Educause Security Discussion mailing list archives
Re: Laptop Encryption
From: "Basgen, Brian" <bbasgen () PIMA EDU>
Date: Wed, 18 Feb 2009 08:45:01 -0700
We went with Pointsec for similar reasons: centralized recovery keys, logging, and the ability to manage the laptops centrally. The logging seems especially useful in terms of having an audit trail showing that a given machine was fully encrypted. Our target deployment was 300 laptops, so solutions like TrueCrypt would have been more difficult to manage. ~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Pima Community College
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Zach Jansen Sent: Wednesday, February 18, 2009 7:48 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Laptop Encryption We ended up purchasing Utimaco and are in the process of implementing it now. The reason for going with a commercial product was the support issues of forgotten passwords and the possibility of needing to investigate a machine with encryption on it. With products such as truecrypt, if the password is lost then the machine and anything on it is toast, unless you manually touch every machine. With commercial products you'll have a method for recovering via a central console or administrative user. You'll also have the key stored centrally so if anything happens where the drive isn't bootable you can mount the drive from another machine and access any remaining data. Zach -- Zach Jansen Information Security Officer Calvin College Phone: 616.526.6776 Fax: 616.526.8550On 2/17/2009 at 8:06 PM, in message<317311db0902171706p7947e65fk1ff88d388ffc17ac () mail gmail com>, Timothy Payne <tpayne1 () MACALESTER EDU> wrote:Good Evening... We are starting to investigate enterprise encryption on College laptops, and eventually removeable drives. Can anyone share with the list their experiences with enterpriselevelencryption products? I'm most interested in products that use some sort of 2-factor authentication...ie, a USB key required to boot andapassword, or password/checksum combo. How do you deal with the inevitable user who loses their token or forgets their password? I've looked at Tru-Crypt and it does a really good job for me, but I don't think it will scale well to more than a handful of users. Thanks! Tim Payne, CISSP, CCNA Network Administrator Macalester College
Current thread:
- Laptop Encryption Timothy Payne (Feb 17)
- <Possible follow-ups>
- Re: Laptop Encryption Gary Dobbins (Feb 17)
- Re: Laptop Encryption Valdis Kletnieks (Feb 17)
- Re: Laptop Encryption Wes Young (Feb 18)
- Re: Laptop Encryption James Farr '05' (Feb 18)
- Re: Laptop Encryption Gary Flynn (Feb 18)
- Re: Laptop Encryption Zach Jansen (Feb 18)
- Re: Laptop Encryption Gregg, Christopher S. (Feb 18)
- Re: Laptop Encryption Warner, David F (Feb 18)
- Re: Laptop Encryption Basgen, Brian (Feb 18)