PaulDotCom mailing list archives
Enterprise Full Disk Encryption
From: xgermx at gmail.com (xgermx)
Date: Wed, 5 Nov 2008 09:44:29 -0600
We're actually moving away from PointSec (its implementation went awry before I was employed). Based on cost, performance and managability, I think I'll be using TrueCrypt (without static passwords). The problem is that most of the OEM offerings require too much overhead and want to be "all-in-one" solutions (see HP's credential manager). I digress. If anyone has seen successful implantation of OEM native HDD encryption please let me know. Thanks list! 2008/11/5 Arch Angel <arch3angel at gmail.com>:
At my previous job we used PGP but where I am at now we use PointSec. I have not heard of any major issues with PointSec other than cost. On my personal stuff I use Truecrypt, but then again I may have as many systems as a small business I don't have nearly 100 laptops... I have 99 plus 1 parts one :) j/k 2008/11/5 Matt Lye <lyematt at gmail.com>I actually like the idea of using keyfiles as opposed to passwords, using a smaller password and a keyfile is easier that a large password. This especially applies to encrypted volumes. HOWEVER i do remember seeing a report that truecrypt was vulnerable to someone running a ram scan after it had been shut down as it stored the password/keyfile in ram for the duration of the session. Someone with more experience may wish to contradict or support this. You can do anything you set your mind to when you have vision, determination, and and endless supply of expendable labor. <No tree's were harmed during this transmission. However, a great number of electrons were terribly inconvenienced> 2008/11/5 Kennith Asher <herrasher at gmail.com>The solution xgermx mentions is precisely what we have done. For a small business solution working in a space with significant security requirements and inadequate cash, TrueCrypt is probably the most reasonable solution. (IMHO) Just need to make sure that the PWs are both strong and workable for the end user... Ken If we did end up using TrueCrypt, users would be assigned static passwords (which the IT staff would have stored in and encrypted file). That would at least eliminate people forgetting their password. 2008/11/4 Tim Krabec <tkrabec at gmail.com>:Securitycatalyst.org/forums has a few topics on it. I know several ofthe people there have implemented or are implementing FDE on several(50+) machines here is one of the threadshttp://www.securitycatalyst.org/forums/index.php?topic=193.0 (you needto be logged in)On Tue, Nov 4, 2008 at 10:39 AM, xgermx <xgermx at gmail.com> wrote:I'm getting bids from HP and Dell on laptops (about 100). Does anyonehave experience with their respective full disk encryption solutions?The reps I've talked too (from both companies) can't really give methe technical information that I want, and the information on bothwebsites is outdated (2007).I've also considered going with TrueCrypt (I have the most experiencewith this and it's free, but there's not a good way to centrallymanage it).Your thoughts?_______________________________________________Pauldotcom mailing listPauldotcom at mail.pauldotcom.comhttp://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcomMain Web Site: http://pauldotcom.com--Tim KrabecKracomp772-597-2349smbminute.comkracomp.blogspot.comwww.kracomp.com_______________________________________________Pauldotcom mailing listPauldotcom at mail.pauldotcom.comhttp://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcomMain Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Enterprise Full Disk Encryption, (continued)
- Enterprise Full Disk Encryption Adese (Nov 04)
- Enterprise Full Disk Encryption Raffi Jamgotchian (Nov 04)
- Enterprise Full Disk Encryption Bugbear (Nov 04)
- Enterprise Full Disk Encryption Tim Krabec (Nov 04)
- Enterprise Full Disk Encryption Chris Biettchert (Nov 04)
- Enterprise Full Disk Encryption Frank Mileto (Nov 04)
- Enterprise Full Disk Encryption Matt Lye (Nov 04)
- Enterprise Full Disk Encryption Arch Angel (Nov 04)
- Enterprise Full Disk Encryption xgermx (Nov 05)