Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Whole Disk Encryption

From: Isabelle Graham <graham () AMERICAN EDU>
Date: Tue, 17 Jan 2012 16:22:39 -0500
We would also be interested in hearing about any solutions people have come up with to this. 

----
Isabelle Graham
Information Security Engineer
American University

On 2012-01-17 16:16, Bradley Jonko wrote:

We currently have PGP (now Symantec) deployed for Windows and Macs, but
are desperately looking to move away from PGP in favor of the native
solutions (Bitlocker and Filevault). We have been running up against
user backlash from the long delays for major OS patching (mostly on the
Mac side), which has lead to some users outright removing their encryption.

The largest obstacle that our IT folks are worried about if we move to
the native encryption is recreating the password recovery mechanisms
that are built-in to most of the commercial products.

Has anyone implemented a key escrow/password recovery solution for
either/both of the native encryption solutions? If so, was it a
homegrown solution?

Thank you,

Brad Jonko

Information Security Office

Stanford University

jonko () stanford edu

650.724.2822

*From:*The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *SCHALIP, MICHAEL
*Sent:* Friday, January 06, 2012 9:36 AM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* Re: [SECURITY] Whole Disk Encryption

The biggest drawback for us was no password recovery – lose the
password, lose the data….

*From:*The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Drew Perry
*Sent:* Friday, January 06, 2012 10:08 AM
*To:* SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU>
*Subject:* Re: [SECURITY] Whole Disk Encryption

@Aaron,

TrueCrypt is a great product for individual use. But in a larger
environment, it lacks significant enterprise deployment tools. IT staff
can back up the Volume Header of encrypted disks for central management,
but it requires direct contact with each system. There is no support for
remote management, monitoring, or maintenance. Definitely use it at home
and in smaller environments. (For small organizations it's hard to beat
the price.) But I wouldn't recommend it for any type of enterprise rollout.


Drew Perry
Security Analyst
Murray State University
(270) 809-4414
aperry () murraystate edu <mailto:aperry () murraystate edu>

*P*Save a tree. Please consider the environment before printing this
message.

On Fri, Jan 6, 2012 at 10:16 AM, Aaron S. Thompson
<athompson () berklee edu <mailto:athompson () berklee edu>> wrote:

Hi All,

Has anyone deployed or has experience with TrueCrypt
<http://www.truecrypt.org/>? If so are you happy with it? Any things you
would have changed or pitfalls?

Best,

Aaron

-
Aaron Thompson

Network Architect for IT Operations

Berklee College of Music

1140 Boylston Street, MS-186-NETT
Boston, MA 02215-3693


www.berklee.edu <http://www.berklee.edu>

617.747.8656 <tel:617.747.8656>


--
This message has been scanned for viruses and
dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
believed to be clean.


--
This message has been scanned for viruses and
dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
believed to be clean.
Previous By Date Next
Previous By Thread Next

Current thread: