informa
Announcements
Event
How to Launch a Threat Hunting Program | Webinar <REGISTER>
Event
How to Accelerate XDR Outcomes: Bridging the Gap Between Network and Endpoint | Webinar <REGISTER>
Report
Black Hat USA 2022 Attendee Report | Supply Chain & Cloud Security Risks Are Top of Mind | <READ IT NOW>
PreviousNext
Risk
2 MIN READ
News

Full Disk Encryption: What It Can And Can't Do For Your Data

Protection depends on how implementation -- and user know-how
Dark Reading Staff
Dark Reading
December 14, 2009
  • Pre-boot Attacks: Much has been made recently of attacks on whole-disk encrypted systems that revolve around the pre-boot environment, where much of the initial decrypting is done. That said, most of these attacks (such as the "Stoned" bootkit attack can only be implemented if the user can be tricked into running a malicious program as administrator -- much more difficult in a managed environment where the end user cannot do such things casually. Nothing, however, precludes such an attack from using an existing software defect to gain privilege elevation, so this should be considered a pervasive if distant threat.

  • In-memory Attacks: More difficult, but still theoretically feasible, is recovering the encryption keys from DRAM after the power has been cut . Some encryption systems have at least partial ameliorations for this -- for instance, BitLocker has a policy setting to force the clearing of system memory at restart, which reduces the possibility of a key being recovered from RAM. This should be considered an unlikely method of attack, but at the same time it's worth making use of any countermeasures that might help stave it off -- the biggest being retaining physical control of the encrypted unit at all times!

  • Unencrypted, "Stray" Data: An encrypted system drive doesn't mean other drives in the same system are also encrypted, and it doesn't mean removable drives attached to the system are encrypted by default. This is something best controlled by other system policies -- for instance, by forbidding the use of removable drives, and not allowing other partitions to be created on the same system.

  • Disk Failure: The threat of disk failure poses a whole raft of problems all its own. If an encrypted system disk fails, the data on it is most likely forfeit; data recovery tools need to read directly from the disk, and are generally not aware of on-disk encryption. The odds of this happening are generally low, but with a large enough pool of devices it's guaranteed to happen sooner or later -- so have an encrypted data-backup plan in place, too.

    Because system-disk encryption in software is still relatively new, it probably still has the flavor of something exotic and relatively untested. This isn't far from the truth, especially if you haven't given it a shakedown in your own organization due to questions about the implementation.

    However it's put to use, one key truth should always be in mind: disk encryption is not security. Or, rather, disk encryption is not the sum total of security for a system; it's one of many things that can enhance security. Full-disk encryption works best when it's part of a total protocol for the care and handling of a piece of hardware constantly on the go.

    • More Insights
    White Papers
    More White Papers
    Webinars
    More Webinars
    Reports
    More Reports
    Editors' Choice
    Top macOS Malware Threats: Here Are 6 to Watch
    Jai Vijayan, Contributing Writer, Dark Reading
    Dark Reading Launches Inaugural CISO Advisory Board
    Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading
    Meet Charlotte, CrowdStrike's New Generative AI Assistant
    Dark Reading Staff, Dark Reading
    'Volt Typhoon' China-Backed APT Infiltrates US Critical Infrastructure Orgs
    Tara Seals, Managing Editor, News, Dark Reading
    Webinars
    More Webinars
    Reports
    More Reports
    White Papers
    More White Papers
    Events
    More Events
    More Insights
    White Papers
    More White Papers
    Webinars
    More Webinars
    Reports
    More Reports