Today's topic is a bit an extension of yesterday's "protecting laptops" tip. Derek wrote in saying:
I have used the "Ironkey" mentioned in his note. It is a USB stick designed with security in mind. The user has the option to "escrow" the password with the manufacturer. Of course, you can also just write it down. But the device will self destruct after the password has been entered wrong 10 times.
Back to the topic. One particular difficult task is off site backups. The SANS Newsbites newsletter is littered with reports of backup tapes getting lost. Some commercial backup solutions now include encryption. One challenge with backup tapes is the fast obsolescence of backup hardware. Proprietary encryption schemes will make it only harder to recover older backups. But its a valid solution if you need to protect backup tapes. Of course, many organizations move now to network based off site disk-to-disk backups. In this case, you can control physical security at each end point and protect the tunnel in between using some sort of encrypted vpn.
Other then that, a lot of the solutions mentioned in our prior diary apply to portable media as well. Truecrypt, dm_crypt, Bitlocker and knox are just some of the technologies. Fortunately, these portable devices are usually not boot drives, which makes encryption easier. Over the last few years, this has become a very competitive commercial market with many options to choose from. If you evealuate a solution thing about how you can recover a misplaced password. Is there a master password or key escrow option to recover data after an employee leaves? Is *all* the data encrypted? And don't forget Derek's advice: If you don't need it on the road, don't take it on the road.
Scooter wrote in with these points to consider was you evaluate a disk encryption product:
Any comments? Ideas? Please use our contact page.
I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020
Oct 16th 2007
1 decade ago