Bruno: I subscribe to the list, there is no need to CC me. On 10/18/2016 09:53 AM, Bruno Friedmann wrote:
Trust me also the only way to not be catched and then be sorry, is encrypting the whole disk, so no leak at all
Catched at what? There are a whole pile of treats, attacks and vulnerabilities that having the disk encrypted when not in use won't protect against. Most attack trees work when the disk is active, when you are using it, and many invovle "you" rather than the disk. Having an encrypted disk won't help if you're spear phished, if you download malware, if you visit a malicious site and fall prey to some cross-site scripting attack. If I had to rate encrypting a disk while off-line as a security control, I'd rate it of less importance than many other items. Ultimately all it really protects against is someone stealing the disk when you're not using the machine. That's a backstop to physical protection. It might apply, indeed, for a laptop. There are many cases of laptops being stolen in a variety of circumstances. But if we're talking about a home computer or a corporate computer or a machine in a data centre, then there should be physical access controls in place long before anyone gets near the machine. Yes that's easier in a corporate setting, yes offices and home do get broken into. But there are many things more portable to steal than a computer. Yes, there's the scenario where a competitor wants to steal secrets, but most cases I've read about they stole the data by electronic means. Even the "Chinese Nuclear Spies" and Edward Snowden used USB devices rather than opening up computers and taking the hard drives. Ultimately its about Risk Management. No threat ==> No Risk --> no need for a control So back to the original point. What threat in WHAT CONTEXT are you using full disk to protect against? Could this be dealt with by the other means I've suggested? What controls do you have in place to protect against the higher risk thrreats? -- For effective security, risk must be mitigated at all layers of an organization, from physical, application, networking, social engineering etc. Any weakeness in any layer exposes an organization to risk. I do not see how a single solution can touch all layers. -- Lance Spitzner 16/Feb/01 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org