Educause Security Discussion mailing list archives
Re: Mac encryption?
From: "Basgen, Brian" <bbasgen () PIMA EDU>
Date: Fri, 13 Nov 2009 10:01:47 -0700
The Mac version of Checkpoint's product is also feature limited compared to the PC version. That said, it is a capable product with a good feature set (e.g. still allows single sign on, which is a major feature). FWIW, while the Checkpoint product works reasonably well for us, the management interface of the software is rather clumsy. ~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Pima Community College Office: 520-206-4873 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mike Lococo Sent: Friday, November 13, 2009 9:17 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Mac encryption? Harvard Townsend wrote:
We're using PGP Whole Disk Encryption for Macs and Windows and have been very satisfied, except they do not yet support Snow Leopard. The do support Windows 7, though.
We're evaluating PGP as well, and while it works ok I thought it worth mentioning that PGP on the Mac seems like a bit of a second class citizen when compared to PGP on Windows, at least when you're using it in conjuction with a managed PGP server. For example: * If you use Guarded Key Mode, the Mac client cannot automatically download the GKM keys during enrollment of a new machine (the windows client can). Instead you have to manually load the keys from some other source. * Mac clients fail to complete the "Key Reconstruction" process using the 5 recovery questions. They give an error which falsely claims that the questions were answered incorrectly. If you forget your passphrase or your keyfiles become lost/corrupted, you'll have to recover them from a PC and manually transfer them to your mac. * You can't change or update your 5 Key Reconstruction questions on a Mac. If you want to update your security questions, you must do so from a PC. * The Whole Disk Encryption boot prompt for Mac clients does not display the site-specific "additional text" often used to point folks to the helpdesk in the event of problems. * Finally, as others have noted Snow Leopard support has lagged Windows 7 support considerably. Whereas it seems like PGP fairly consistently tries to release PGP compatibility updates in advance of retail availability of Windows OS updates, you're likely to be stuck holding your Mac clients back pending the availability of a compatibility update. I haven't used Checkpoint and can't speak to whether they do any better, but while PGP is certainly fuctional on a Mac, it is fairly rough around the edges. I find this to be in stark contrast to the Windows version which I've found to be quite solid and bug-free. Thanks, Mike Lococo
Current thread:
- Mac encryption? Plesco, Todd (Nov 12)
- <Possible follow-ups>
- Re: Mac encryption? Jones, Dan (Nov 12)
- Re: Mac encryption? Basgen, Brian (Nov 12)
- Re: Mac encryption? David Grisham (Nov 13)
- Re: Mac encryption? Harvard Townsend (Nov 13)
- Re: Mac encryption? Morrow Long (Nov 13)
- Re: Mac encryption? Mike Lococo (Nov 13)
- Re: Mac encryption? Basgen, Brian (Nov 13)
- Re: Mac encryption? Morrow Long (Nov 13)
- Re: Mac encryption? Mike Lococo (Nov 13)