Educause Security Discussion mailing list archives

Re: Whole Disk Encryption Tools

From: Curt Wilson <curtw () SIU EDU>
Date: Mon, 13 Nov 2006 13:38:55 -0600

Steve Brukbacher wrote:
<snip>

One downside to Pointsec is that the key exchange between the server and

the clients happens over windows ports.  Since we block these at the
edge, this will probably be a no go. So it's pretty much between
guardian Edge and Voltage (Safeboot).

<snip>

Steve-

Can you please enumerate the "windows ports" mentioned above? Hopefully
it's not the SMB/CIFS/RPC 135-139,445 set. There was another product a
few years ago, an enterprise AV, that was only able to be managed
through NetBIOS/SMB. We cringed, and didn't buy and they have since
changed their approach. As you likely know, requiring SMB/NetBIOS over a
perimeter firewall and into the enterprise from any untrusted endpoint
is dangerous...the next MS remote 0day to come along will walk right on
in (might be more resistant to attack with Windows 2003 server, with
it's SafeSEH, /GS compiled OS, and DEP, but I still wouldn't trust it).


--
Curt Wilson
IT Network Security Officer
Southern Illinois University Carbondale
618-453-6237

GnuPG key: http://www.infotech.siu.edu/security/curtw.pub.asc

Current thread:

Re: Whole Disk Encryption Tools, (continued)
- Re: Whole Disk Encryption Tools Steve Brukbacher (Nov 09)
- Re: Whole Disk Encryption Tools Logan, Kimberly (loganks) (Nov 09)
- Re: Whole Disk Encryption Tools jack suess (Nov 09)
- Re: Whole Disk Encryption Tools Chris Green (Nov 09)
- Re: Whole Disk Encryption Tools Krizi Trivisani (Nov 09)
- Re: Whole Disk Encryption Tools Brad Judy (Nov 09)
- Re: Whole Disk Encryption Tools Jack Suess (Nov 09)
- Re: Whole Disk Encryption Tools Bob Ono (Nov 10)
- Re: Whole Disk Encryption Tools Clifford Collins (Nov 10)
- Re: Whole Disk Encryption Tools George Farah (Nov 10)
- Re: Whole Disk Encryption Tools Curt Wilson (Nov 13)