Re: Full Disk Encryption

["Howell, Paul" <grue () UMICH EDU>]

I thought FileVault only encrypted the home directory and was not
full-disk.

So are you doing full-disk for Win but not Mac?  

< paul
 

> -----Original Message-----
> From: Gary Dobbins [mailto:dobbins () ND EDU] 
> Sent: Thursday, December 13, 2007 12:45 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Full Disk Encryption
>
> We selected Utimaco SafeGuard Easy for full-disk crypto under 
> XP, and have a FileVault scheme defined for Macs.  This is 
> required for systems that will be handling highly sensitive data.
>
>  
>
> We chose full-disk (vs folder) to avoid there ever being a 
> question about whether a file was in the protected folder or 
> not (or in swap space, temp space, etc).  Plus, ease of use 
> is paramount to us - this approach required no change of 
> habit by the user.
>
>  
>
> Don't forget, you'll need a key escrow process, in case you 
> need to regain authorized access to the disk, with or without 
> the assistance of the usual user.  Products like Utimaco's 
> can help make that part of the process easier with tools.  
> Don't underestimate the power of this functional need to 
> drive you to one product or another.  They all handle the 
> actual crypto just fine, but not all escrow mechanisms are comparable.
>
>  
>
>  
>
>  
>
> From: Mclaughlin, Kevin (mclaugkl) [mailto:mclaugkl () UCMAIL UC EDU]
> Sent: Thursday, December 13, 2007 11:23 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Full Disk Encryption
>
>  
>
> I know this topic has come up in the past and I don't want to 
> repeat items so I do apologize in advance if this particular 
> set of questions has already been ran through the wringer.
>
>  
>
> I need to collect data points on:
>
> *         how many schools are using  a full disk encryption 
> option for faculty and staff PCs that store regulated data 
> (FERPA, HIPAA, GLB, PCI, etc.)
>
> *         how many schools are using a full disk encryption 
> option for faculty and staff external devices (thumb drives, 
> USB, etc.) that store regulated data (FERPA, HIPAA, GLB, PCI, etc.)
>
> *         have any of you successfully implemented an 
> encrypted folder option that is being consistently followed 
> by your community members? 
>
> *         Have any of you implemented an encrypted folder 
> option that you would call a failure as people aren't using 
> it in a consistent manner?
>
> *         What was the main impetus for your decision to go 
> with full disk encryption as a tool for your community to use?
>
>  
>
> You can respond back via the list or private email and I 
> think you in advance for sharing any data points you feel I 
> would find useful.
>
>  
>
> Happy Holidays.
>
> -Kevin
>
>  
>
>  
>
> Kevin L. McLaughlin
>
> CISM, CISSP, PMP, ITIL Master Certified
>
> Director, Information Security
>
> University of Cincinnati
>
> 513-556-9177 (w)
>
> 513-703-3211 (m)
>
> 513-558-ISEC (department)
>
>  
>
>  
>
>  UC-Logo-800
>
>  
>
>
> CONFIDENTIALITY NOTICE: This e-mail message and its content 
> is confidential, intended solely for the addressee, and may 
> be legally privileged. Access to this message and its content 
> by any individual or entity other than those identified in 
> this message is unauthorized. If you are not the intended 
> recipient, any disclosure, copying or distribution of this 
> e-mail may be unlawful. Any action taken or omitted due to 
> the content of this message is prohibited and may be unlawful.
>
>  
>
>