Educause Security Discussion mailing list archives

Re: [External Sender] Re: [SECURITY] Login Request

From: Thomas Carter <tcarter () AUSTINCOLLEGE EDU>
Date: Mon, 24 Sep 2018 13:58:20 +0000

Very good points; it really depends on the situation, person, etc.  I just recalled that we also had a similar 
situation and finally settled on the user using an encrypted USB drive with built-in keypad. The issues and limitations 
were acceptable to them and us.

Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu<http://www.austincollege.edu/>

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Davis, Chris
Sent: Monday, September 24, 2018 8:54 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] [External Sender] Re: [SECURITY] Login Request

It’s a sound idea, but I really don’t like the idea of someone using personal encryption on a university-owned 
computer.  What would stop the person from putting university data into that store and then leaving or becoming 
incapacitated, etc.  We would lose access to that data as well.

Chris


Christopher Davis, Ph.D.
Chief Information Officer
Assistant Professor of Education
Apple Teacher
Lourdes University
6832 Convent Blvd | REH 003P | Sylvania, OH 43560
cdavis () lourdes edu<mailto:cdavis () lourdes edu>

CyberAware – Be aware. Stay Secure!
Lourdes University will never ask you to send sensitive information through unsecure channels. Report any message that 
asks you to provide or confirm personal information such as credit card and/or bank account numbers, Social Security 
numbers, passwords, etc. or any other suspicious activity to infosec () lourdes edu<mailto:infosec () lourdes edu>. For 
more information please visit lourdes.edu/cyberaware.

CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) 
and may contain confidential and/or privileged information and may be legally protected from disclosure. If you are not 
the intended recipient of this message or their agent, or if this message has been addressed to you in error, please 
immediately alert the sender by reply email and then delete this message and any attachments. If you are not the 
intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its 
attachments is strictly prohibited.


On Sep 24, 2018, at 9:52 AM, Thomas Carter <tcarter () AUSTINCOLLEGE EDU<mailto:tcarter () AUSTINCOLLEGE EDU>> wrote:

What about personal encryption using something like Veracrypt (fork of TrueCrypt), AxCrypt, GPG, etc? Then it’s 
entirely in his hands as long as he’s made aware that you cannot recover the data for him if he loses/forgets the 
password.

Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu<http://www.austincollege.edu/>

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Davis, Chris
Sent: Monday, September 24, 2018 8:17 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Login Request

We received a request from a user who is concerned about security of his laptop.  He wants us to make it so no one else 
can log into the computer.  He is concerned about the security of sensitive data on the computer.  He is worried that 
someone else could log into the computer and see his data.

I am not the type to make special accommodations for users, especially when there are easy solutions to achieve the 
same results.  Our suggestion is to train him to save data in his profile only and then provide full disk encryption.

Has anyone else run into a situation like this, and how did you resolve it?

Chris


Christopher Davis, Ph.D.
Chief Information Officer
Assistant Professor of Education
Apple Teacher
Lourdes University
6832 Convent Blvd | REH 003P | Sylvania, OH 43560
cdavis () lourdes edu<mailto:cdavis () lourdes edu>

CyberAware – Be aware. Stay Secure!
Lourdes University will never ask you to send sensitive information through unsecure channels. Report any message that 
asks you to provide or confirm personal information such as credit card and/or bank account numbers, Social Security 
numbers, passwords, etc. or any other suspicious activity to infosec () lourdes edu<mailto:infosec () lourdes edu>. For 
more information please visit lourdes.edu/cyberaware<http://lourdes.edu/cyberaware>.

CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) 
and may contain confidential and/or privileged information and may be legally protected from disclosure. If you are not 
the intended recipient of this message or their agent, or if this message has been addressed to you in error, please 
immediately alert the sender by reply email and then delete this message and any attachments. If you are not the 
intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its 
attachments is strictly prohibited.

Current thread:

Login Request Davis, Chris (Sep 24)
- Re: Login Request Frank Barton (Sep 24)
  - Re: Login Request Haselhoff, Brent (Sep 24)
- Re: Login Request Jackson, William (Sep 24)
- Re: Login Request Thomas Carter (Sep 24)
  - Re: [External Sender] Re: [SECURITY] Login Request Davis, Chris (Sep 24)
    - Re: [External Sender] Re: [SECURITY] Login Request Thomas Carter (Sep 24)