Re: Laptop Encryption

[Wes Young <wcyoung () BUFFALO EDU>]

We're in the process of investigating right now. We've been looking at
the native solutions (file-vault, bitlocker, efs).

Right now it seems like Commercial PGP seems to be the front runner.
We're looking at the differences between that and truecrypt, which is
a great solution, but the PGP commercial package looks better for
enterprise key recovery, management, etc...

Downloading the PGP demo is simple and easy to install (compared to
other commercial products we were looking at).

On Feb 17, 2009, at 11:16 PM, Valdis Kletnieks wrote:

> On Tue, 17 Feb 2009 19:06:05 CST, Timothy Payne said:
> > Can anyone share with the list their experiences with enterprise
> > level
> > encryption products?  I'm most interested in products that use some
> > sort of 2-factor authentication...ie, a USB key required to boot
> > and a
> > password, or password/checksum combo.
> >
> > How do you deal with the inevitable user who loses their token or
> > forgets their password?
>
> Also consider the case of a stolen laptop - what are the chances the
> USB
> key is in the laptop bag?  At that point, it's not 2-factor any more.
>
> And then you need to ask yourself - 'What threat model does that
> second factor
> actually protect me against?'.  Remember that *most* 2-factor auth
> is intended
> to protect you against "keystroke logger sniffs password, attacker
> comes in
> over Internet from 9 time zones away" (because then they have
> "something they
> know", but can't supply "something they have" or "something they
> are" *because*
> they're 9 time zones away...).

--
Wes
http://claimid.com/wesyoung

Attachment: smime.p7s
Description: