Re: Laptop

[Sherry Callahan <scallahan () KUMC EDU>]

Safeboot (now called McAfee Endpoint Encryption) is also working on Mac
encryption, with an availability timeframe of 1Q09.

We've been rolling out Safeboot to staff and faculty laptops that were
reported as being used to store or access sensitive information since
early 2007. Very recently, we announced that we are going to expand the
program to include all University-owned laptops (personal laptops are
prohibited from use with sensitive info by policy.)  The only exception
to the personal device rule is that we will be encrypting the
student-owned tablets that they are required to purchase, as they will
be using those during clinic rotations.  When all is said and done in
September, we'll have 1300+ encrypted laptops.

We also install Computrace on every laptop and have been very
successful in working with them to recover stolen laptops.  As one
previous poster mentioned, we've also worked with Absolute to recover
another University's laptop that showed up on our network.  One thing to
know is that having CompuTrace in the BIOS is what makes it persistent
and able to survive a hard drive reformat, repartition, or drive
replacement.  Only newer laptops and those listed by certain vendors are
able to have it BIOS-resident.  That doesn't mean that you can't install
it - just be aware that if the thief formats the drive and reinstalls
Windows, CompuTrace won't be on there any more.

Also, we ran into a problem with the interaction of Safeboot and
CompuTrace on the same machine, particularly on Vista, because they are
both playing in the master boot record.  The installation order is key -
you need to install CompuTrace first, make sure it goes active in the
BIOS, and then encrypt the laptop.

If anyone is interested, our mobile device security page is at
www2.kumc.edu/security/mobilesecurity and I'd be happy to answer any
questions.


Sherry Callahan
Director, Information Security
The University of Kansas Medical Center
3901 Rainbow Blvd, MS 3024
Kansas City,  Kansas 66160
913-588-0966

> > > "Julian Y. Koh" <kohster () NORTHWESTERN EDU> 6/11/2008 2:20 PM >>>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 14:53 -0400 6/11/2008, Zach Jansen wrote:
> Do you need mac support or do you plan to use filevault? AFAIK only
> Pointsec currently has a Mac client, though Utimaco is planning to
release
> one in the fall.

PGP also is working on a Mac OS X full disk encryption product.  Should
be
available in the July timeframe.

<http://www.macworld.com/article/133830/2008/06/pgp.html>

-----BEGIN PGP SIGNATURE-----
Version: 9.8.3.4028

wj8DBQFIUCWLDlQHnMkeAWMRApB/AKDOKHR0N3dLmaCsWUfaPuKbQURmVACfcOpz
8CFA5NCZ9fouUz5LVAtZP/E=
=wyHo
-----END PGP SIGNATURE-----

--
Julian Y. Koh
<mailto:kohster () northwestern edu>
Network Engineer
<phone:847-467-5780>
Telecommunications and Network Services         Northwestern
University
PGP Public
Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>