Re: Looking for a laptop encryption policy for institutionally-owned laptops

["HALL, NATHANIEL D." <halln () OTC EDU>]

I just finished doing some basic research on Vista's BitLocker Drive
Encryption using Active Directory.  It seems to be pretty good, but I
did not get down to the nitty gritty to see what I could read on the
drive.

By default, it uses AES 128 with a diffuser for encryption, the TPM in
most new computers or a USB key, and can be easily scripted.  I find it
is much better than EFS because it encrypts the entire partition,
including the page file, and not just a directory that can easily be
circumvented.

If you would like a link to my presentation, please let me know and I
will send you the link after I make it publicly available.

--
Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA
Network Security System Administrator
OTC Computer Networking

Office: (417) 447-7535

-----Original Message-----
From: Ardoth Hassler [mailto:hasslera () GEORGETOWN EDU] 
Sent: Thursday, March 22, 2007 10:08 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Looking for a laptop encryption policy for
institutionally-owned laptops

Hi.... I'm in search of a sample policy that addresses encryption of
institutionally-owned laptops. Thanks in advance for sharing.

Ardoth

(Also posted this to the ICPL list so I apologize for the cross post.)

-- 
Ardoth A. Hassler
Associate Vice President
University Information Services
Georgetown University
Washington, DC
202-687-1973
hasslera () georgetown edu