Educause Security Discussion mailing list archives
Re: Storing SSN on file server
From: randy <marchany () VT EDU>
Date: Mon, 19 Mar 2018 14:58:07 -0400
A word of caution about WDE/FDE: remember that WDE/FDE is designed to work only then the host is powered off. If malware runs under your user context (the usual case), it will be able to decrypt any files your account can access. While we are requiring WDE/FDE in general, you need some sort of encryption scheme that's not based on access. Microsoft Office does do a decent encryption job but it is password protected. Newer versions of Adobe Acrobat allow password and certificate based encryption on a file basis. I don't know if the PDF portfolio feature is still around. There are certainly a ton of 3rd party vendor solutions. Microsoft AD-RMS (Azure RMS) is another tool. most of the "centralized" tools work great when everyone is under the same umbrella. It goes south when sending in/out of your institution. Our sensitive data standard ( says all PII (ssn, ccn, passport#, DMV#, bank, debit numbers) must be encrypted at rest or in transit. I believe the majority of users are using the Office Encryption or encrypted PDF files here. Databases use column encryption to encrypt the relevant fields in a record. Hope this helps. -Randy Marchany VA Tech IT Security Office and Lab On Mon, Mar 19, 2018 at 2:23 PM, Kevin Wilcox <wilcoxkm () appstate edu> wrote:
On 19 March 2018 at 13:52, Macatiag, Darwin <dmacatiag () mtsac edu> wrote:I’ll second Brent’s solution since it will help with data classification. You’ll probably also want to set up whole disk encryption on thatseparatefile server as well since most regulations require encryption of data at rest.Since you're the second person to mention WDE, I would only say that *especially* in the context of file and database servers one should take a long, hard look at how to interpret "at rest". kmw
Current thread:
- Storing SSN on file server Minh Nguyen (Mar 19)
- Re: Storing SSN on file server Barton, Robert W. (Mar 19)
- Re: Storing SSN on file server Gioia, Matthew P. (Mar 19)
- Re: Storing SSN on file server Haselhoff, Brent (Mar 19)
- Re: Storing SSN on file server Macatiag, Darwin (Mar 19)
- Re: Storing SSN on file server Kevin Wilcox (Mar 19)
- Re: Storing SSN on file server randy (Mar 19)
- Re: Storing SSN on file server Macatiag, Darwin (Mar 19)
- Re: Storing SSN on file server Barton, Robert W. (Mar 19)
- <Possible follow-ups>
- Re: Storing SSN on file server Davis, Kevin (Mar 19)