Educause Security Discussion mailing list archives
Re: Laptop whole disk encryption
From: "Cappalli, Tim G @ LSC-ITS" <Tim.Cappalli () LSC VSC EDU>
Date: Mon, 19 Mar 2012 13:49:54 -0400
We currently use PGP for both Mac and Windows but are now testing Bitlocker with the Windows machines. Tim Cappalli, ACMP CCNA | (802) 626-6456
tim.cappalli () lyndonstate edu<mailto:tim.cappalli () lyndonstate edu> | it.lyndonstate.edu<http://it.lyndonstate.edu/>
[cid:image001.jpg@01CD05D7.29A4B4E0] PRIVACY & CONFIDENTIALITY NOTICE This message is for the designated recipient only and may contain privileged, confidential, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of an email received in error is prohibited. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of SCHALIP, MICHAEL Sent: Monday, March 19, 2012 1:48 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Laptop whole disk encryption Just an FYI, (I do NOT own Symantec stock!!).....but, SEE now does Macs, too..... M From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU]<mailto:[mailto:SECURITY () LISTSERV EDUCAUSE EDU]> On Behalf Of Shamblin, Quinn Sent: Monday, March 19, 2012 11:45 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Laptop whole disk encryption We went with WinMagic. It supported mac as well as windows, provided transparent encryption for usb sticks and allowed encryption to AD groups so you could encrypt a network drive to a group if you wished. They also offer loads of options of how you want the install package to work and the level of control you want to grant the client. The cost was a fifth of what any of the large players were offering at the time, although I am given to understand that that the big boys may now be realizing there is competition and are lowering their price. So there are a lot of pros on the WinMagic side. However, there are a few cons as well (which, to be fair, may be due to our lack of experience with the product). We have not had a smooth deployment experience up to this point as we have a wildly varying environment, so we have lots of edge cases we have been trying to work through. If the target computer is bound to AD, it is pretty straightforward. If you want to install to an unbound machine, you have to have a special account set up on the server to support that, then have to sync the new installation to the proper login account after the encryption is complete. If you have two AD forests, there can be competition/confusion on the part of the client; so you need to set things up a little different in those cases. We are also still working out how we are going to distribute access and administrative rights to the management consol. Right now we have them entirely centralized. I would like to be able to distribute them per OU, but we are still working out if that is possible and, if so, how. Feel free to give me a call if you'd like to chat. Quinn R Shamblin ------------------------------------------------------------------------------------------------ Executive Director of Information Security, Boston University CISM, CISSP, GCFA, PMP - O 617-358-6310 M 617-999-7523 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU]<mailto:[mailto:SECURITY () LISTSERV EDUCAUSE EDU]> On Behalf Of Paul Crittenden Sent: Monday, March 19, 2012 1:33 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Laptop whole disk encryption We currently use McAfee's Safeboot/Endpoint Encryption software to encrypt our users laptops. Our PC Hardware folks do not like McAfee, we did when it was not owned by McAfee but you know how that goes. Anyway, I have been tasked when helping to find a possible replacement. What software package are you using to encrypt your users laptops. Or for that matter, if you are not, what is your rational. Thanks, Paul Crittenden Computer System Manager Simpson College Indianola, IA direct: 515-961-1680 www.simpson.edu -- This message has been scanned for viruses and dangerous content by MailScanner<http://www.mailscanner.info/>, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner<http://www.mailscanner.info/>, and is believed to be clean.
Current thread:
- Laptop whole disk encryption Paul Crittenden (Mar 19)
- Re: Laptop whole disk encryption Joel Rosenblatt (Mar 19)
- Re: Laptop whole disk encryption SCHALIP, MICHAEL (Mar 19)
- Re: Laptop whole disk encryption Roger A Safian (Mar 19)
- Re: Laptop whole disk encryption Shamblin, Quinn (Mar 19)
- Re: Laptop whole disk encryption SCHALIP, MICHAEL (Mar 19)
- Re: Laptop whole disk encryption Cappalli, Tim G @ LSC-ITS (Mar 19)
- Re: Laptop whole disk encryption Joel Rosenblatt (Mar 19)
- Re: Laptop whole disk encryption Shamblin, Quinn (Mar 19)
- Re: Laptop whole disk encryption Valdis Kletnieks (Mar 19)
- Re: Laptop whole disk encryption SCHALIP, MICHAEL (Mar 19)
- Re: Laptop whole disk encryption Chuck Thomas (Mar 19)
- Re: Laptop whole disk encryption Dan Han/HSC/VCU (Mar 19)
- Re: Laptop whole disk encryption Bret Ingerman (Mar 19)
- Re: Laptop whole disk encryption Louis APONTE (Mar 19)
- Re: Laptop whole disk encryption James Farr '05 (Mar 20)
- Re: Laptop whole disk encryption Bret Ingerman (Mar 19)
- Re: Laptop whole disk encryption Dennis Tracz (Mar 19)
- Re: Laptop whole disk encryption Sherry Callahan (Mar 19)
(Thread continues...)
- Re: Laptop whole disk encryption Joel Rosenblatt (Mar 19)