Security Basics mailing list archives
Re: Notebook policy (need advice)
From: "Saqib Ali" <docbook.xml () gmail com>
Date: Tue, 23 Jan 2007 18:27:25 -0800
1)The usual Anti-virus, anti-spyware etc. 2) Definitely use Full Disk Encryption. It covers you in case of laptop theft or loss. It also satisfy California SB 1386. Thus a low hanging fruit. 3) Policy based encryption (more details below) More info on Policy based encryption: As it turns out employees don't like their external storage device to be "fully encrypted" or "blocked", and manually creating encrypted vaults/folders on the device is too cumbersome and error prone. People forget to save the files in the encrypted folder or create a backup in the non-encrypted portion etc. The alternative is to use encryption suites that provide policy based encryption. Some examples: Securewave Device Control (http://www.securewave.com/usb_security.jsp) Credant (http://www.credant.com/content/view/219/152/) Onigma (http://www.mcafee.com/us/enterprise/products/data_loss_prevention/index.html) Pointsec (http://www.pointsec.com/products/removablemedia/) DiskNet Pro (http://www.reflex-magnetics.com/products/disknetpro/) These products only encrypt information bound for external storage media from a protected system. Everything else remains decrypted. Pointsec Media Encryption provides encryption for removable media by policy such that all data added to the media bound data is encrypted. A fully automatic encryption would cause issues for devices (e.g. digital cameras and media players), where the media should be readable, but if not modified (e.g. written back) then it should stay clear text. That is why PME "only" encrypts data if it is being copied from the company computer. saqib http://www.full-disk-encryption.net On 1/23/07, Nicolas Arias <nicolas.arias () globant com> wrote:
Hi guys!, in my company we have a lot of notebooks, but theres no formal security policy about them. Can you tell me how do you handle this? Do you give an local admin for the owner?, do you use full disk encryption?, what about anti-virus and external scans? Any idea is going to be really preciated. Cheers!!
-- Saqib Ali, CISSP, ISSAP http://www.full-disk-encryption.net
Current thread:
- list of university hacked in 2006 Francois Yang (Jan 22)
- Re: list of university hacked in 2006 Brian . D . Turk (Jan 22)
- Re: list of university hacked in 2006 John Hummel (Jan 22)
- Notebook policy (need advice) Nicolas Arias (Jan 23)
- Re: Notebook policy (need advice) Saqib Ali (Jan 24)
- RE: Notebook policy (need advice) Pranav Lal (Jan 24)
- Message not available
- Fwd: Notebook policy (need advice) kevin fielder (Jan 24)
- RE: Notebook policy (need advice) Pranav Lal (Jan 25)
- Notebook policy (need advice) Nicolas Arias (Jan 23)
- RE: Notebook policy (need advice) Tony UcedaVĂ©lez (Jan 25)
- RE: Notebook policy (need advice) Eric Furman (Jan 26)
- RE: Notebook policy (need advice) Patton Roub (Jan 26)
- RE: Notebook policy (need advice) Eric Furman (Jan 26)
- RE: Notebook policy (need advice) Huang, John, GCM (Jan 26)
- Re: Notebook policy (need advice) Eric White (Jan 26)
- Re: Notebook policy (need advice) Eric Furman (Jan 26)