× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



On Tue, Nov 11, 2008 at 4:00 PM, Adam Glauser <adamglauser@xxxxxxxxxxxx> wrote:
I'm not convinced that the TPM (Trusted Platform Module) part adds a
sufficient increase in security over non-TPM enabled full disk
encryption to justify the cost, particularly in the case of laptops.

TPM is standard in all business class laptops from Lenovo and HP (not
that familiar with other manufacturers). So, there is no additional
cost.

Bitlocker is also included for free in Windows Vista Enterprise.

For one, is it really that much harder to steal the whole laptop that to
just steal the disk? Correct me if I'm wrong, but I think TPM only
provides extra security in the case of the attacker putting the disk in
a different machine.

No, it also protects against modification of the existing machine.

Consider the following scenario of industrional espionage:

CEO arrives at hotel, puts laptop into hotel room.

Hotel room is opened, disk removed, disk copied (but unreadable
because of encryption). The laptop is flashed with a modified BIOS
that presents the FDE password screen and then sends the password to
the attacker, the next time the CEO attempts to start his laptop. Disk
encryption broken, game over.

TPM on the other hand verifies the integrity of basic system
components like the BIOS and the OS bootloader (the latter which could
be modified by a trojan in another scenario).

Secondly, in most security systems the weak point is the user. I'd say
the money is better spent fostering a culture of security in your
organization. It is much less risky to attempt some sort of social
engineering attack to get at sensitive data than to go around stealing
laptops.

You're right, but it's not a question of "FDE OR education", you
obviously should do both. Problem is, if you have sensitive data on
your laptops (which sometimes is a must, depending on the company),
you want to ensure that it does get stolen.

There could also be identity theft issues, which could be very costly
even if the attacker doesn't even attempt to get the data.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.