Security Basics mailing list archives

Re: Notebook policy (need advice)

From: "Saqib Ali" <docbook.xml () gmail com>
Date: Tue, 23 Jan 2007 18:27:25 -0800

1)The usual Anti-virus, anti-spyware etc.
2) Definitely use Full Disk Encryption. It covers you in case of
laptop theft or loss. It also satisfy California SB 1386. Thus a low
hanging fruit.
3) Policy based encryption (more details below)

More info on Policy based encryption:
As it turns out employees don't like their external storage device to
be "fully encrypted" or "blocked", and manually creating encrypted
vaults/folders on the device is too cumbersome and error prone. People
forget to save the files in the encrypted folder or create a backup in
the non-encrypted portion etc.

The alternative is to use encryption suites that provide policy based
encryption. Some examples:

Securewave Device Control (http://www.securewave.com/usb_security.jsp)
Credant (http://www.credant.com/content/view/219/152/)
Onigma (http://www.mcafee.com/us/enterprise/products/data_loss_prevention/index.html)
Pointsec (http://www.pointsec.com/products/removablemedia/)
DiskNet Pro (http://www.reflex-magnetics.com/products/disknetpro/)

These products only encrypt information bound for external storage
media from a protected system. Everything else remains decrypted.

Pointsec Media Encryption provides encryption for removable media by
policy such that all data added to the media bound data is encrypted.
A fully automatic encryption would cause issues for devices (e.g.
digital cameras and media players), where the media should be
readable, but if not modified (e.g. written back) then it should stay
clear text. That is why PME "only" encrypts data if it is being copied
from the company computer.

saqib
http://www.full-disk-encryption.net


On 1/23/07, Nicolas Arias <nicolas.arias () globant com> wrote:

Hi guys!, in my company we have a lot of notebooks, but theres no formal
security policy about them.

Can you tell me how do you handle this?

Do you give an local admin for the owner?, do you use full disk
encryption?, what about anti-virus and external scans?

Any idea is going to be really preciated.

Cheers!!



--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net

Current thread:

list of university hacked in 2006 Francois Yang (Jan 22)
- Re: list of university hacked in 2006 Brian . D . Turk (Jan 22)
- Re: list of university hacked in 2006 John Hummel (Jan 22)
  - Notebook policy (need advice) Nicolas Arias (Jan 23)
    - Re: Notebook policy (need advice) Saqib Ali (Jan 24)
    - RE: Notebook policy (need advice) Pranav Lal (Jan 24)
    - Message not available
    - Fwd: Notebook policy (need advice) kevin fielder (Jan 24)
    - RE: Notebook policy (need advice) Pranav Lal (Jan 25)
    - RE: Notebook policy (need advice) Tony UcedaVélez (Jan 25)
    - RE: Notebook policy (need advice) Eric Furman (Jan 26)
    - RE: Notebook policy (need advice) Patton Roub (Jan 26)
    - RE: Notebook policy (need advice) Eric Furman (Jan 26)
    - RE: Notebook policy (need advice) Huang, John, GCM (Jan 26)
    - Re: Notebook policy (need advice) Eric White (Jan 26)
    - Re: Notebook policy (need advice) Eric Furman (Jan 26)

(Thread continues...)