Educause Security Discussion mailing list archives
Re: Group encryption solutions
From: Curt Wilson <curtw () SIU EDU>
Date: Fri, 14 Mar 2008 13:53:07 -0500
Thanks Derek. Are you handling scenarios where a workgroup all needs to get to selected resources on a share? Using whole-disk in this case doesn't really buy you much in case the server gets compromised, for instance. I see the value of full disk in the case of theft, but when you have 50 some ppl that need to get to access the data at varying times throughout the day, how is this best accomplished? Ideally there is some solution that will protect the data while it's on the server, and while it's on the workstation as well, based on Active Directory or LDAP group attributes. We could create encrypted zip files now, with Secure Zip, but from what I understand that approach doesn't really scale that well and you have a static key that you have to pass around. When one person leaves the group, you've got to redo everything to keep the knowledge of the key/passphrase from leaking. Does your PGP solution align with AD/LDAP groups? Thanks CurtW Tonkin, Derek K. wrote:
We use PGP's Universal Server product with a central server (running on a VM). We don't typically use it for individual file/folder encryption although it can do that through the creation of encrypted zip files. We use it for whole-disk encryption because that way we don't have to worry about the user remembering/caring enough to take the time to encrypt sensitive files. There is a slight performance hit which is more noticeable on older machines but most users do not even notice it. Universal Server also includes the option to encrypt and sign e-mails and encrypt network shares and we are beginning to experiment with these aspects of it as well. If you have any questions about the implementation feel free to ask. Derek -------------Baylor University------------- Derek Tonkin Information Security Analyst Information Technology Services - Security derek_tonkin () baylor edu 254-710-7061 ---------------Sic 'em Bears--------------- -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Curt Wilson Sent: Friday, March 14, 2008 12:49 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Group encryption solutions Individual file/folder encryption for a windows user is pretty simple - TrueCrypt, SecureZIP are two viable options depending upon requirements. What are other .edus using for group encryption? I've gotten the impression that the more user-friendly the system is, the more back-end work required. A nice balance is sought so that users don't find it too much of a pain that they won't use it, and also so that our limited admin resources aren't overtaxed. I've heard of people using PGP for this, and I'm aware of an Entrust offering that I've yet to evaluate. The Entrust offering requires setting up several servers, and I believe it's relatively new so I'm a bit hesitant to recommend it. PGP seems tried and true, but I've only used it for personal encryption or to encrypt documents for a small group of recipients. Comments appreciated on or off list. If I get a lot of responses I may summarize them for the group. Thanks Curt Wilson SIUC
Current thread:
- Group encryption solutions Curt Wilson (Mar 14)
- <Possible follow-ups>
- Re: Group encryption solutions Tonkin, Derek K. (Mar 14)
- Re: Group encryption solutions Curt Wilson (Mar 14)
- Re: Group encryption solutions Tonkin, Derek K. (Mar 14)
- Re: Group encryption solutions Brad Judy (Mar 14)