Re: [Fed-Talk] Army to Encrypt Computers
Re: [Fed-Talk] Army to Encrypt Computers
- Subject: Re: [Fed-Talk] Army to Encrypt Computers
- From: "Timothy J. Miller" <email@hidden>
- Date: Mon, 28 Aug 2006 08:40:31 -0500
Amanda Walker wrote:
The biggest one, especially desirable to us for laptops (and other
machines to which an adversary could easily gain physical access) is
deniability--It would be extremely desirable if a lost or stolen machine
wasn't identifiable as belonging to our organization, even if you popped
out the disk and mounted it on another machine (the big threat that
full-disk encryption helps to counter). If a machine is lost or stolen,
we'd really like it to be *only* an inventory problem, not an
information or operational security problem.
You'll have to take all the inventory stickers off, then. Now it really
is an inventory problem. :)
As far as reliability goes, we expect machines to fail for all sorts of
reasons, so a slightly increased chance of failure from full-disk
encryption isn't a major problem as long as the incidence is low. The
odds of theft, covert physical access to the machine, or drive failure
appear quite a bit higher than the odds of whole-disk encryption eating
the disk.
Can you say for certain that the incidence of theft is greater than the
incidence of failure?
Unfortunately, for the private sector there seems to be no third party
smart card or token system available that provides similar capabilities
to a CAC. CRYPTOCard comes closest, but doesn't live up to all of its
marketing claims.
A CAC is really just a JCOP card with a special applets. You can buy
these anywhere, and ActivIdentity would be more than happy to supply
their applet, which is all you need.
-- Tim
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden