Educause Security Discussion mailing list archives

Re: Laptop Encryption

From: "Gregg, Christopher S." <csgregg () STTHOMAS EDU>
Date: Wed, 18 Feb 2009 09:15:57 -0600

We purchased PointSec and are in the process of deploying it now. Big picture we see this as an interim solution until 
hardware encryption becomes more standard and affordable.  We'll then probably weave that in as our laptops come off 
their 3-year lease cycle.


Chris Gregg
Director of Information Technology
Information Resources and Technologies
University of St. Thomas
2115 Summit Avenue
St. Paul, Minnesota 55105
csgregg () stthomas edu



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Wes Young
Sent: Wednesday, February 18, 2009 5:20 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Laptop Encryption

We're in the process of investigating right now. We've been looking at the native solutions (file-vault, bitlocker, 
efs).

Right now it seems like Commercial PGP seems to be the front runner.  
We're looking at the differences between that and truecrypt, which is a great solution, but the PGP commercial package 
looks better for enterprise key recovery, management, etc...

Downloading the PGP demo is simple and easy to install (compared to other commercial products we were looking at).

On Feb 17, 2009, at 11:16 PM, Valdis Kletnieks wrote:

On Tue, 17 Feb 2009 19:06:05 CST, Timothy Payne said:

Can anyone share with the list their experiences with enterprise 
level encryption products?  I'm most interested in products that use 
some sort of 2-factor authentication...ie, a USB key required to boot 
and a password, or password/checksum combo.

How do you deal with the inevitable user who loses their token or 
forgets their password?


Also consider the case of a stolen laptop - what are the chances the 
USB key is in the laptop bag?  At that point, it's not 2-factor any 
more.

And then you need to ask yourself - 'What threat model does that 
second factor actually protect me against?'.  Remember that *most* 
2-factor auth is intended to protect you against "keystroke logger 
sniffs password, attacker comes in over Internet from 9 time zones 
away" (because then they have "something they know", but can't supply 
"something they have" or "something they are" *because* they're 9 time 
zones away...).


--
Wes
http://claimid.com/wesyoung

Current thread:

Laptop Encryption Timothy Payne (Feb 17)
- <Possible follow-ups>
- Re: Laptop Encryption Gary Dobbins (Feb 17)
- Re: Laptop Encryption Valdis Kletnieks (Feb 17)
- Re: Laptop Encryption Wes Young (Feb 18)
- Re: Laptop Encryption James Farr '05' (Feb 18)
- Re: Laptop Encryption Gary Flynn (Feb 18)
- Re: Laptop Encryption Zach Jansen (Feb 18)
- Re: Laptop Encryption Gregg, Christopher S. (Feb 18)
- Re: Laptop Encryption Warner, David F (Feb 18)
- Re: Laptop Encryption Basgen, Brian (Feb 18)