Introduction to full disk encryption
Encryption is the process of converting plaintext to encrypted text. Encrypted text hides the original data from unauthorized users since encrypted text cannot be read by anyone. Using modern encryption algorithms, it is not easy or feasible to decrypt encrypted data, thus a breach of encrypted data is not considered reportable by many regulatory authorities.
Disk encryption
The encryption process makes use of symmetric and asymmetric encryption for encryption and decryption of data. If the encryption process uses the same key to encrypt and decrypt the data, it’s called symmetric encryption and if the keys are different then it's called asymmetric encryption.
In disk encryption, the whole data is encrypted and decrypted using the same key, thus it makes use of symmetric encryption. In full-disk encryption, each and every file stored on the operating system is encrypted using the encryption key. Hence, someone having access to the computer/laptop cannot read the data stored on the disk, thus the organization does not have to worry about data breaches due to lost or stolen devices.
Learn Applied Cryptography
Disk encryption types
Full disk encryption and file-level encryption are the two types of encryption available for encrypting data:
- Full disk encryption (FDE) - As the name says, FDE protects the entire volume and encrypts each and every file present on the system.
- File-level encryption (FLE) - FLE is file system level based encryption, it encrypts the data in individual files and directories.
Case study
The following organizations did not have disk encryption enabled and suffered data a breach due to a lost or stolen device:
- Lifespan: In Feb 2017, an employee’s MacBook was stolen, as a result, the PII of around 20,000 patients got leaked. Patient’s names, medical record numbers and ethnicities got compromised.
- Premier Healthcare: PII of 20,000 patients got leaked when an employee’s laptop was stolen in 2016.
- Heartland Payment Systems: In 2015, Heartland suffered an office break-in and one of their systems had social security numbers and banking information stored on it.
- Cancer Care Group: A stolen laptop leaked PII of 55,000 former and current patients due to which Cancer Care Group was asked to pay $750,000 in HIPAA fines.
- Lahey Hospital: In 2011, a laptop housing the PII of around 600 patients was stolen from an unlocked room due to which the hospital had to pay $850,000 in HIPAA fines.
Full disk encryption software
The following software can be used for encrypting and protecting the data present on the system:
- Apple FileVault
- Microsoft Bitlocker
- Veracrypt
- Check Point Sandblast Agent
- ESET Endpoint Encryption Pro
- McAfee Complete Data Protection
- Micro Focus ZENworks Full Disk Encryption
- R&S Trusted Disk
- Sophos SafeGuard Encryption
- Symantec Endpoint Encryption
- TrendMicro Endpoint Encryption
Full disk encryption on Windows and MacOS
The most important benefit of full-disk encryption is that none can access the data and files stored on the machine if they don’t have the secret key. Also, the primary pitfall of full-disk encryption is that none can access the data and files stored on the machine if no one has access to the password. Thus, even if the authorized person forgets the password, he/she may not be able to access the encrypted files and data on the system.
Windows users have the option of using Bitlocker and Mac users have the option of using Apple’s FileVault for storing and encrypting the data on the system. Both the softwares are inbuilt and present by default.
Both Apple’s FileVault and Microsoft Bitlocker offer options for recovering lost passwords to the end user. On Bitlocker, recovery information can be stored on the Active Directory server and FileVault backs up encryption keys to Apple iCloud. Also, a local copy of the recovery key can also be created if a traditional method is not available.
Best practices for drive encryption
Following are the best practices for drive encryption on any system:
- Backup your files - Backing up files ensures that the files and the data present on the system can be recovered if something happens to the hard drive.
- Use a strong passcode - Strong password that includes both letters and numbers should be made use of encrypting the data.
- Keep your recovery key in a safe place - A recovery key is the only way put to access the encrypted data on the system. Thus, it’s paramount to store the recovery key in a safe place. A password manager can be made use of for storing recovery keys.
Learn Applied Cryptography
Sources
- Hard Drive and Full Disk Encryption: What, Why, and How?, Miradore
- Top Full Disk Encryption Software Products, eSecurity Planet
- Full disk encryption: do we need it?, CSO Online
- ESET identity and data protection, ESET
Learn applied cryptography and cryptanalysis
What you'll learn:
- Cryptography fundamentals
- Public key infrastructure
- Blockchain technology
- SSL and TLS
- And more
In this Series
- Introduction to full disk encryption
- How does hashing work: Examples and video walkthrough
- How does encryption work? Examples and video walkthrough
- Planning for post-quantum cryptography: Impact, challenges and next steps
- Beginner’s guide to the basics of data encryption
- Structures of cryptography
- Role of digital signatures in asymmetric cryptography
- What is homomorphic encryption?
- Encryption and etcd: The key to securing Kubernetes
- Quantum cyberattacks: Preparing your organization for the unknown
- An Introduction to asymmetric vs symmetric cryptography
- Breaking misused stream ciphers
- Entropy calculations
- Blockchain and asymmetric cryptography
- Security of the PKI ecosystem
- Elliptic curve cryptography
- Methods for attacking full disk encryption
- Introduction to Public Key Infrastructure (PKI)
- Introduction to the TLS/SSL cryptography protocol
- Introduction to Diffie-Hellman Key Exchange
- Introduction to the Rivest-Shamir-Adleman (RSA) encryption algorithm
- 8 reasons you may not want to use VPNs
- Rivest Cipher 4 (RC4)
- Understanding stream ciphers in cryptography
- Cryptography Errors
- Understanding block ciphers in cryptography
- How to mitigate Credential Management Vulnerabilities
- How To Exploit Credential Management Vulnerabilities
- Poor Credential Management
- How Is Cryptography Used In Applications?
- Decrypting Downloaded Files
- Introduction to hash functions
- Introduction to Asymmetric Cryptography
- The Advanced Encryption Standard (AES)
- Fundamentals of symmetric and asymmetric cryptography
- Case Studies in Poor Password Management
- The ultimate guide to encryption key management
- Principles of cryptography
- Encryption vs Encoding
- Introduction to Cryptanalysis
- Secure Credential Management
- Introduction to Blockchain
- Blockchain Technology
- Virtual Private Networks (VPNs)
- Public Key Infrastructure: Architecture & Security
- Hash Functions
- Asymmetric Cryptography
- Fundamentals of Cryptography
- Symmetric Cryptography
- Introduction to cryptography
- Best tools to perform steganography [updated 2020]
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
