Educause Security Discussion mailing list archives
Re: Laptop encryption
From: Gary Flynn <flynngn () JMU EDU>
Date: Fri, 5 Oct 2007 08:44:14 -0400
Dennis Tracz wrote:
Hello all, I am new to this list so please forgive me if this topic has already been covered. I am interested in knowing, what is the common practice for Laptop encryption, specifically: 1. What is your current practice: a. Do you use encryption on laptops (for laptops you administer) b. Do you encrypt the entire hard drive or selected folders i.e.( My Documents) c. Do you use a commercial product or EFS e. If encryption is used is it automatically configured (for laptops you administer) or do users have a choice
We recommend EFS and Bitlocker for Windows computers though we have no good way to administer it other than our staff manually performing all EFS activations and backing up keys manually when encryption is requested. This was intended as a stopgap solution until a management infrastructure could be put in place. Other than a couple colleges and the library, our campus computers are not joined to an Active Directory environment though we're in the initial stages of rolling one out. We'll add a Microsoft CA when it is deployed. Vista computers are joined to the nascent domain as they are rolled out to take advantage of the automatic Bitlocker key backup feature of AD. We use Microsoft's recommendations when choosing which directories to encrypt with EFS. Also as stopgap solutions, we're recommending File Vault for Macintosh computers and Truecrypt for linux computers but again we presently have no infrastructure to support or administer them.
2. What is your desired practice if you do not use encryption on laptops a. Is this something you are wanting, attempting or not wishing to do? b. Would you encrypt the entire hard drive or selected folders i.e.( My Documents) c. Would you use a commercial product or EFS? d. Would you automatically encrypt (for laptops you administer) or would you let your users have a choice?
We're interested in the new encrypted hard drives from Seagate and others as a cross-platform, low overhead laptop solution and are investigating them actively. We're hoping we can retrofit the drives in older laptops but even if we can't, it would seem to provide an effective solution going forward. -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Current thread:
- Laptop encryption Dennis Tracz (Oct 04)
- <Possible follow-ups>
- Re: Laptop encryption Greg Vickers (Oct 04)
- Re: Laptop encryption Gary Flynn (Oct 05)
- Re: Laptop encryption Harold Winshel (Oct 05)
- Re: Laptop encryption Matthew Gracie (Oct 05)
- Re: Laptop encryption O'Callaghan, Daniel (Oct 05)
- Re: Laptop encryption David Taylor (Oct 05)
- Re: Laptop encryption David Seidl (Oct 05)
- Re: Laptop encryption Gary Flynn (Oct 05)
- Re: Laptop encryption Jim Dillon (Oct 05)
- Re: Laptop encryption David Taylor (Oct 05)
- Re: Laptop encryption Sarah Stevens (Oct 05)
- Re: Laptop encryption Paul Keser (Oct 05)
(Thread continues...)