Educause Security Discussion mailing list archives
Re: Laptop Encryption
From: James Farr '05' <jfarr () UTICA EDU>
Date: Wed, 18 Feb 2009 09:00:04 -0500
We are looking at a product my by Credent Technology. We want to go with a commercial product so we have the ability to do key recovery. This product claims to be seamless for the user. We shall see. James Farr Utica College jfarr () utica edu 315-223-2386 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Wes Young Sent: Wednesday, February 18, 2009 6:20 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Laptop Encryption We're in the process of investigating right now. We've been looking at the native solutions (file-vault, bitlocker, efs). Right now it seems like Commercial PGP seems to be the front runner. We're looking at the differences between that and truecrypt, which is a great solution, but the PGP commercial package looks better for enterprise key recovery, management, etc... Downloading the PGP demo is simple and easy to install (compared to other commercial products we were looking at). On Feb 17, 2009, at 11:16 PM, Valdis Kletnieks wrote:
On Tue, 17 Feb 2009 19:06:05 CST, Timothy Payne said:Can anyone share with the list their experiences with enterprise level encryption products? I'm most interested in products that use some sort of 2-factor authentication...ie, a USB key required to boot and a password, or password/checksum combo. How do you deal with the inevitable user who loses their token or forgets their password?Also consider the case of a stolen laptop - what are the chances the USB key is in the laptop bag? At that point, it's not 2-factor any more. And then you need to ask yourself - 'What threat model does that second factor actually protect me against?'. Remember that *most* 2-factor auth is intended to protect you against "keystroke logger sniffs password, attacker comes in over Internet from 9 time zones away" (because then they have "something they know", but can't supply "something they have" or "something they are" *because* they're 9 time zones away...).
-- Wes http://claimid.com/wesyoung
Current thread:
- Laptop Encryption Timothy Payne (Feb 17)
- <Possible follow-ups>
- Re: Laptop Encryption Gary Dobbins (Feb 17)
- Re: Laptop Encryption Valdis Kletnieks (Feb 17)
- Re: Laptop Encryption Wes Young (Feb 18)
- Re: Laptop Encryption James Farr '05' (Feb 18)
- Re: Laptop Encryption Gary Flynn (Feb 18)
- Re: Laptop Encryption Zach Jansen (Feb 18)
- Re: Laptop Encryption Gregg, Christopher S. (Feb 18)
- Re: Laptop Encryption Warner, David F (Feb 18)
- Re: Laptop Encryption Basgen, Brian (Feb 18)