Re: [Thinkpad] Thinkpad Hard Drive Passwords

From: Bennett Smith <bennettsmith_at_idevelopsoftware.com>
Date: Sun Feb 01 2004 - 18:46:36 EST

Greg,

You should consider taking a look at some of the newer ThinkPad systems
that come with a built-in security chip that can do on the fly hardware
encryption of all data going to/from the disk. The advantage of this
over OS level encryption is that even the boot record is encrypted.
This can be coupled with a smart card reader and company issued smart
card keys to make it very secure to keep sensitive data on a ThinkPad
hard drive. Obviously there is more to setting this up than just going
into the BIOS and enabling a hardware password. There will be a cost
associated with this level of security, but in your business I expect it
 is well justified.

Check you IBM's site where they have some great discussions of this
technology. Sadly, it only seems to be included in some of the newer
ThinkPad systems so it may not be an option for all your employees. (Or,
 this may be just the opportunity you were looking for to justify
upgrading everyone's systems!)

Cheers 

---
Bennett Smith
CEO / Software Architect
iDevelopSoftware, Inc.
--- "Greg Langham" <greg@ubh.com> wrote:
Hi all,
Our IT shop supports a financial instituion where Gramm-Leach-Bliley (the "Privacy Act") is of importance. The bank examiners are tellling the bank that notebook computers need to be protected in the event of theft, loss, etc.
Beyond implementing the normal things (such as power on passwords, OS best practices, etc.) the examiners want notebook drives encrypted. Their concern is that a drive from one machine could be moved to another machine and read. When we mentioned hard disk passwords, they wanted more information regarding the implementation.
I know the Thinkpad hard disk password "follows" the drive. We have tested the disk password is "user+master" mode it and it works great. 
Still, I would like to hear everyone's opinion on whether this is an adequate security measure for protecting the hard drive data (rather than encrypting it.) If there are work-arounds to the password, I would like to know that they exist, though I really don't want to how to do it. I would also be interested in other thoughts you might have on the subject.
Thanks,
Greg
 
_______________________________________________
Thinkpad mailing list
Thinkpad@stderr.org
http://stderr.org/cgi-bin/mailman/listinfo/thinkpad
_______________________________________________
Thinkpad mailing list
Thinkpad@stderr.org
http://stderr.org/cgi-bin/mailman/listinfo/thinkpad
Received on Sun Feb 1 18:48:57 2004

This archive was generated by hypermail 2.1.8 : Fri May 26 2006 - 16:02:03 EDT