Educause Security Discussion mailing list archives
Re: Whole Disk Encryption Tools
From: "Logan, Kimberly (loganks)" <LOGANKS () UCMAIL UC EDU>
Date: Thu, 9 Nov 2006 11:23:28 -0500
Hi Steve, Thanks for offering to share your requirement analysis spreadsheet. I'd really appreciate it! Kim Kim Logan Information Security Officer University of Cincinnati (513)556-9070 kim.logan () uc edu -----Original Message----- From: Steve Brukbacher [mailto:sab2 () UWM EDU] Sent: Thursday, November 09, 2006 10:20 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Whole Disk Encryption Tools We are currently going through an evaluation process for whole disk encryption. The current candidates are Guardian Edge, Pointsec and Voltage, who OEM's (repackages) the Safeboot product. All three of them do about the same thing. The features are very similar. Our technical team is reviewing them next. They all allow for administrative recovery of data for a variety of scenarios. They also create their own MBR independent of the Windows boot partition. There was some chatter about waiting for Vista Bitlocker, but I think it's better defense in depth to use a non-Windows product for this. Plus this way we can use data from the management console to certify that the drive was encrypted in case of theft which helps if your state has a disclosure law like ours does. One downside to Pointsec is that the key exchange between the server and the clients happens over windows ports. Since we block these at the edge, this will probably be a no go. So it's pretty much between guardian Edge and Voltage (Safeboot). I'm happy to share the requirement analysis spreadsheet we developed for the first round of information gathering. Now it's up to the tech staff to pick one. We're also evaluating asset recovery products. That's between the Absolute software product and CyberAngel. Cyber Angel's pricing is better, plus they will allow us to resell this at a steep discount for personal devices. The Absolute product is already built in to most modern Dell Bios' so we would simply need to purchase a license and we're off and running, but again, the pricing isn't as attractive here. -- Steve Brukbacher, CISSP University of Wisconsin Milwaukee Information Security Coordinator UWM Computer Security Web Site www.security.uwm.edu Phone: 414.229.2224 Penn, Blake wrote:
Computrace from Absolute Software (www.absolute.com) is an asset
recovery
product that is compatible with Utimaco's whole disk encryption if you
are
looking to do both. It has a persistent BIOS-based agent to survive
hard
disk formatting and the like - pretty cool stuff. ____________________________________________ Blake Penn, CISSP Information Security Officer University of Wisconsin-Whitewater (p) 262-472-7792 (f) 262-472-1285 pennb () uww edu | http://www.uww.edu/security/ -----Original Message----- From: Krizi Trivisani [mailto:krizi () GWU EDU] Sent: Wednesday, November 08, 2006 3:14 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Whole Disk Encryption Tools Hi Kim, At GW we are using Safeguard Easy (Utimaco product) for full-disk encryption. We just finished a successful pilot and have been
approved to
move forward with our phased enterprise roll-out. Our first phase is full-disk encryption of laptops for high risk users (target by end of
Feb;
approx. 700 laptops). We will also be encrypting desktops in Phases 2
and
3. Fortunately we have a mandate from our board of directors, so our enforcement teeth are there. Communications, training, awareness, and standards are critical success factors for us. We are not using an
asset
recovery product at this time. If you would like to talk off-line, please feel free to call me. Cheers, Krizi ********************************* Krizi Trivisani, CISSP Director of Systems Security Operations Chief Security Officer The George Washington University 202/994-7803 krizi () gwu edu ----- Original Message ----- From: "Logan, Kimberly (loganks)" <LOGANKS () UCMAIL UC EDU> Date: Wednesday, November 8, 2006 3:58 pm Subject: [SECURITY] Whole Disk Encryption Tools To: SECURITY () LISTSERV EDUCAUSE EDUHi Everyone, University of Cincinnati is now looking at whole disk encryption
tools.
We are looking for a tool that will allow us to manage the keys. I'd
like to know what those of you looking at or using whole disk encryption are using and why. Also, does anyone know if there is one
product that provides both whole disk encryption and asset recovery? Thanks, Kim Kim Logan Information Security Officer University of Cincinnati (513)556-9070 kim.logan () uc edu
Current thread:
- Whole Disk Encryption Tools Logan, Kimberly (loganks) (Nov 08)
- <Possible follow-ups>
- Re: Whole Disk Encryption Tools Krizi Trivisani (Nov 08)
- Re: Whole Disk Encryption Tools Bob Kehr (Nov 08)
- Re: Whole Disk Encryption Tools Gary Dobbins (Nov 08)
- Re: Whole Disk Encryption Tools Penn, Blake (Nov 09)
- Re: Whole Disk Encryption Tools Steve Brukbacher (Nov 09)
- Re: Whole Disk Encryption Tools Logan, Kimberly (loganks) (Nov 09)
- Re: Whole Disk Encryption Tools jack suess (Nov 09)
- Re: Whole Disk Encryption Tools Chris Green (Nov 09)
- Re: Whole Disk Encryption Tools Krizi Trivisani (Nov 09)
- Re: Whole Disk Encryption Tools Brad Judy (Nov 09)
- Re: Whole Disk Encryption Tools Jack Suess (Nov 09)
- Re: Whole Disk Encryption Tools Bob Ono (Nov 10)
- Re: Whole Disk Encryption Tools Clifford Collins (Nov 10)
- Re: Whole Disk Encryption Tools George Farah (Nov 10)
- Re: Whole Disk Encryption Tools Curt Wilson (Nov 13)