Educause Security Discussion mailing list archives

Re: Laptop encryption

From: Gary Flynn <flynngn () JMU EDU>
Date: Fri, 5 Oct 2007 08:44:14 -0400

Dennis Tracz wrote:

Hello all,

I am new to this list so please forgive me if this topic has already
been covered.
I am interested in knowing, what is the common practice for Laptop
encryption, specifically:

1.  What is your current practice:
   a.  Do you use encryption on laptops (for laptops you administer)
   b.  Do you encrypt the entire hard drive or selected folders i.e.( My
Documents)
   c.  Do you use a commercial product or EFS
   e.  If encryption is used is it automatically configured (for laptops
you administer) or do users have a choice


We recommend EFS and Bitlocker for Windows computers though we have no
good way to administer it other than our staff manually performing all
EFS activations and backing up keys manually when encryption is
requested. This was intended as a stopgap solution until a management
infrastructure could be put in place. Other than a couple colleges and
the library, our campus computers are not joined to an Active Directory
environment though we're in the initial stages of rolling one out. We'll
add a Microsoft CA when it is deployed. Vista computers are joined to
the nascent domain as they are rolled out to take advantage of the
automatic Bitlocker key backup feature of AD.

We use Microsoft's recommendations when choosing which directories
to encrypt with EFS.

Also as stopgap solutions, we're recommending File Vault for Macintosh
computers and Truecrypt for linux computers but again we presently have
no infrastructure to support or administer them.

  2.  What is your desired practice if you do not use encryption on laptops

a.  Is this something you are wanting, attempting or not wishing to do?
b.  Would you encrypt the entire hard drive or selected folders i.e.( My
Documents)
c.  Would you use a commercial product or EFS?
d.  Would you automatically encrypt (for laptops you administer) or
would you let your users have a choice?


We're interested in the new encrypted hard drives from Seagate and
others as a cross-platform, low overhead laptop solution and are
investigating them actively. We're hoping we can retrofit the drives
in older laptops but even if we can't, it would seem to provide an
effective solution going forward.




--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security

Current thread:

Laptop encryption Dennis Tracz (Oct 04)
- <Possible follow-ups>
- Re: Laptop encryption Greg Vickers (Oct 04)
- Re: Laptop encryption Gary Flynn (Oct 05)
- Re: Laptop encryption Harold Winshel (Oct 05)
- Re: Laptop encryption Matthew Gracie (Oct 05)
- Re: Laptop encryption O'Callaghan, Daniel (Oct 05)
- Re: Laptop encryption David Taylor (Oct 05)
- Re: Laptop encryption David Seidl (Oct 05)
- Re: Laptop encryption Gary Flynn (Oct 05)
- Re: Laptop encryption Jim Dillon (Oct 05)
- Re: Laptop encryption David Taylor (Oct 05)
- Re: Laptop encryption Sarah Stevens (Oct 05)
- Re: Laptop encryption Paul Keser (Oct 05)

(Thread continues...)