Self-Encrypting Drives Immune to MBR “BootKit” Attack on Software-based FDE Demonstrated at Last Week’s Black Hat Conference
The attack represented by MBR ‘bootkits’ demonstrated last week has been known for several years. That doesn’t make these security exposures any less serious, especially given the tougher legal data protection requirements for losing data. The potential impact on such an attack for enterprises is even more costly today than ever.
Self-encrypting drives were properly engineered to address MBR level threats and are an effective antidote to the “bootkit” attack. With self-encrypting drives managed by a software client such as Wave’s Trusted Drive Manager, only a “shadow” Master Boot Record (MBR) is exposed. The MBR is read-only, signed and different than the MBR exposed by the boot drive after it has been unlocked for normal boot operations. Similarly, in ATA-only mode, the MBR is fully encrypted until the drive is unlocked and decrypting.
# # # Company: |