× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. November 2008

Re: How can I easily enable/disable remote access by User

Me oh my, where has this thread gone!

On Tue, Nov 11, 2008 at 7:00 AM, Adam Glauser <adamglauser@xxxxxxxxxxxx> wrote:
Lukas Beeler wrote:
The correct way to go is to use full disk encryption with TPM and a
PIN (e.G. using Bitlocker), and use multi-factor authentication (e.G.
User, Password, RSA Key Fob) for all remote access.

I'm not convinced that the TPM (Trusted Platform Module) part adds a
sufficient increase in security over non-TPM enabled full disk
encryption to justify the cost, particularly in the case of laptops.

IMHO full disk encryption makes sense for computers where you can't
really control the physical security and there will be sensitive data
stored on the machine. It is not justified for office desktops
because the data should be on a server and the office should have
reasonable physical security.

For one, is it really that much harder to steal the whole laptop that to
just steal the disk? Correct me if I'm wrong, but I think TPM only
provides extra security in the case of the attacker putting the disk in
a different machine.

Once the laptop is gone, then absent some kind of encryption the data
is available to a reasonably technical thief. It is naive to think
that a competitor will not try and steal the CEO's (or VP of R&D's)
laptop. I don't think full-disk encryption buys much security over an
encrypted file or volume (I use True Crypt), but it is far easier to
manage and administer for a bunch of devices.

Secondly, in most security systems the weak point is the user. I'd say
the money is better spent fostering a culture of security in your
organization. It is much less risky to attempt some sort of social
engineering attack to get at sensitive data than to go around stealing
laptops.

There will always be social engineering attacks, and education about
them is important. But that doesn't preclude using technology to cut
off avenues of access, and TPM is reasonable ways to do just that.
Whether the "insurance" is worth the money and additional trouble is
for each organization to decide.

---------
Tom Jedrzejewicz
tomjedrz@xxxxxxxxxxxxxx

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.