Educause Security Discussion mailing list archives
Re: Laptop encryption
From: Dennis Tracz <dntracz () UCALGARY CA>
Date: Fri, 5 Oct 2007 15:28:44 -0600
Hi Gary, Thanks for the input I will post my findings in about 2 weeks.. :-) Gary Flynn wrote:
Dennis Tracz wrote:Hello all, I am new to this list so please forgive me if this topic has already been covered. I am interested in knowing, what is the common practice for Laptop encryption, specifically: 1. What is your current practice: a. Do you use encryption on laptops (for laptops you administer) b. Do you encrypt the entire hard drive or selected folders i.e.( My Documents) c. Do you use a commercial product or EFS e. If encryption is used is it automatically configured (for laptops you administer) or do users have a choiceWe recommend EFS and Bitlocker for Windows computers though we have no good way to administer it other than our staff manually performing all EFS activations and backing up keys manually when encryption is requested. This was intended as a stopgap solution until a management infrastructure could be put in place. Other than a couple colleges and the library, our campus computers are not joined to an Active Directory environment though we're in the initial stages of rolling one out. We'll add a Microsoft CA when it is deployed. Vista computers are joined to the nascent domain as they are rolled out to take advantage of the automatic Bitlocker key backup feature of AD. We use Microsoft's recommendations when choosing which directories to encrypt with EFS. Also as stopgap solutions, we're recommending File Vault for Macintosh computers and Truecrypt for linux computers but again we presently have no infrastructure to support or administer them.2. What is your desired practice if you do not use encryption on laptops a. Is this something you are wanting, attempting or not wishing to do? b. Would you encrypt the entire hard drive or selected folders i.e.( My Documents) c. Would you use a commercial product or EFS? d. Would you automatically encrypt (for laptops you administer) or would you let your users have a choice?We're interested in the new encrypted hard drives from Seagate and others as a cross-platform, low overhead laptop solution and are investigating them actively. We're hoping we can retrofit the drives in older laptops but even if we can't, it would seem to provide an effective solution going forward.
-- Dennis N. Tracz CISSP-ISSMP, CISM Information Security Officer University of Calgary (403) 220-4010
Attachment:
dntracz.vcf
Description:
Current thread:
- Re: Laptop encryption, (continued)
- Re: Laptop encryption Matthew Gracie (Oct 05)
- Re: Laptop encryption O'Callaghan, Daniel (Oct 05)
- Re: Laptop encryption David Taylor (Oct 05)
- Re: Laptop encryption David Seidl (Oct 05)
- Re: Laptop encryption Gary Flynn (Oct 05)
- Re: Laptop encryption Jim Dillon (Oct 05)
- Re: Laptop encryption David Taylor (Oct 05)
- Re: Laptop encryption Sarah Stevens (Oct 05)
- Re: Laptop encryption Paul Keser (Oct 05)
- Re: Laptop encryption Curt Wilson (Oct 05)
- Re: Laptop encryption Dennis Tracz (Oct 05)
- Re: Laptop encryption Dennis Tracz (Oct 05)
- Re: Laptop encryption Jeff Holden (Oct 05)
- Re: Laptop encryption Bob Ono (Oct 05)
- Re: Laptop encryption Harold Winshel (Oct 05)
- Re: Laptop encryption Paul Keser (Oct 05)
- Re: Laptop encryption Sarah Stevens (Oct 05)
- Re: Laptop encryption Eric Case (Oct 05)
- Re: Laptop encryption Harold Winshel (Oct 07)
- Re: Laptop encryption David Kovarik (Oct 08)
- Re: Laptop encryption Ewing, Ashley (Oct 08)
(Thread continues...)