Re: [Fed-Talk] WinMagic SecureDoc for Mac and Seagate SED
Re: [Fed-Talk] WinMagic SecureDoc for Mac and Seagate SED
- Subject: Re: [Fed-Talk] WinMagic SecureDoc for Mac and Seagate SED
- From: "Link, Peter R." <email@hidden>
- Date: Fri, 8 Oct 2010 12:48:58 -0700
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] WinMagic SecureDoc for Mac and Seagate SED
from Seagate product manager----
***How the Seagate SED works:
There are two keys on the drive:
Encryption key: Only the drive knows the key to encrypt/decrypt the data. This key is randomly generated within the drive itself and never leaves the drive. The drive is always encrypting/decrypting and cannot write plaintext (HDD binary equivalent of it) to the drive.
Authentication keys: These are the keys the user/admin uses to authenticate to the drive.
Additionally, there is a command to the drive that is possible called secure erase. This tells the drive to throw away it's encryption key and generate a new key. This instantly renders all data on the drive protected to the level of encryption. We have been talking with various agencies about getting this approved for disposal of drives.
***About bricked (locked with an unknown or defective key):
If the drive is locked the OS will not load. Authenticating to the drive is the only way to unlock the drive. The portion about encryption headers not being passed to the network is more likely an issue for the management software - the drive does not know anything about a network.
As you note, current generations of drives cannot be reverted to their original state but this is a feature that is under development for the next generation of drives.
On Oct 8, 2010, at 11:50 AM, Marcus, Allan B wrote:
> We use them. When we brick a drive we hire a local crop duster to drop the drive on top of the Seagate parking lot.
>
> We have not had any luck getting Seagate to tell us how to unbrick drives. They require us to send them in, which our ISSO will not allow. So for now, we just trhow them in a drawer until the glorious day when we can turn brinks into gold.
>
> ---
> Thanks,
>
> Allan Marcus
> 505-667-5666
>
> "Fast, cheap, good. Pick two"
> -- Project Management mantra
>
> On Sep 29, 2010, at 8:37 AM, Link, Peter R. wrote:
>
>> I'd like to hear from the fed-talk community on who has successfully implemented an enterprise (centrally-managed) solution for WinMagic's SecureDoc for Mac using Seagate Momentus SEDs (just managing these drives, not using WinMagic's software encryption). Seagate received FIPS 140-2 certification for these drives so that shouldn't be a hangup any more.
>>
>> Anything you can comment on?
>> Is there a federal working group pursuing this?
>> What have you done about locked (bricked) drives, thrown them away?
>> Has anyone asked Apple if they were interested in adding just the ability to managed SED drives to OS X? (I know, Apple can't comment on futures.)
>>
>>
>> Peter Link
>> Cyber Security Analyst
>> Cyber Security Program
>> Lawrence Livermore National Laboratory
>> PO Box 808, L-315
>> Livermore, CA 94550
>> email@hidden
>>
>>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
Peter Link
Cyber Security Analyst
Cyber Security Program
Lawrence Livermore National Laboratory
PO Box 808, L-315
Livermore, CA 94550
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden