Educause Security Discussion mailing list archives
Re: Looking for a laptop encryption policy for institutionally-owned laptops
From: Gary Dobbins <dobbins () ND EDU>
Date: Thu, 22 Mar 2007 11:43:32 -0400
Encrypting them is easy. Regaining authorized access when someone {forgets their key | leaves | becomes disgruntled | etc} is not often so. You'll want to put some thought into key escrow processes, to ensure that the owner (your university) always has a governed means of getting to the encrypted contents, possibly regardless of reason or circumstance. Some commercial products provide mechanisms for managing key escrow, which is where their value-add primarily appears. The free stuff can be equally effective at thwarting a laptop thief - it just doesn't necessarily give you a scalable managed recovery mechanism.
-----Original Message----- From: HALL, NATHANIEL D. [mailto:halln () OTC EDU] Sent: Thursday, March 22, 2007 11:25 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Looking for a laptop encryption policy for institutionally-owned laptops I just finished doing some basic research on Vista's BitLocker Drive Encryption using Active Directory. It seems to be pretty good, but I did not get down to the nitty gritty to see what I could read on the drive. By default, it uses AES 128 with a diffuser for encryption, the TPM in most new computers or a USB key, and can be easily scripted. I find it is much better than EFS because it encrypts the entire partition, including the page file, and not just a directory that can easily be circumvented. If you would like a link to my presentation, please let me know and I will send you the link after I make it publicly available. -- Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA Network Security System Administrator OTC Computer Networking Office: (417) 447-7535 -----Original Message----- From: Ardoth Hassler [mailto:hasslera () GEORGETOWN EDU] Sent: Thursday, March 22, 2007 10:08 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Looking for a laptop encryption policy for institutionally-owned laptops Hi.... I'm in search of a sample policy that addresses encryption of institutionally-owned laptops. Thanks in advance for sharing. Ardoth (Also posted this to the ICPL list so I apologize for the cross post.) -- Ardoth A. Hassler Associate Vice President University Information Services Georgetown University Washington, DC 202-687-1973 hasslera () georgetown edu
Attachment:
smime.p7s
Description:
Current thread:
- Re: Looking for a laptop encryption policy for institutionally-owned laptops HALL, NATHANIEL D. (Mar 22)
- <Possible follow-ups>
- Re: Looking for a laptop encryption policy for institutionally-owned laptops Gary Dobbins (Mar 22)
- Re: Looking for a laptop encryption policy for institutionally-owned laptops Paul Keser (Mar 22)
- Re: Looking for a laptop encryption policy for institutionally-owned laptops Gibson, Nathan J. (HSC) (Mar 22)
- Re: Looking for a laptop encryption policy for institutionally-owned laptops Steve Brukbacher (Mar 22)