[FDE] Can you keep a secret? This encrypted drive can...

Bryan Glancey bryan at mobilearmor.com
Wed Nov 8 07:09:56 MST 2006 

Just fyi. Two things:

 Before I founded Mobile Armor I was VP of Pointsec.

 Mobile Armor does this authentication at preboot with network connectivity so it can sync realtime with things like your LDAP server (ie change your password in the pre-boot and it changes your windows password)

Bryan

------------------------------------
Mobile Armor
Bryan E. Glancey
Co - Founder & Chief Technology Officer
bryan at mobilearmor.com
400 South Woods Mill Rd.
Suite 110
Chesterfield, MO 63017
tel: 877-276-6778
fax: 877-277-7369
mobile: 314-495-2048
http://www.mobilearmor.com/> 
------------------------------------
Sent from my BlackBerry Wireless Device


-----Original Message-----
From: Saqib Ali <docbook.xml at gmail.com>
To: curtw at siu.edu <curtw at siu.edu>
CC: Bryan Glancey <bryan at mobilearmor.com>; fde at www.xml-dev.com <fde at www.xml-dev.com>
Sent: Wed Nov 08 07:26:24 2006
Subject: Re: [FDE] Can you keep a secret? This encrypted drive can...

> I believe pointsec can leverage existing auth stores; we'd had
> some discussions internally and if I recall correctly they could
> cache a credential from an AD domain.

Yup. Cached credentials is offered by few others (like Secude) as
well. But it is not "real" network authentication. You might run into
issues when the passwords fall out of sync. Here is an example:

1) The user's AD password is expired.
2) The users is forced to change the password on his/her "Desktop" in
the office.
3) On a business trip the user tries to login into his FDE protected
Laptop with the NEW password. Is unable to, and the exceed the
incorrect passwd limit.
4) Now the user has to login using the key stored on a backup media.

Note: In this case there are two machines (desktop and laptop)
involved, which is not very uncommon these days.

> I'm
> putting in my evaluation for pointsec in the near future and we
> will kick the tires.

Note: If you don't mind, can you share your evaluation criteria with
us. Also if you are doing a Kepner Tregoe Analysis on various FDE
solutions I would like to see the Must Haves and the nice to haves and
risk analysis.

Thanks
saqib
http://www.full-disk-encryption.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.xml-dev.com/pipermail/fde/attachments/20061108/6c0fbabd/attachment.html

More information about the FDE mailing list