Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Current state of the art, encryption on ssd

Created: 30 Jan 2014 | 6 comments

Actually the points in focus are widely discussed in web.

However it is not easy to see what the current status is.

Sleek new computer came in. It is equipped with one ssd.

It is the boot disk with operating system on it. There won't be any additional

operating system on it.

No other internal disks are present. As soon as the usage of new comp will start the sensitive user data

will be stored on that ssd, apart from operating system, used software and non-sensitive

user data.

The question is if this is the only moment to carry out some measures of

protection / precaution in order to achieve the goal described below?

Goal:

- be able to remove the sensitive data from ssd in unrecoverable fashion if

the comp should be resaled some day in the future

- prevent the sensitive data from being accessed by unathorized persons

if some day this comp should be in repair service

If possible the goal seeked by other methods than whole disk encryption.

The goal is also to have a solution with none negative impacts

to usage of the computer in all other aspects.

If the answer to question asked above is "yes" what are the necessary

measures to be made now?

Can the goal be achieved in 100 per cent reliable way?

Operating Systems:

Comments 6 CommentsJump to latest comment

Alex_CST's picture

You can still use Symantec Encryption Desktop, but make use of the "Virtual Disk" function.  This is a virtual chunk of hard drive space that looks like another drive - it means you can still boot up without having to authenticate, but you need a password to gain access to the virtual disk.  

It's slightly less secure than WDE but if you don;t want full disk encryption, that's the next best thing in my opinion

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

dcats's picture

Hi OnSyman,

In addition to what is suggested by Alex you can also use Messaging (for encryption of emails) and NetShare.
However, the operating system and applications will always need to handle data and will use some location in the disk to store temporary files and so on. That data will be kept somewhere in the disk, which will be unprotected.
Excluding that, you would still need to be able to force users keeping their data in the Virtual Disk.

If you want to be 100% sure, you will need to use Whole Disk Encryption.

See http://www.symantec.com/drive-encryption
"Symantec Drive Encryption provides organizations with comprehensive, high performance full disk encryption for all data (user files, swap files, system files, hidden files, etc.)..."

Rgs,
dcats

Peter Schwep's picture

The question is if this is the only moment to carry out some measures of protection / precaution in order to achieve the goal described below?

This is indeed the only moment to do this, yes. Now the actually quite simple answers to Why? and How?:

Why: SSDs cannot be deleted in a reliable way that leaves no traces of the original data whatsoever. You can delete files with a software on your PC that was designed to delete traditional harddrives. However, SSDs might still keep junks of data somewhere, the software on your PC cannot see/check/recognize this at all (this is managed exclusively by the SSD). Instead you can use the internal delete commands of the SSD, this is supposed to delete all files safely. You cannot check what this really does, the SSD will do something and when it's done it will tell you that your files are safely deleted. There is no way for you to make sure that this really worked (unless of course you try to restore files, but this will require you to take apart the SSD and is out of scope in this description). So you need to trust what the manufacturer of the SSD claims (and even if the manufacturer is honest about it, there might still be an error in his code that prevents the data from being destroyed).

Therefore the only solution is to never save unencrypted data on the SSD in the first place. This also means that you can never decrypt the SSD again. You have a boot error and need to quickly decrypt the SSD to fix it? You do not decrypt it, instead will have to reinstall the system and encrypt again before putting any personal files onto the SSD. This basically means you need to make sure that even after the first successful encryption you have to make sure to never accidentally decrypt the drive. If you do so, go get a hammer and take it outside.

How: Use an encryption software that encrypts the whole drive. Macs come with FileVault and they support third party encryption software such as PGP Whole Disc as well. On Linux you have dm-crypt and LUKS, on Windows you have the Microsoft Bitlocker, Truecrypt and also PGP Whole Disc. There are a few more programs depending on the operating system in use (TRESOR on Linux etc). None of them have officially been cracked/hacked, given that you use a sufficiently safe password.

All of this is most likely overkill, first you have to ask yourself what you need protection against. Once this is answered you can think about how to achieve that.

atyoung's picture

A DoD complaint wiping tool should be utilized in any circumstance you are intending to re-purpose a drive containing confidential data, whole disk encrypted or not. There are any number of tools in existence to do this, many of them free.

The idea of the wipe is to pass over the data many times over with different date or in many/most cases 0's.

http://en.wikipedia.org/wiki/Data_erasure

These standards are as applicable for SSD's as they are for other hard drive media. 3 to seven pass wipe shouldn't have any tangible effect on the longevity of most SSD's with the exception of perhaps the very oldest tech, which should be out of production at this point anyway.

- Adam

Peter Schwep's picture

Dear Adam,

For SSDs the simple overwriting of all sectors does not achieve the same effect as it does on a hard disk drive. On a regular drive the sectors will be overwritten as intended, thus wiping with a common tool such as dd will suffice. Overwriting the drive with random data will overwrite everything, no exceptions (okay, there are exceptions, but for the purpose of this explanation I will leave it out).

On SSDs however, the flash memory is not written to directly, instead the SSD chooses (independently from the computer it is attached to!) where write requests from the computer will be applied to. An example: When attempting overwrite data, the controller decides to write the data somewhere else and then it sets a pointer to the new location. This leaves the old data intact, even though every operating system and every program on any os will report a successful outcome since it is unaware of the internal mechanisms of the SSD.

The 'ata secure erase' method I described in an earlier post of mine does work around that, since an internal mechanism of the SSD overwrites everything, but as I explained you cannot be certain that the feature does what it claims to do.

Of course this won't apply to most of the users reading this, but nevertheless: Claiming that methods for erasing HDDs are as applicable for SSDs is incorrect.

BR Peter Schwep

PGP_Ben's picture

It seems that the NIST says the safest way to still truly be sure your data is secure on an SSD you should use Whole Disk Encryption

As this is a link to a third-party site use caution:

http://www.mef-sas.com/SSDQA.pdf

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.