Re: Whole Disk Encryption

[Dexter Caldwell <Dexter.Caldwell () FURMAN EDU>]

VERY GOOD QUESTION!  I'm interested in any responses to this one.  Sorry I
don't have any helpful information myself, but sounds like at this point,
we're having similar questions.

D/C
The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU> writes:
> We currently have PGP (now Symantec) deployed for Windows and Macs, but
> are desperately looking to move away from PGP in favor of the native
> solutions (Bitlocker and Filevault). We have been running up against user
> backlash from the long delays for major OS patching (mostly on the Mac
> side), which has lead to some users outright removing their encryption.
>
>  
>
>  
>
> The largest obstacle that our IT folks are worried about if we move to
> the native encryption is recreating the password recovery mechanisms that
> are built-in to most of the commercial products.
>
> Has anyone implemented a key escrow/password recovery solution for
> either/both of the native encryption solutions? If so, was it a homegrown
> solution?
>
>  
>
>  
>
> Thank you,
>
> Brad Jonko
>
> Information Security Office
>
> Stanford University
>
> [ fcp://@furman.edu,%238400599/Mailbox/jonko () stanford edu
> ]jonko () stanford edu
>
> 650.724.2822
>
>  
>
>  
>
>  
>
>
>
>
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of SCHALIP, MICHAEL
> Sent: Friday, January 06, 2012 9:36 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Whole Disk Encryption
>
>
>
>
>  
>
> The biggest drawback for us was no password recovery – lose the
> password, lose the data….
>
>  
>
> From: The EDUCAUSE Security Constituent Group Listserv [[
> mailto:SECURITY () LISTSERV EDUCAUSE EDU
> ]mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Drew Perry
> Sent: Friday, January 06, 2012 10:08 AM
> To: [ mailto:SECURITY () LISTSERV EDUCAUSE EDU
> ]SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Whole Disk Encryption
>
>  
>
> @Aaron,
>
>
>
>
>  
>
>
>
>
> TrueCrypt is a great product for individual use. But in a larger
> environment, it lacks significant enterprise deployment tools. IT staff
> can back up the Volume Header of encrypted disks for central management,
> but it requires direct contact with each system. There is no support for
> remote management, monitoring, or maintenance. Definitely use it at home
> and in smaller environments. (For small organizations it's hard to beat
> the price.) But I wouldn't recommend it for any type of enterprise
> rollout.
>
>
>
>
>
> Drew Perry
> Security Analyst
> Murray State University
> (270) 809-4414
> [ mailto:aperry () murraystate edu ]aperry () murraystate edu
>
>
>
>
>  
>
>
>
>
> P  Save a tree. Please consider the environment before printing this
> message.
>
>
>
>
>  
>
>
>
>
> On Fri, Jan 6, 2012 at 10:16 AM, Aaron S. Thompson <[
> mailto:athompson () berklee edu ]athompson () berklee edu> wrote:
>
>
>
>
> Hi All,
>
>
>
>
>  
>
>
>
>
> Has anyone deployed or has experience with [ http://www.truecrypt.org/
> ]TrueCrypt?  If so are you happy with it?  Any things you would have
> changed or pitfalls?
>
>
>
>
>  
>
>
>
>
> Best,
>
>
>
>
>  
>
>
>
>
> Aaron
>
>
>
>
> -
> Aaron Thompson
>
>
>
>
> Network Architect for IT Operations
>
>
>
>
>  
>
>
>
>
> Berklee College of Music         
>
>
>
>
> 1140 Boylston Street, MS-186-NETT
> Boston, MA 02215-3693
>
>
>
>
>
> [ http://www.berklee.edu ]www.berklee.edu
>
>
>
>
> [ tel:617.747.8656 ]617.747.8656
>
>
>
>
>  
>
>
>
>
>  
>
>
>
>
>
> -- 
> This message has been scanned for viruses and 
> dangerous content by [ http://www.mailscanner.info/ ]MailScanner, and is 
> believed to be clean. 
>
>
> -- 
> This message has been scanned for viruses and 
> dangerous content by [ http://www.mailscanner.info/ ]MailScanner, and is 
> believed to be clean.