[FDE] Can you keep a secret? This encrypted drive can...

[Saqib Ali]

> I believe pointsec can leverage existing auth stores; we'd had
> some discussions internally and if I recall correctly they could
> cache a credential from an AD domain.

Yup. Cached credentials is offered by few others (like Secude) as
well. But it is not "real" network authentication. You might run into
issues when the passwords fall out of sync. Here is an example:

1) The user's AD password is expired.
2) The users is forced to change the password on his/her "Desktop" in
the office.
3) On a business trip the user tries to login into his FDE protected
Laptop with the NEW password. Is unable to, and the exceed the
incorrect passwd limit.
4) Now the user has to login using the key stored on a backup media.

Note: In this case there are two machines (desktop and laptop)
involved, which is not very uncommon these days.

> I'm
> putting in my evaluation for pointsec in the near future and we
> will kick the tires.

Note: If you don't mind, can you share your evaluation criteria with
us. Also if you are doing a Kepner Tregoe Analysis on various FDE
solutions I would like to see the Must Haves and the nice to haves and
risk analysis.

Thanks
saqib
http://www.full-disk-encryption.net