The problem is that it seems to have forced me to disable 'standby' mode and always use 'hibernate' mode with Windows. I'm told that this is because the BIOS is only invoked for the FDE password on powerup mode for hibernate or cold boot, not for standby. I know for a fact that my old Dell D620 laptop used a hard drive password and always asked me for it before I resumed from standby, so I'm skeptical as to why the FDE drive requires it.
We use wave.com trusted drive software embedded in the BIOS of the e6400. According to this link:
http://www.wave.com/news/press_archive/08/081110_Seagate.asp
they DO actually support secure Windows Standby mode, but who knows what that actually means or whether it relates to the platforms that we are using. It does mention some comments about 'vulnerability of FDE and exposing encryption keys.' Based on that, I suspect there are issues related to encryption keys staying in memory during standby mode that could theoretically be stolen.
My biggest complaint is always 'security for the sake of security' without really understanding what the threats and/or risks are. Basically: do you know who you are protecting against? FDE and even hard drive passwords protect against removing a drive from one computer and using another computer to read it the data. Assuming standby mode works properly, you should still be able to protect the drive in low-power mode simply by ensuring that the computer comes up locked and requiring a user password when it awakens. I admit the possibility that there are some sophisticated software attacks that can be used against the live machine (assuming it is stolen while in standby mode), but I haven't searched for any. I imagine it's a fairly sophisticated attack and will NOT include the casual thief who steals your laptop and sells the drive ebay to Joe Dumass.
Questions to answer:
- What are the threats against FDE and standby mode?
- What are the threats against standby mode, in general?
Mr. Mills,
ReplyDeleteI am Wave's CIO and would be happy to send to you (or anyone else who may have a similar interest) a short document which describes our products' Trusted Drive Manager Secure Standby Feature for the E6400 and other Dell platforms.
I would like to clarify that any former issues associated with standby mode for FDE are not due to threats or reduced security, but rather a result of the improved security which can only be provided by hardware-based FDE (now commonly referred to as Self-Encrypting Drives - SED).
Please contact our sales desk (877-228-WAVE) or our Customer Support team (800-WAVE-NET)and ask for me and I'll be very happy to assist you.
Ed Green
Wave Systems Corp.