Enterprise Full Disk Encryption

[xgermx at gmail.com (xgermx)]

We're actually moving away from PointSec (its implementation went awry
before I was employed).
Based on cost, performance and managability, I think I'll be using
TrueCrypt (without static passwords).
The problem is that most of the OEM offerings require too much
overhead and want to be "all-in-one" solutions (see HP's credential
manager). I digress. If anyone has seen successful implantation of OEM
native HDD encryption please let me know.
Thanks list!

2008/11/5 Arch Angel <arch3angel at gmail.com>:
> At my previous job we used PGP but where I am at now we use PointSec.  I
> have not heard of any major issues with PointSec other than cost.  On my
> personal stuff I use Truecrypt, but then again I may have as many systems as
> a small business I don't have nearly 100 laptops...
>
> I have 99 plus 1 parts one :) j/k
>
> 2008/11/5 Matt Lye <lyematt at gmail.com>
> > I actually like the idea of using keyfiles as opposed to passwords, using
> > a smaller password and a keyfile is easier that a large password. This
> > especially applies to encrypted volumes.
> >
> > HOWEVER i do remember seeing a report that truecrypt was vulnerable to
> > someone running a ram scan after it had been shut down as it stored the
> > password/keyfile in ram for the duration of the session.
> >
> > Someone with more experience may wish to contradict or support this.
> >
> > You can do anything you set your mind to when you have vision,
> > determination, and and endless supply of expendable labor.
> >
> > <No tree's were harmed during this transmission. However, a great number
> > of electrons were terribly inconvenienced>
> >
> >
> > 2008/11/5 Kennith Asher <herrasher at gmail.com>
> > > The solution xgermx mentions is precisely what we have done.  For a small
> > > business solution working in a space with significant security requirements
> > > and inadequate cash, TrueCrypt is probably the most reasonable solution.
> > > (IMHO)  Just need to make sure that the PWs are both strong and workable for
> > > the end user...
> > >
> > > Ken
> > >
> > >
> > > If we did end up using TrueCrypt, users would be assigned static
> > > passwords (which the IT staff would have stored in and encrypted file). That
> > > would at least eliminate people forgetting their password.
> > >
> > >
> > >
> > > 2008/11/4 Tim Krabec <tkrabec at gmail.com>:
> > >
> > > > Securitycatalyst.org/forums has a few topics on it.  I know several of
> > >
> > > > the people there have implemented or are implementing FDE on several
> > >
> > > > (50+) machines here is one of the threads
> > >
> > > > http://www.securitycatalyst.org/forums/index.php?topic=193.0 (you need
> > >
> > > > to be logged in)
> > >
> > > >
> > >
> > > > On Tue, Nov 4, 2008 at 10:39 AM, xgermx <xgermx at gmail.com> wrote:
> > >
> > > > >
> > >
> > > > > I'm getting bids from HP and Dell on laptops (about 100). Does anyone
> > >
> > > > > have experience with their respective full disk encryption solutions?
> > >
> > > > > The reps I've talked too (from both companies) can't really give me
> > >
> > > > > the technical information that I want, and the information on both
> > >
> > > > > websites is outdated (2007).
> > >
> > > > > I've also considered going with TrueCrypt (I have the most experience
> > >
> > > > > with this and it's free, but there's not a good way to centrally
> > >
> > > > > manage it).
> > >
> > > > > Your thoughts?
> > >
> > > > > _______________________________________________
> > >
> > > > > Pauldotcom mailing list
> > >
> > > > > Pauldotcom at mail.pauldotcom.com
> > >
> > > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > >
> > > > > Main Web Site: http://pauldotcom.com
> > >
> > > >
> > >
> > > >
> > >
> > > >
> > >
> > > > --
> > >
> > > > Tim Krabec
> > >
> > > > Kracomp
> > >
> > > > 772-597-2349
> > >
> > > > smbminute.com
> > >
> > > > kracomp.blogspot.com
> > >
> > > > www.kracomp.com
> > >
> > > >
> > >
> > > > _______________________________________________
> > >
> > > > Pauldotcom mailing list
> > >
> > > > Pauldotcom at mail.pauldotcom.com
> > >
> > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > >
> > > > Main Web Site: http://pauldotcom.com
> > >
> > > >
> > >
> > > _______________________________________________
> > >
> > > Pauldotcom mailing list
> > >
> > > Pauldotcom at mail.pauldotcom.com
> > >
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > >
> > > Main Web Site: http://pauldotcom.com
> > >
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom at mail.pauldotcom.com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
> >
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com