Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Revisiting VMWare ESX backup options

On 11/04/2014 10:27 AM, Richard Pieri wrote:
> The encrypt everything ideology is nothing more than security theater:
> do something that provides a warm and fuzzy feeling without addressing
> the real problem of poor or nonexistent physical security. If you
> maintain good physical security then the devices won't be lost or stolen
> in the first place.

I think that's a bit unfair; physical security can be just as difficult 
in practice as software security.  I once timed AAA unlocking a car 
whose keys were locked inside: 11 seconds from walking up to the car to 
open door.  Criminals have the same tools.

Not everyone can have a bank vault to put their computers in. 
Whole-disk-encryption is decent protection against thefts of 
opportunity.  Thefts of opportunity (i.e. you weren't specifically 
targeted for theft, you were just in the wrong place at the wrong time) 
aren't after the data, they just want to resell the hardware.  If the 
data is easily accessible and can be easily determined if there's 
additional value, all the better.  But if there's significant cost to 
even figuring out whether the data on that laptop has value, it's 
usually not worth it.

It's much harder to defend against targeted thefts, because you have to 
assume that the thief will employ every possible trick to get the data 
from your laptop (and shutting down your laptop doesn't necessarily make 
your encryption key unrecoverable from memory: 


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /