Re: Enterprise whole disk encryption

["Sachnoff, Neil" <NSachnoff () MIDDLESEXCC EDU>]

We have just selected PointSec for encryption of our Mobil notebooks, but have not worked out any of the deployment or 
support details as yet.
 
/Neil Sachnoff

________________________________

From: Robert Riley [mailto:rriley3 () ND EDU]
Sent: Fri 8/4/2006 2:36 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Enterprise whole disk encryption



Are any folks centrally managing disk encryption?

Looks like the big 4 in central management are Utimaco, SafeBoot,
PointSec, and PGP Enterprise.

I'd be interested to here experiences regarding creating customized
deployables, help desk integration, and working models for
rescue/recovery on an enterprise level.

Thanks.

Jimmy L. Fikes wrote:
> This is a fascinating and relevant thread.
>
> I work in a faith-based school. I tell our users to use Bible verses for
> passwords - and then to take the additional step to memorize the verse -
> and not be accused of just using the Bible as a utility. For instance,
> John 3:16 can morph into j0hn3_16 and a variety of other combinations,
> without ever changing the base phrase. Around here, it works like a
> charm.
>
> On the question of disk encryption, I've used PGP and a couple of
> others, and have been disturbed at how much latency they build into
> normal work. Have you experienced latency in processing, or is just my
> imagination?
>
> One last question. What about requiring that all work on mobile machines
> be done in VMware? I do this, and hide all shortcuts to the VMware
> application. The thief would have to spend a lot of time to find the
> executable, and then probably would not know what it means. I use a
> different password for the VMware and machine access - so this adds a
> little defense in depth. Once files are saved in VMware, they are not
> discoverable through a regular desktop search for files. Is this
> security by obscurity, or would using the virtual work environment as
> the production environment on mobile machines add the security needed,
> without having to resort to encryption?
>
>
> Jimmy Fikes
> Chief Information Officer
> Wayland Baptist University
> 1900 W. 7th Street, CMB 229
> Plainview, TX 79072-6900
> (806) 291-3540 (Office) (CST)
> (806) 291-1974 (Fax)


The WatchGuard Firebox which protects your network detected a message which may not be safe.

Cause : The file type may not be safe.
Content type : application/ms-tnef
File name    : winmail.dat
Virus status : No information.
Action       : The Firebox deleted winmail.dat.

Your network administrator can not restore this attachment.