I've had this security question rattling around.....

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

JimB

Member
Oct 13, 2023
16
3
Let's start with a premise in the form of a question......What is the one primary thing almost any attack vector depends upon for success? Specific files in specific places with specific names. Now, in searching for an answer whether Full Disk Encryption can defeat attacks I got a wide range of "Yes it can.", "No it can't.", "Maybe." and the full gamut of intermediate responses. So, which is it?

If it can, why isn't that the universal response? If it can't why was it developed in the first place? This, from BitWarden, obviously biased but still valid, "The primary purpose of FDE security is to protect sensitive data on lost or stolen devices. By encrypting the entire disk, including the operating system, system files, and all data, it ensures that unauthorized individuals cannot access any information stored on the disk." Is this really true? If it is why is this not the norm.

If a sufficiently complex, entropic, cipher is used for FDE will this negate the need for any other type of mitigation? You can't effectively steal or compromise what you cannot rationally understand. You may be able to destroy it but that is all and backups can cover that contingency.

What say you.
 
What is the one primary thing almost any attack vector depends upon for success
The user. You get phished, or you're inattentive to keeping updates up to date, or you click a link or surf a site that is questionable, or you panic when reading a well crafted "spook 'em into action" email... etc. It's almost always about the user in some way, because they're where the money comes from.

Device encryption is meaningless in most cases related to malicious activity because very few people want a device that blocks them using it at every corner. It's the tried and true security vs convenience. You may remember the ads Apple used to attack Windows Vista related to this... people get fatigued constantly being asked to approve every action, and so they click yes when they shouldn't or they give the password to an attacker because they're "bamboozled". Since the OS needs to access the devices storage to be useful to you, it is not blocked from accessing that storage in general, and so when it needs to launch an app from the storage, whether its malicious or not isn't really under consideration because the device trusts the user and acts on its behalf.

TL;DR: No, device encryption is only valuable if your powered off device is taken from your possession. (If then, due to bugs and bypasses.)
 
If it can, why isn't that the universal response? If it can't why was it developed in the first place? This, from BitWarden, obviously biased but still valid, "The primary purpose of FDE security is to protect sensitive data on lost or stolen devices. By encrypting the entire disk, including the operating system, system files, and all data, it ensures that unauthorized individuals cannot access any information stored on the disk." Is this really true? If it is why is this not the norm.
The problem is that, in order for the user to use the data, it must be unencrypted, and for an attack to succeed, the machine must be in use. Thus, whilst the machine is switched on, FDE cannot protect your data. When the machine is switched off and the data is encrypted, FDE does protect it, but, the machine cannot be attacked as it is not on.

What FDE does protect against, is removal of the disk and trying to read it on another machine.