This Content Component encountered an error

Frequently asked questions-Storage Security FAQ

Hacking and encryption <<previous|next>> :Can a SAN or NAS environment really be hacked if it's behind a firewall?


What's the best way to lock down mobile drives to keep them secure?

You have several options. You can perform full disk encryption or just encrypt a specific partition on the drive. There are pros and cons to each. With full disk encryption, everything is locked down and secure. If the drive is stolen or lost, nobody will access the data. There is a loophole when encrypting laptops. If the laptop is stolen while the unit is powered up and a user is logged in, the disk may be in its unlocked state and data on the drive may be accessible. There are many benefits to full disk encryption, but there are drawbacks; people lose their passphrases, drives can still fail and it's important to use a centrally managed encryption system so that an administrator need not physically manage each individual machine. I personally lost several days trying to restore one of my own disks that had been fully encrypted.

There is also a lot of value if you'd prefer to create an encrypted partition on a drive, rather than encrypting the entire disk. The problem with encrypting partitions, or encrypting certain folders using Windows EFS built into Windows XP, is that you're now relying on users to store their sensitive information properly -- users must choose to place their data on the protected partition. Unfortunately, it's poor practice to rely on the user to store data securely. People get careless, they get busy, they get distracted and they'll wind up storing data on their desktop or some other unsecure location.

Still, these are the two best options. While this mostly relates to laptops, don't forget about servers and workstations that are susceptible to physical theft, as well as thumb drives, external hard drives and other mobile storage devices.

Listen to the Storage Security FAQ audiocast here.

Go to the beginning of the Storage Security FAQ Guide.

14 Mar 2007