Educause Security Discussion mailing list archives
Re: Laptop encryption
From: Jim Dillon <Jim.Dillon () CUSYS EDU>
Date: Fri, 5 Oct 2007 10:34:35 -0600
Answers inline... Jim ***************************************** Jim Dillon, CISA, CISSP IT Audit Manager, CU Internal Audit jim.dillon () cusys edu 303-492-9734 ***************************************** -----Original Message----- From: Dennis Tracz [mailto:dntracz () UCALGARY CA] Sent: Thursday, October 04, 2007 2:53 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Laptop encryption Hello all, I am new to this list so please forgive me if this topic has already been covered. I am interested in knowing, what is the common practice for Laptop encryption, specifically: 1. What is your current practice: a. Do you use encryption on laptops (for laptops you administer) <JD - 3 campuses are using Utimaco's Safeguard Easy under a state contract. It is essentially being required for notebooks at all three, and is required definitely if you deal in sensitive information. Our fourth campus is looking into PGP based solutions because so much of their user base is Mac based and Utimaco does not have a Mac solution. - JD> b. Do you encrypt the entire hard drive or selected folders i.e.( My Documents) <JD - The whole burrito - partials don't work in my opinion, too many caches and other leak points. I too like the Seagate encrypted hard drives as a better option, but that is too expensive and not scalable yet... - JD> c. Do you use a commercial product or EFS <JD - Utimaco Safeguard Easy - JD> e. If encryption is used is it automatically configured (for laptops you administer) or do users have a choice <JD - At present I can only speak to System Administration - Administration has packaged an installer that is hands off and robust, works in the background. They also backup the system kernel for recovery purposes and use a global key, not the best practice but supportive of "dumb" end users. End users authenticate using their normal logon procedure and don't know anything has happened to their box essentially - nice for support purposes, weaker on the security side, but it sufficiently lowers the greatest risks. Only about 3 people have access to the shared key, or so I'm told. I've been told the overhead is about 5 to 7 percent of system resources based on observation. - JD> <JD - Solutions for PDAs and Memory sticks/etc. are coming from the same provider under the same state license. Cost per box under this license is quite reasonable. Available to all state agencies. - JD> 2. What is your desired practice if you do not use encryption on laptops a. Is this something you are wanting, attempting or not wishing to do? b. Would you encrypt the entire hard drive or selected folders i.e.( My Documents) c. Would you use a commercial product or EFS? d. Would you automatically encrypt (for laptops you administer) or would you let your users have a choice? Any insight is greatly appreciated. Thanks in advance -- Dennis N. Tracz CISSP-ISSMP, CISM Information Security Officer University of Calgary (403) 220-4010
Current thread:
- Laptop encryption Dennis Tracz (Oct 04)
- <Possible follow-ups>
- Re: Laptop encryption Greg Vickers (Oct 04)
- Re: Laptop encryption Gary Flynn (Oct 05)
- Re: Laptop encryption Harold Winshel (Oct 05)
- Re: Laptop encryption Matthew Gracie (Oct 05)
- Re: Laptop encryption O'Callaghan, Daniel (Oct 05)
- Re: Laptop encryption David Taylor (Oct 05)
- Re: Laptop encryption David Seidl (Oct 05)
- Re: Laptop encryption Gary Flynn (Oct 05)
- Re: Laptop encryption Jim Dillon (Oct 05)
- Re: Laptop encryption David Taylor (Oct 05)
- Re: Laptop encryption Sarah Stevens (Oct 05)
- Re: Laptop encryption Paul Keser (Oct 05)
- Re: Laptop encryption Curt Wilson (Oct 05)
- Re: Laptop encryption Dennis Tracz (Oct 05)
- Re: Laptop encryption Dennis Tracz (Oct 05)
- Re: Laptop encryption Jeff Holden (Oct 05)
- Re: Laptop encryption Bob Ono (Oct 05)
- Re: Laptop encryption Harold Winshel (Oct 05)
- Re: Laptop encryption Paul Keser (Oct 05)
(Thread continues...)