Platform Module; or a combination of the above, in some variety of two-factor authentication. For the most part, the only thing that changes for the end user is the boot process, and then only minimally.
Protection depends on how implementation -- and user know-how
Dec 14, 2009 | 04:39 PM
By Serdar Yegulalp, InformationWeek
Special to Dark ]Reading
[b]How Disk Encryption Works
System-disk encryption, or full-disk encryption, involves encrypting the operating system partition on a computer and then booting and running with the system drive encrypted at all times. If the computer is stolen or lost, all the data on the drive -- including the OS itself -- is unreadable without that volume's key. The data on the system can be considered a write-off without the need to remotely wipe the device.
When you boot an encrypted system, you need to provide a decryption key at boot time. The key could be any number of different things -- a password; a USB flash drive with the decryption key; an RSA token-generating device; a fingerprint in conjunction with a Trusted Platform Module; or a combination of the above, in some variety of two-factor authentication. For the most part, the only thing that changes for the end user is the boot process, and then only minimally.
Full story at darkreading - http://www.darkreadi...tion=Encryption
MultiQuote