A familiar pattern: middle-level employee takes a work laptop, loaded with confidential data, and oposlya same laptop is lost or stolen it. An employee loses his job, the employer loses face, customers are outraged. System administrators and professionals from the technical support department, of course, have to act everything possible not to give offense to the secrets of the company (and employees from the consequences of their own foolish actions). But when mnogomudrye network journalists are advised to encrypt hard drives as a perfect algorithm for protection, I almost yelled.
Without a doubt, in certain situations, security must come first. Of course, I would have come in aggression, in the case would be our power, or my insurance company to transfer my own data to just anyone. But as an expert on the technical support of computers, I believe that encrypts the hard drive completely causes more problems than benefits. In the case of a normal situation, equipment is allowed to test, boot from an alternate carrier or from an administrator account, then the hard disk encryption software makes the testing equipment under the account owner of the computer impossible without destroying the existing security system. Excitement causes and potential difficulties with the management of passwords that can make relevant in the mass they use hard disk encryption. Every employee knows the technical support service, as is often necessary to change forgotten passwords. And when you encrypt your entire hard drive password loss leads to loss of all data stored on it.
Think, in most situations, and for the vast mass of users encrypt entire hard disk - an obvious bust. So what, pray tell, to encrypt a file folder installed on your computer? Moreover the application encrypts only the user's home directory, I seem to be largely redundant. Why make it difficult for specialists from the service desk troubleshooting or restoring files on your account?
In my view, the ideal output - used to store sensitive data encrypted disk images, and everything else to quit as it is. So confidential infa is securely protected, and security management is allowed to provide an account of each user. What is the most magnificent, the entire operating organization and profile remain unencrypted, so you can easily find solutions to every problems.
My favorite application is to create protected disk images - this is TrueCrypt, cryptographic free open source utility that runs on Windows XP, Server 2003, Windows Vista, and under Mac OS, and on Linux. TrueCrypt allows you to encrypt individual files or groups of data media entirely, if you prefer. One of the reasons why I love TrueCrypt - that is encrypted with this tool the data is read in all operating systems. Version of TrueCrypt for Linux can easily decrypt the data encrypted using TrueCrypt for Windows. The program, which works with any computer outside of the platform - a real godsend for the technical support seemed to me, and for my users is rather big advantage, in the case to look into the future.
What do you think? Do you think that encrypting your hard drive completely - one of the technology to defend sensitive data? Which application you are using for this? Have you encountered during maintenance computer difficulties caused by the practice of a sort of encryption? I look forward to your comments.
|