Is a Self-Encrypting Drive Necessary for You?
For people who are far from various IT technologies, the concept of SED will be unfamiliar. However, readers of our blog about cybersecurity have probably already heard this abbreviation and know that it stands for “self encrypting drive.”
However, it is worth mentioning that a SED is a special type of the disk that can automatically encrypts the confidential data that stored on the disk without the user’s participation. SED manufacturers often do not advertise this feature to the public, so many people don’t realize that even one of the most popular drives, the Samsung 840 Pro SSD.
Follow the latest security posture methods to prevent any cyber threats!
So, SED automatically encrypts all data stored on the disk. Additionally, to completely clean the disks and recycle the information, the user can generate a new DEK and the SED will be automatically cleaned.
Today we will tell you more about the self encrypting drive and why it is needed.
Previously, we’ve told you about Wi-Fi security keys. If you’ve missed the topic, you can read the article here.
What is a self-encrypting drive?
SED is a disk that uses automatic data encryption and decryption technologies, without user control of the process. Although the encoding and decoding action is not the most protected process. But with SED, this action happens in the most secure way. It sets a random key for authorization, which will function as a password. Thus, no one will be able to access private information until the password is entered.
*Note: The number of password attempts is strictly limited.
In addition, it should be borne in mind that if the user wants to connect SED encryption to another device that can’t support the SED, the drive can’t work. It happens because motherboard can not independently enter the necessary key that opens access to the information. In this case, the disk remains locked without any possibility of unlocking.
To unlock it, you will need to perform the following actions: move the disk to a working and supporting system, enter the correct key for authorization, and get the necessary data.
Read more about the cybersecurity framework here.
Disadvantages of SED
If we have already considered the positive aspects of SED, let’s pay attention to the negative aspects.
One of the main disadvantages of SED is that when you unlock the disk, it will remain so until the computer is completely turned off. That is, the disk lock is not affected by restarting or hibernating the computer. You can block it only by turning off the computer, waiting for a while, then turning it on and entering the password for authentication.
How to protect your data online? Read our guide on this topic and prevent any data leaks.
Therefore, if you chose SED as the main method of encrypting data, then forget about sleep mode. It would be a good idea to get used to shutting down the system when you’re not using it.
Another drawback is rising when a user tries to set up all configurations. For example, you can simultaneously use only a few encrypted disks, and even set up a software RAID (redundant array of inexpensive disks), but you can’t do something more complex like a hardware RAID.
How to start using an SED
Of course, the use of an SED will not be able to provide a 100% guarantee of data protection. Besides, to take full advantage of SED encryption requires full compatibility with the motherboard. For example, built-in functions such as encrypting and decrypting data and erasing it will work with any motherboard, but if the user wants to be able to set the authorization key, they need a motherboard to support this feature.
Today, many electronic devices have built-in support for various authentication keys without additional BIOS customization. At the same time, you can often find a case when the user is faced with installing the authentication key through the BIOS.
Such well-known suppliers of equipment as Samsung, Asus, and many others claim that their devices fully support this function. But in some cases, this feature is disabled. The developers block this function to prevent various threats connected with users’ password forgetfulness.
Read our checklist to ensure your online privacy!
How can you manage the drive password?
However, this built-in feature is not supported on all motherboards. In this case, you will need to use additional software. One of the options may be Winmagic. It is also possible to do this manually using a specially created Linux environment.
Here you can find needed instructions. Then, when you load the required Linux environment, you will need to perform these steps.
Note that the first action you should take is to unfreeze the existed SED. Then, you can disable it and add a new password.
How to come up with the best password? We’ll tell you the most secure way here.
Follow the instruction below to discover and unfreeze your drive:
- Choose the terminal option on push on the combination “Ctrl+T.”
- Find root privileges and click on the “su.” Enter the password.
- Add the command “Isblk.” Find the needed disk to disable and change SED encryption.
- Add the “hdparm -I /dev/X” command, where X is the drive name. You should see the phrase “enabled”. In other case, you can see the phrase “not enabled,” SED is not enabled on the drive. So, the encryption hasn’t’ been included or you choose the wrong drive.
- Usually, the drive will be highlighted as “frozen.” To unfreeze it, you can put your computer into sleep mode. After 10 seconds, you should wake up the system.
- Then, repeat the previous action with the command “hdparm -I /dev/X” to check that your drive is unfrozen now.
By enabling encryption, do not forget to shut down your PC, and then the attackers will not have a chance — of course, if you have a good password. By the way, an insider from security experts: the most reliable place to store passwords is in your head. Therefore, it is better not to store some of the most important passwords (for example, from the bank’s personal account or password manager) anywhere, but try to remember them.
After you find for yourself SED encryption ability, you have to see how few modern motherboards support it without problems. After all, many board manufacturers intentionally block this feature. In such cases, you can use SED only after adjusting the BIOS settings.
Don’t miss the important cybersecurity news!