Security Basics mailing list archives

Re: Security procedure question

From: "Nick Besant" <lists () hwf cc>
Date: Thu, 21 Sep 2006 11:11:48 +0100 (BST)


On Wed, September 20, 2006 2:59 pm, Brown, Sam wrote:

We're going to be deploying whole disk encryption to our laptops so I am
interested in hearing how others have distributed the software
encryption ID's and passwords to users.  I'm concerned about a user
leaving the id and password on paper in or near the laptop.

Sam Brown


Depending on which app you're using for the disk encryption, you could
make the username and password match their domain (or local) login.  Some
provide autologon as well following successful credential entry during the
boot process.  This way, they've only got to remember one password.

Alternatively, you could consider using a shared, regularly changing
username/password pair.  This of course depends on the level of security
you're after, but even with credentials that are common to the entire
company, you're still protected against the consequences of the vast
majority of laptop thefts.  Unless it's a targeted attack against your
company or an employee, the thief would have to know that the credentials
are shared and would have to retrieve them from someone else.  Passwords
could be changed every month, every theft incident, both, etc.

Neither of these are the most secure way of managing this, but they do
provide a reasonable balance (especially if your users tend to write
things down).



-- 
Nick Besant (lists () hwf cc)


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Security procedure question Brown, Sam (Sep 20)
- Re: Security procedure question Mario A. Spinthiras (Sep 21)
  - RE: Security procedure question Henry Troup (Sep 21)
    - Re: Security procedure question Saqib Ali (Sep 22)
    - Re: Security procedure question Mario A. Spinthiras (Sep 25)
    - Re: Security procedure question Saqib Ali (Sep 25)
- Re: Security procedure question Nick Besant (Sep 21)
- Re: Security procedure question Saqib Ali (Sep 21)
  - Re: Security procedure question MandommGmail (Sep 25)
    - Re: Security procedure question Mario A. Spinthiras (Sep 25)
    - RE: Security procedure question Ken Kousky (Sep 26)
    - Re: Security procedure question Daniel DeLeo (Sep 27)
    - Re: Security procedure question Saqib Ali (Sep 27)
    - Re: Security procedure question Mario A. Spinthiras (Sep 27)
    - RE: Security procedure question Sadler, Connie (Sep 26)
- <Possible follow-ups>
- Re: Security procedure question Mario A. Spinthiras (Sep 26)
- RE: Security procedure question Krpata, Tyler (Sep 26)

(Thread continues...)