RE: laptop encryption
I saw very little difference on a laptop with an Intel SSD. Maybe 5% less disk speed using ATTO. From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Friday, May 28, 2010 8:47 AM To: NT System Admin Issues Subject: RE: laptop encryption Bitlocker has a huge impact on high-performance disks (e.g. SSDs). On the plus side, Bitlocker has the management tools in place for recovery. It's all when and good to use disk-level encryption or TruCrypt (I use the latter). But if you have 10k+ machines to manage, you need centralised recovery management... Cheers Ken From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Friday, 28 May 2010 1:25 AM To: NT System Admin Issues Subject: Re: laptop encryption I have only used bitlocker so far and have not notice performance issue. Is truecrypt going to punk out my portables? On Thu, May 27, 2010 at 10:16 AM, Sam Cayze sam.ca...@rollouts.com wrote: I opted for encryption at the hardware level via FDE disks. No performance decrease, however, no central management. It's so easy and set and forget, that I don't mind that. Sam From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 9:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: laptop encryption
Bitlocker has a huge impact on high-performance disks (e.g. SSDs). On the plus side, Bitlocker has the management tools in place for recovery. It's all when and good to use disk-level encryption or TruCrypt (I use the latter). But if you have 10k+ machines to manage, you need centralised recovery management... Cheers Ken From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Friday, 28 May 2010 1:25 AM To: NT System Admin Issues Subject: Re: laptop encryption I have only used bitlocker so far and have not notice performance issue. Is truecrypt going to punk out my portables? On Thu, May 27, 2010 at 10:16 AM, Sam Cayze sam.ca...@rollouts.commailto:sam.ca...@rollouts.com wrote: I opted for encryption at the hardware level via FDE disks. No performance decrease, however, no central management. It's so easy and set and forget, that I don't mind that. Sam From: Jeff Brown [mailto:2jbr...@gmail.commailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 9:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: laptop encryption
While you can keep things from being *permanently* stored on a laptop, it's not practical to ask that no data of any value ever reside on it, unless there is some facility for ensuring remote connectivity at all times. So, important people with laptops will almost certainly have important data on there for some period of time, if only until they can get it synced up with a better location. In the meantime, the data has to be protected. -ASB: http://XeeSM.com/AndrewBaker On Thu, May 27, 2010 at 4:39 PM, Alex Eckelberry al...@sunbelt-software.com wrote: Not the answer you’re looking for, but what about a different thought? Don’t keep anything of value on a laptop. Only run laptops client/server (VPN or TS or whatever). Alex *From:* Jeff Brown [mailto:2jbr...@gmail.com] *Sent:* Thursday, May 27, 2010 10:58 AM *To:* NT System Admin Issues *Subject:* laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: laptop encryption
Agreed. There are too many situations where it's not feasible to expect that people can work with a permanent VPN/remote connection. Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Friday, 28 May 2010 10:57 PM To: NT System Admin Issues Subject: Re: laptop encryption While you can keep things from being *permanently* stored on a laptop, it's not practical to ask that no data of any value ever reside on it, unless there is some facility for ensuring remote connectivity at all times. So, important people with laptops will almost certainly have important data on there for some period of time, if only until they can get it synced up with a better location. In the meantime, the data has to be protected. -ASB: http://XeeSM.com/AndrewBaker On Thu, May 27, 2010 at 4:39 PM, Alex Eckelberry al...@sunbelt-software.commailto:al...@sunbelt-software.com wrote: Not the answer you're looking for, but what about a different thought? Don't keep anything of value on a laptop. Only run laptops client/server (VPN or TS or whatever). Alex From: Jeff Brown [mailto:2jbr...@gmail.commailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 10:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: laptop encryption
+1 Wish I could get us there, but we have sales geeks in the field, and they need to be able to demo our software. Getting it all set up for remote demo is something that's not in the budget at the moment. Kurt On Thu, May 27, 2010 at 13:39, Alex Eckelberry al...@sunbelt-software.com wrote: Not the answer you’re looking for, but what about a different thought? Don’t keep anything of value on a laptop. Only run laptops client/server (VPN or TS or whatever). Alex From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 10:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: laptop encryption
TrueCrypt...free. http://www.truecrypt.org/ Bill Lambert Concuity Phone 847-941-9206 The information contained in this e-mail message, including any attached files, is intended only for the personal and confidential use of the recipient(s) named above. If you are not the intended recipient (or authorized to receive information for the recipient) you are hereby notified that you have received this communication in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please contact the sender by reply email and delete all copies of this message. Thank you. From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 9:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: laptop encryption
Truecrypt is pretty easy and free. Karl Bickmore MSCE NT4/2K/2K3, MCP, MCP+I, MCSA 2K/2K3 LPI-1, CCNA, CCDA, Net+,Security+,Linux+ DataCore SANmelody Certified 6613 N Scottsdale Road Suite 101 Scottsdale AZ, 85250 480-553-9967 X100 k...@ccnsconsulting.commailto:k...@ccnsconsulting.com [cid:image001.jpg@01CAFD72.C579BFB0] Please remember CCNS is a referral based business. If you have a friend or colleague in need, we are happy to help. Feel free to pass along our contact information to anyone you think we can help. Thanks! From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 7:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~inline: image001.jpg
RE: laptop encryption
We're using Symantec Endpoint Encryption, biggest pile of crap ever. We were rolling it out to external self employed contractor types, killed nearly half of them. Switched to TrueCrypt on any that didn't work, management soon realised what a mistake they made. A hell of a lot easier, AND it makes you create a recovery disk before you start. Don't know about the reporting in of it tho, haven't looked at it personally, managed to avoid the encryption fiasco. Regards Tony Patton Desktop Operations Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com From: Karl Bickmore k...@ccnsconsulting.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: 27/05/2010 16:01 Subject:RE: laptop encryption Truecrypt is pretty easy and free. Karl Bickmore MSCE NT4/2K/2K3, MCP, MCP+I, MCSA 2K/2K3 LPI-1, CCNA, CCDA, Net+,Security+,Linux+ DataCore SANmelody Certified 6613 N Scottsdale Road Suite 101 Scottsdale AZ, 85250 480-553-9967 X100 k...@ccnsconsulting.com Please remember CCNS is a referral based business. If you have a friend or colleague in need, we are happy to help. Feel free to pass along our contact information to anyone you think we can help. Thanks! From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 7:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff This e-mail is intended only for the addressee named above. The contents should not be copied nor disclosed to any other person. Any views or opinions expressed are solely those of the sender and do not necessarily represent those of QUINN-Insurance Limited (Under Administration), unless otherwise specifically stated . As internet communications are not secure, QUINN-Insurance Limited (Under Administration) is not responsible for the contents of this message nor responsible for any change made to this message after it was sent by the original sender. Although virus scanning is used on all inbound and outbound e-mail, we advise you to carry out your own virus check before opening any attachment. We cannot accept liability for any damage sustained as a result of any software viruses. QUINN-Insurance Limited (Under Administration) is regulated by the Financial Regulator and regulated by the Financial Services Authority for the conduct of UK business. QUINN-Insurance Limited (Under Administration) is registered in Ireland, registration number 240768 and is a private company limited by shares. Its head office is at Dublin Road, Cavan, Co. Cavan. This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image/jpeg
RE: laptop encryption
I opted for encryption at the hardware level via FDE disks. No performance decrease, however, no central management. It's so easy and set and forget, that I don't mind that. Sam From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 9:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: laptop encryption
I have only used bitlocker so far and have not notice performance issue. Is truecrypt going to punk out my portables? On Thu, May 27, 2010 at 10:16 AM, Sam Cayze sam.ca...@rollouts.com wrote: I opted for encryption at the hardware level via FDE disks. No performance decrease, however, no central management. It’s so easy and set and forget, that I don’t mind that. Sam *From:* Jeff Brown [mailto:2jbr...@gmail.com] *Sent:* Thursday, May 27, 2010 9:58 AM *To:* NT System Admin Issues *Subject:* laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: laptop encryption
Thanks for all that. I already had a quote for the symantec product. appreciate the heads up. Not sure why anyone would not use TrueCrypt if it works, unless there were some excellent reporting features that verified that its up and running on all your portables... I'd pay for that I think, but not for the headaches. On Thu, May 27, 2010 at 10:11 AM, tony patton tony.pat...@quinn-insurance.com wrote: We're using Symantec Endpoint Encryption, biggest pile of crap ever. We were rolling it out to external self employed contractor types, killed nearly half of them. Switched to TrueCrypt on any that didn't work, management soon realised what a mistake they made. A hell of a lot easier, AND it makes you create a recovery disk before you start. Don't know about the reporting in of it tho, haven't looked at it personally, managed to avoid the encryption fiasco. Regards Tony Patton Desktop Operations Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com From:Karl Bickmore k...@ccnsconsulting.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:27/05/2010 16:01 Subject:RE: laptop encryption -- Truecrypt is pretty easy and free. * **Karl Bickmore* MSCE NT4/2K/2K3, MCP, MCP+I, MCSA 2K/2K3 LPI-1, CCNA, CCDA, Net+,Security+,Linux+ DataCore SANmelody Certified 6613 N Scottsdale Road Suite 101 Scottsdale AZ, 85250 480-553-9967 X100 k...@ccnsconsulting.com [image: CCNSLogo] *Please remember CCNS is a referral based business. If you have a friend or colleague in need, we are happy to help. Feel free to pass along our contact information to anyone you think we can help. Thanks!* *From:* Jeff Brown [mailto:2jbr...@gmail.com 2jbr...@gmail.com] * Sent:* Thursday, May 27, 2010 7:58 AM* To:* NT System Admin Issues* Subject:* laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff This e-mail is intended only for the addressee named above. The contents should not be copied nor disclosed to any other person. Any views or opinions expressed are solely those of the sender and do not necessarily represent those of QUINN-Insurance Limited (Under Administration), unless otherwise specifically stated . As internet communications are not secure, QUINN-Insurance Limited (Under Administration) is not responsible for the contents of this message nor responsible for any change made to this message after it was sent by the original sender. Although virus scanning is used on all inbound and outbound e-mail, we advise you to carry out your own virus check before opening any attachment. We cannot accept liability for any damage sustained as a result of any software viruses. QUINN-Insurance Limited (Under Administration) is regulated by the Financial Regulator and regulated by the Financial Services Authority for the conduct of UK business. QUINN-Insurance Limited (Under Administration) is registered in Ireland, registration number 240768 and is a private company limited by shares. Its head office is at Dublin Road, Cavan, Co. Cavan. This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image/jpeg
Re: laptop encryption
When you consider why that particular reporting function is needed in the first place, you might be less inclined to consider it a value-add... -ASB: http://XeeSM.com/AndrewBaker On Thu, May 27, 2010 at 11:18 AM, Jeff Brown 2jbr...@gmail.com wrote: Thanks for all that. I already had a quote for the symantec product. appreciate the heads up. Not sure why anyone would not use TrueCrypt if it works, unless there were some excellent reporting features that verified that its up and running on all your portables... I'd pay for that I think, but not for the headaches. On Thu, May 27, 2010 at 10:11 AM, tony patton tony.pat...@quinn-insurance.com wrote: We're using Symantec Endpoint Encryption, biggest pile of crap ever. We were rolling it out to external self employed contractor types, killed nearly half of them. Switched to TrueCrypt on any that didn't work, management soon realised what a mistake they made. A hell of a lot easier, AND it makes you create a recovery disk before you start. Don't know about the reporting in of it tho, haven't looked at it personally, managed to avoid the encryption fiasco. Regards Tony Patton Desktop Operations Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com From:Karl Bickmore k...@ccnsconsulting.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:27/05/2010 16:01 Subject:RE: laptop encryption -- Truecrypt is pretty easy and free. * **Karl Bickmore* MSCE NT4/2K/2K3, MCP, MCP+I, MCSA 2K/2K3 LPI-1, CCNA, CCDA, Net+,Security+,Linux+ DataCore SANmelody Certified 6613 N Scottsdale Road Suite 101 Scottsdale AZ, 85250 480-553-9967 X100 k...@ccnsconsulting.com [image: CCNSLogo] *Please remember CCNS is a referral based business. If you have a friend or colleague in need, we are happy to help. Feel free to pass along our contact information to anyone you think we can help. Thanks!* *From:* Jeff Brown [mailto:2jbr...@gmail.com 2jbr...@gmail.com] * Sent:* Thursday, May 27, 2010 7:58 AM* To:* NT System Admin Issues* Subject:* laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image/jpeg
RE: laptop encryption
Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary=_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_ MIME-Version: 1.0 X-Bypass-Agent: EF-1; X-Reverse-DNS: unknown Return-Path: david@nwea.org --_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_ Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable PGP encryption reports to a management station, I can see who has encrypted= disks and who doesn't. Not a free solution however. Dave From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 7:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that = discussion there were a couple of encryption programs mentioned. I have bi= tlocker running on the OS's that happen to come with it, and need something= for those that don't. Might consider OS upgrade if the encryption piece i= s too costly. anyone using something they LOVE? any chance there is a program that will = report encryption status back to a management station? tiafah. Jeff --_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_ Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable html xmlns:v=3Durn:schemas-microsoft-com:vml xmlns:o=3Durn:schemas-micr= osoft-com:office:office xmlns:w=3Durn:schemas-microsoft-com:office:word = xmlns:m=3Dhttp://schemas.microsoft.com/office/2004/12/omml; xmlns=3Dhttp:= //www.w3.org/TR/REC-html40 head meta http-equiv=3DContent-Type content=3Dtext/html; charset=3Dus-ascii meta name=3DGenerator content=3DMicrosoft Word 12 (filtered medium) style !-- /* Font Definitions */ @font-face {font-family:Cambria Math; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;} @font-face {font-family:Consolas; panose-1:2 11 6 9 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:Times New Roman,serif;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} p {mso-style-priority:99; mso-margin-top-alt:auto; margin-right:0in; mso-margin-bottom-alt:auto; margin-left:0in; font-size:12.0pt; font-family:Times New Roman,serif;} pre {mso-style-priority:99; mso-style-link:HTML Preformatted Char; margin:0in; margin-bottom:.0001pt; font-size:10.0pt; font-family:Courier New;} p.MsoAcetate, li.MsoAcetate, div.MsoAcetate {mso-style-priority:99; mso-style-link:Balloon Text Char; margin:0in; margin-bottom:.0001pt; font-size:8.0pt; font-family:Tahoma,sans-serif;} span.HTMLPreformattedChar {mso-style-name:HTML Preformatted Char; mso-style-priority:99; mso-style-link:HTML Preformatted; font-family:Consolas;} span.BalloonTextChar {mso-style-name:Balloon Text Char; mso-style-priority:99; mso-style-link:Balloon Text; font-family:Tahoma,sans-serif;} span.EmailStyle22 {mso-style-type:personal; font-family:Calibri,sans-serif; color:#1F497D;} span.EmailStyle23 {mso-style-type:personal-reply; font-family:Calibri,sans-serif; color:#1F497D;} .MsoChpDefault {mso-style-type:export-only; font-size:10.0pt;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.Section1 {page:Section1;} -- /style !--[if gte mso 9]xml o:shapedefaults v:ext=3Dedit spidmax=3D1026 / /xml![endif]--!--[if gte mso 9]xml o:shapelayout v:ext=3Dedit o:idmap v:ext=3Dedit data=3D1 / /o:shapelayout/xml![endif]-- /head body lang=3DEN-US link=3Dblue vlink=3Dpurple div class=3DSection1 p class=3DMsoNormalspan style=3D'font-size:11.0pt;font-family:Calibri,= sans-serif; color:#1F497D'PGP encryption reports to a management station, I can see wh= o has encrypted disks and who doesn#8217;t. Not a free solution however.o:p= /o:p/span/p p class=3DMsoNormalspan style=3D'font-size:11.0pt;font-family:Calibri,= sans-serif; color:#1F497D'o:pnbsp;/o:p/span/p p class=3DMsoNormalspan style=3D'font-size:11.0pt;font-family:Calibri,= sans-serif; color:#1F497D'Daveo:p/o:p/span/p p class=3DMsoNormalspan style=3D'font-size:11.0pt;font-family:Calibri,= sans-serif; color:#1F497D'o:pnbsp;/o:p/span/p div style=3D'border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in = 0in 0in' p class=3DMsoNormalbspan
RE: laptop encryption
We[1] decided to abandon PointSec encryption and go with PGP here a bit back then of course Sym-crap-tec bought PGP... -sc [1] And by we I mean the gov decided and gave us marching orders... -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Thursday, May 27, 2010 11:33 AM To: NT System Admin Issues Subject: RE: laptop encryption Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary=_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2L KOEXCH01Amer_ MIME-Version: 1.0 X-Bypass-Agent: EF-1; X-Reverse-DNS: unknown Return-Path: david@nwea.org --_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_ Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable PGP encryption reports to a management station, I can see who has encrypted= disks and who doesn't. Not a free solution however. Dave From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 7:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that = discussion there were a couple of encryption programs mentioned. I have bi= tlocker running on the OS's that happen to come with it, and need something= for those that don't. Might consider OS upgrade if the encryption piece i= s too costly. anyone using something they LOVE? any chance there is a program that will = report encryption status back to a management station? tiafah. Jeff --_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_ Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable html xmlns:v=3Durn:schemas-microsoft-com:vml xmlns:o=3Durn:schemas-micr= osoft-com:office:office xmlns:w=3Durn:schemas-microsoft-com:office:word = xmlns:m=3Dhttp://schemas.microsoft.com/office/2004/12/omml; xmlns=3Dhttp:= //www.w3.org/TR/REC-html40 head meta http-equiv=3DContent-Type content=3Dtext/html; charset=3Dus- ascii meta name=3DGenerator content=3DMicrosoft Word 12 (filtered medium) style !-- /* Font Definitions */ @font-face {font-family:Cambria Math; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;} @font-face {font-family:Consolas; panose-1:2 11 6 9 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:Times New Roman,serif;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} p {mso-style-priority:99; mso-margin-top-alt:auto; margin-right:0in; mso-margin-bottom-alt:auto; margin-left:0in; font-size:12.0pt; font-family:Times New Roman,serif;} pre {mso-style-priority:99; mso-style-link:HTML Preformatted Char; margin:0in; margin-bottom:.0001pt; font-size:10.0pt; font-family:Courier New;} p.MsoAcetate, li.MsoAcetate, div.MsoAcetate {mso-style-priority:99; mso-style-link:Balloon Text Char; margin:0in; margin-bottom:.0001pt; font-size:8.0pt; font-family:Tahoma,sans-serif;} span.HTMLPreformattedChar {mso-style-name:HTML Preformatted Char; mso-style-priority:99; mso-style-link:HTML Preformatted; font-family:Consolas;} span.BalloonTextChar {mso-style-name:Balloon Text Char; mso-style-priority:99; mso-style-link:Balloon Text; font-family:Tahoma,sans-serif;} span.EmailStyle22 {mso-style-type:personal; font-family:Calibri,sans-serif; color:#1F497D;} span.EmailStyle23 {mso-style-type:personal-reply; font-family:Calibri,sans-serif; color:#1F497D;} .MsoChpDefault {mso-style-type:export-only; font-size:10.0pt;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.Section1 {page:Section1;} -- /style !--[if gte mso 9]xml o:shapedefaults v:ext=3Dedit spidmax=3D1026 / /xml![endif]-- !--[if gte mso 9]xml o:shapelayout v:ext=3Dedit o:idmap v:ext=3Dedit data=3D1 / /o:shapelayout/xml![endif]-- /head body lang=3DEN-US link=3Dblue vlink=3Dpurple div class=3DSection1 p class=3DMsoNormalspan style=3D'font-size:11.0pt;font- family:Calibri,= sans-serif; color:#1F497D'PGP encryption reports to a management station, I can see wh= o has encrypted disks and who doesn#8217;t. Not a free solution however.o:p= /o:p/span/p p class=3DMsoNormalspan style=3D'font-size:11.0pt
Re: laptop encryption
just to add my 2 cents, TrueCrypt, We've used it on our Dell laptops for the last two years, and have not had any issues. every upgrade has gone well without issue. Google.com Learn it. Live it. Love it. On Thu, May 27, 2010 at 08:43, Steven M. Caesare scaes...@caesare.com wrote: We[1] decided to abandon PointSec encryption and go with PGP here a bit back then of course Sym-crap-tec bought PGP... -sc [1] And by we I mean the gov decided and gave us marching orders... -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Thursday, May 27, 2010 11:33 AM To: NT System Admin Issues Subject: RE: laptop encryption Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary=_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2L KOEXCH01Amer_ MIME-Version: 1.0 X-Bypass-Agent: EF-1; X-Reverse-DNS: unknown Return-Path: david@nwea.org --_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_ Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable PGP encryption reports to a management station, I can see who has encrypted= disks and who doesn't. Not a free solution however. Dave From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 7:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that = discussion there were a couple of encryption programs mentioned. I have bi= tlocker running on the OS's that happen to come with it, and need something= for those that don't. Might consider OS upgrade if the encryption piece i= s too costly. anyone using something they LOVE? any chance there is a program that will = report encryption status back to a management station? tiafah. Jeff --_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_ Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable html xmlns:v=3Durn:schemas-microsoft-com:vml xmlns:o=3Durn:schemas-micr= osoft-com:office:office xmlns:w=3Durn:schemas-microsoft-com:office:word = xmlns:m=3Dhttp://schemas.microsoft.com/office/2004/12/omml; xmlns=3Dhttp:= //www.w3.org/TR/REC-html40 head meta http-equiv=3DContent-Type content=3Dtext/html; charset=3Dus- ascii meta name=3DGenerator content=3DMicrosoft Word 12 (filtered medium) style !-- /* Font Definitions */ �...@font-face {font-family:Cambria Math; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;} @font-face {font-family:Consolas; panose-1:2 11 6 9 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:Times New Roman,serif;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} p {mso-style-priority:99; mso-margin-top-alt:auto; margin-right:0in; mso-margin-bottom-alt:auto; margin-left:0in; font-size:12.0pt; font-family:Times New Roman,serif;} pre {mso-style-priority:99; mso-style-link:HTML Preformatted Char; margin:0in; margin-bottom:.0001pt; font-size:10.0pt; font-family:Courier New;} p.MsoAcetate, li.MsoAcetate, div.MsoAcetate {mso-style-priority:99; mso-style-link:Balloon Text Char; margin:0in; margin-bottom:.0001pt; font-size:8.0pt; font-family:Tahoma,sans-serif;} span.HTMLPreformattedChar {mso-style-name:HTML Preformatted Char; mso-style-priority:99; mso-style-link:HTML Preformatted; font-family:Consolas;} span.BalloonTextChar {mso-style-name:Balloon Text Char; mso-style-priority:99; mso-style-link:Balloon Text; font-family:Tahoma,sans-serif;} span.EmailStyle22 {mso-style-type:personal; font-family:Calibri,sans-serif; color:#1F497D;} span.EmailStyle23 {mso-style-type:personal-reply; font-family:Calibri,sans-serif; color:#1F497D;} .MsoChpDefault {mso-style-type:export-only; font-size:10.0pt;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.Section1 {page:Section1;} -- /style !--[if gte mso 9]xml o:shapedefaults v:ext=3Dedit spidmax=3D1026 / /xml![endif]-- !--[if gte mso 9]xml o:shapelayout v:ext=3Dedit o:idmap v:ext=3Dedit data=3D1 / /o:shapelayout/xml![endif]-- /head body lang=3DEN-US link=3Dblue vlink=3Dpurple div class=3DSection1 p class=3DMsoNormalspan
Re: laptop encryption
I am a TrueCrypt fan with one caveat; we never use full-disk encryption for our clients but rather create an encrypted file container which, when mounted as a separate drive, becomes the repository for all data, including but not limited to Outlook PSTs or Thunderbird profile and mail files, Firefox profile cache, mobile phone sync data and all documents. Still working on moving Skype and other IM data on to the encrypted drive and using an on-screen keyboard program to enter the encrypted drive's password to try to defeat key loggers. Besides the vulnerability of full-disk encryption to monitors such as Evil Maid, I have seen fully-encrypted disks presented to Windows, to which the response is Format Drive XX?. Too risky if laptop is abroad and needs to be attended to by an ignorant technician. -- Peter van Houten On the 27 May, 2010 16:57, Jeff Brown wrote the following: There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: laptop encryption
How many laptops and how many locations? Many remote users? How does it work when a user forgets their password? Dave -Original Message- From: S Powell [mailto:powe...@gmail.com] Sent: Thursday, May 27, 2010 8:49 AM To: NT System Admin Issues Subject: Re: laptop encryption just to add my 2 cents, TrueCrypt, We've used it on our Dell laptops for the last two years, and have not had any issues. every upgrade has gone well without issue. Google.com Learn it. Live it. Love it. On Thu, May 27, 2010 at 08:43, Steven M. Caesare scaes...@caesare.com wrote: We[1] decided to abandon PointSec encryption and go with PGP here a bit back then of course Sym-crap-tec bought PGP... -sc [1] And by we I mean the gov decided and gave us marching orders... -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Thursday, May 27, 2010 11:33 AM To: NT System Admin Issues Subject: RE: laptop encryption Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary=_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2L KOEXCH01Amer_ MIME-Version: 1.0 X-Bypass-Agent: EF-1; X-Reverse-DNS: unknown Return-Path: david@nwea.org --_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_ Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable PGP encryption reports to a management station, I can see who has encrypted= disks and who doesn't. Not a free solution however. Dave From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 7:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that = discussion there were a couple of encryption programs mentioned. I have bi= tlocker running on the OS's that happen to come with it, and need something= for those that don't. Might consider OS upgrade if the encryption piece i= s too costly. anyone using something they LOVE? any chance there is a program that will = report encryption status back to a management station? tiafah. Jeff --_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_ Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable html xmlns:v=3Durn:schemas-microsoft-com:vml xmlns:o=3Durn:schemas-micr= osoft-com:office:office xmlns:w=3Durn:schemas-microsoft-com:office:word = xmlns:m=3Dhttp://schemas.microsoft.com/office/2004/12/omml; xmlns=3Dhttp:= //www.w3.org/TR/REC-html40 head meta http-equiv=3DContent-Type content=3Dtext/html; charset=3Dus- ascii meta name=3DGenerator content=3DMicrosoft Word 12 (filtered medium) style !-- /* Font Definitions */ �...@font-face {font-family:Cambria Math; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;} @font-face {font-family:Consolas; panose-1:2 11 6 9 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:Times New Roman,serif;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} p {mso-style-priority:99; mso-margin-top-alt:auto; margin-right:0in; mso-margin-bottom-alt:auto; margin-left:0in; font-size:12.0pt; font-family:Times New Roman,serif;} pre {mso-style-priority:99; mso-style-link:HTML Preformatted Char; margin:0in; margin-bottom:.0001pt; font-size:10.0pt; font-family:Courier New;} p.MsoAcetate, li.MsoAcetate, div.MsoAcetate {mso-style-priority:99; mso-style-link:Balloon Text Char; margin:0in; margin-bottom:.0001pt; font-size:8.0pt; font-family:Tahoma,sans-serif;} span.HTMLPreformattedChar {mso-style-name:HTML Preformatted Char; mso-style-priority:99; mso-style-link:HTML Preformatted; font-family:Consolas;} span.BalloonTextChar {mso-style-name:Balloon Text Char; mso-style-priority:99; mso-style-link:Balloon Text; font-family:Tahoma,sans-serif;} span.EmailStyle22 {mso-style-type:personal; font-family:Calibri,sans-serif; color:#1F497D;} span.EmailStyle23 {mso-style-type:personal-reply; font-family:Calibri,sans-serif; color:#1F497D;} .MsoChpDefault {mso-style-type:export-only; font-size:10.0pt;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.Section1 {page:Section1;} -- /style !--[if gte mso 9]xml
Re: laptop encryption
We're a PGP shop...hoping Symantec doesn't make it as craptacular as its other products. The central management is very important to us. On Thu, May 27, 2010 at 11:53 AM, David Lum david@nwea.org wrote: How many laptops and how many locations? Many remote users? How does it work when a user forgets their password? Dave -Original Message- From: S Powell [mailto:powe...@gmail.com] Sent: Thursday, May 27, 2010 8:49 AM To: NT System Admin Issues Subject: Re: laptop encryption just to add my 2 cents, TrueCrypt, We've used it on our Dell laptops for the last two years, and have not had any issues. every upgrade has gone well without issue. Google.com Learn it. Live it. Love it. On Thu, May 27, 2010 at 08:43, Steven M. Caesare scaes...@caesare.com wrote: We[1] decided to abandon PointSec encryption and go with PGP here a bit back then of course Sym-crap-tec bought PGP... -sc [1] And by we I mean the gov decided and gave us marching orders... -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Thursday, May 27, 2010 11:33 AM To: NT System Admin Issues Subject: RE: laptop encryption Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary=_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2L KOEXCH01Amer_ MIME-Version: 1.0 X-Bypass-Agent: EF-1; X-Reverse-DNS: unknown Return-Path: david@nwea.org --_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_ Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable PGP encryption reports to a management station, I can see who has encrypted= disks and who doesn't. Not a free solution however. Dave From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 7:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that = discussion there were a couple of encryption programs mentioned. I have bi= tlocker running on the OS's that happen to come with it, and need something= for those that don't. Might consider OS upgrade if the encryption piece i= s too costly. anyone using something they LOVE? any chance there is a program that will = report encryption status back to a management station? tiafah. Jeff --_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_ Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable html xmlns:v=3Durn:schemas-microsoft-com:vml xmlns:o=3Durn:schemas-micr= osoft-com:office:office xmlns:w=3Durn:schemas-microsoft-com:office:word = xmlns:m=3Dhttp://schemas.microsoft.com/office/2004/12/omml; xmlns=3Dhttp:= //www.w3.org/TR/REC-html40 head meta http-equiv=3DContent-Type content=3Dtext/html; charset=3Dus- ascii meta name=3DGenerator content=3DMicrosoft Word 12 (filtered medium) style !-- /* Font Definitions */ @font-face {font-family:Cambria Math; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;} @font-face {font-family:Consolas; panose-1:2 11 6 9 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:Times New Roman,serif;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} p {mso-style-priority:99; mso-margin-top-alt:auto; margin-right:0in; mso-margin-bottom-alt:auto; margin-left:0in; font-size:12.0pt; font-family:Times New Roman,serif;} pre {mso-style-priority:99; mso-style-link:HTML Preformatted Char; margin:0in; margin-bottom:.0001pt; font-size:10.0pt; font-family:Courier New;} p.MsoAcetate, li.MsoAcetate, div.MsoAcetate {mso-style-priority:99; mso-style-link:Balloon Text Char; margin:0in; margin-bottom:.0001pt; font-size:8.0pt; font-family:Tahoma,sans-serif;} span.HTMLPreformattedChar {mso-style-name:HTML Preformatted Char; mso-style-priority:99; mso-style-link:HTML Preformatted; font-family:Consolas;} span.BalloonTextChar {mso-style-name:Balloon Text Char; mso-style-priority:99; mso-style-link:Balloon Text; font-family:Tahoma,sans-serif;} span.EmailStyle22 {mso-style-type:personal; font-family:Calibri,sans-serif; color
RE: laptop encryption
Same here, we are currently deploying PGP and hope the same. Dave From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, May 27, 2010 10:08 AM To: NT System Admin Issues Subject: Re: laptop encryption We're a PGP shop...hoping Symantec doesn't make it as craptacular as its other products. The central management is very important to us. On Thu, May 27, 2010 at 11:53 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: How many laptops and how many locations? Many remote users? How does it work when a user forgets their password? Dave -Original Message- From: S Powell [mailto:powe...@gmail.commailto:powe...@gmail.com] Sent: Thursday, May 27, 2010 8:49 AM To: NT System Admin Issues Subject: Re: laptop encryption just to add my 2 cents, TrueCrypt, We've used it on our Dell laptops for the last two years, and have not had any issues. every upgrade has gone well without issue. Google.com Learn it. Live it. Love it. On Thu, May 27, 2010 at 08:43, Steven M. Caesare scaes...@caesare.commailto:scaes...@caesare.com wrote: We[1] decided to abandon PointSec encryption and go with PGP here a bit back then of course Sym-crap-tec bought PGP... -sc [1] And by we I mean the gov decided and gave us marching orders... -Original Message- From: David Lum [mailto:david@nwea.orgmailto:david@nwea.org] Sent: Thursday, May 27, 2010 11:33 AM To: NT System Admin Issues Subject: RE: laptop encryption Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary=_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2L KOEXCH01Amer_ MIME-Version: 1.0 X-Bypass-Agent: EF-1; X-Reverse-DNS: unknown Return-Path: david@nwea.org --_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_ Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable PGP encryption reports to a management station, I can see who has encrypted= disks and who doesn't. Not a free solution however. Dave From: Jeff Brown [mailto:2jbr...@gmail.commailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 7:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that = discussion there were a couple of encryption programs mentioned. I have bi= tlocker running on the OS's that happen to come with it, and need something= for those that don't. Might consider OS upgrade if the encryption piece i= s too costly. anyone using something they LOVE? any chance there is a program that will = report encryption status back to a management station? tiafah. Jeff --_000_038712CAF487CE46B2323FE43D6224B781E2E43FC2LKOEXCH01Amer_ Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable html xmlns:v=3Durn:schemas-microsoft-com:vml xmlns:o=3Durn:schemas-micr= osoft-com:office:office xmlns:w=3Durn:schemas-microsoft-com:office:word = xmlns:m=3Dhttp://schemas.microsoft.com/office/2004/12/omml; xmlns=3Dhttp:= //www.w3.org/TR/REC-html40http://www.w3.org/TR/REC-html40 head meta http-equiv=3DContent-Type content=3Dtext/html; charset=3Dus- ascii meta name=3DGenerator content=3DMicrosoft Word 12 (filtered medium) style !-- /* Font Definitions */ @font-face {font-family:Cambria Math; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;} @font-face {font-family:Consolas; panose-1:2 11 6 9 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:Times New Roman,serif;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} p {mso-style-priority:99; mso-margin-top-alt:auto; margin-right:0in; mso-margin-bottom-alt:auto; margin-left:0in; font-size:12.0pt; font-family:Times New Roman,serif;} pre {mso-style-priority:99; mso-style-link:HTML Preformatted Char; margin:0in; margin-bottom:.0001pt; font-size:10.0pt; font-family:Courier New;} p.MsoAcetate, li.MsoAcetate, div.MsoAcetate {mso-style-priority:99; mso-style-link:Balloon Text Char; margin:0in; margin-bottom:.0001pt; font-size:8.0pt; font-family:Tahoma,sans-serif;} span.HTMLPreformattedChar {mso-style-name:HTML Preformatted Char; mso-style-priority:99; mso-style-link:HTML Preformatted; font-family:Consolas;} span.BalloonTextChar {mso-style-name:Balloon
RE: laptop encryption
We use TrueCrypt. Even posted a little article on how to do it for our clients. http://www.officeforlawyers.com/lawtech/truecrypt.htm http://www.officeforlawyers.com/lawtech/truecrypt.htm I haven't noticed any performance issues (or any reporting features for that matter) on my netbooks. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com mailto:b...@rolandschorr.com Twitter: http://www.twitter.com/bschorr http://www.twitter.com/bschorr Facebook: http://www.facebook.com/rolandschorr http://www.facebook.com/rolandschorr From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 04:58 To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: laptop encryption
IT seems like you're trading one caveat for another, which is trusting that the user will always put sensitive data in the container. Also, this does nothing to protect the OS being compromised with key loggers, which may take less time than Evil Maid and still provide the encryption key. I'm sure it could be emailed in the background as well so the attacker who already copied the container will not need to come back for the either. You could add the ATA password as a second layer. On my Latitude, the password is prompted even when resuming. I have seen this configurable on other notebooks. They can't install a boot loader if they can't access the drive. This is assuming they are trying to be covert about it all. Resetting the ATA password would be fairly noticeable. I'm not aware of any method to bypass it. -- Mike Gill -Original Message- From: Peter van Houten [mailto:peter...@gmail.com] Sent: Thursday, May 27, 2010 8:48 AM To: NT System Admin Issues Subject: Re: laptop encryption I am a TrueCrypt fan with one caveat; we never use full-disk encryption for our clients but rather create an encrypted file container which, when mounted as a separate drive, becomes the repository for all data, including but not limited to Outlook PSTs or Thunderbird profile and mail files, Firefox profile cache, mobile phone sync data and all documents. Still working on moving Skype and other IM data on to the encrypted drive and using an on-screen keyboard program to enter the encrypted drive's password to try to defeat key loggers. Besides the vulnerability of full-disk encryption to monitors such as Evil Maid, I have seen fully-encrypted disks presented to Windows, to which the response is Format Drive XX?. Too risky if laptop is abroad and needs to be attended to by an ignorant technician. -- Peter van Houten ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: laptop encryption
The OP was asking about an add-on product for laptops that didn't have Bitlocker and the Evil Maid type attack was specifically targeting TrueCrypt whole-disk encryption as I remember. YMMV with other encrypting disk systems. It is also difficult to cover user's foibles completely but I've found that locking the desktop to write access, setting the My Documents path to the encrypted container and a good dose of education go a long way. I've just had too many whole-encrypted disks (mainly flash drives, mind) come back with the user saying When I plugged it in, Windows formatted it...). With whole-disk encryption, TrueCrypt writes the encryption loader into the same place as everyone else, sectors 2 - 63 on cylinder 0, which obviously makes it non-standard and with laptops having to be repaired by foreign hands, I prefer the encrypted container approach I don't even bother with complex XP login passwords; simply the same as the username. Far too simple to bypass. I do insist that the encryption password be severely complex and as it is the only password they need remember, it hasn't hasn't proved to be a problem. -- Peter van Houten On the 27 May, 2010 19:26, Mike Gill wrote the following: IT seems like you're trading one caveat for another, which is trusting that the user will always put sensitive data in the container. Also, this does nothing to protect the OS being compromised with key loggers, which may take less time than Evil Maid and still provide the encryption key. I'm sure it could be emailed in the background as well so the attacker who already copied the container will not need to come back for the either. You could add the ATA password as a second layer. On my Latitude, the password is prompted even when resuming. I have seen this configurable on other notebooks. They can't install a boot loader if they can't access the drive. This is assuming they are trying to be covert about it all. Resetting the ATA password would be fairly noticeable. I'm not aware of any method to bypass it. -- Mike Gill -Original Message- From: Peter van Houten [mailto:peter...@gmail.com] Sent: Thursday, May 27, 2010 8:48 AM To: NT System Admin Issues Subject: Re: laptop encryption I am a TrueCrypt fan with one caveat; we never use full-disk encryption for our clients but rather create an encrypted file container which, when mounted as a separate drive, becomes the repository for all data, including but not limited to Outlook PSTs or Thunderbird profile and mail files, Firefox profile cache, mobile phone sync data and all documents. Still working on moving Skype and other IM data on to the encrypted drive and using an on-screen keyboard program to enter the encrypted drive's password to try to defeat key loggers. Besides the vulnerability of full-disk encryption to monitors such as Evil Maid, I have seen fully-encrypted disks presented to Windows, to which the response is Format Drive XX?. Too risky if laptop is abroad and needs to be attended to by an ignorant technician. -- Peter van Houten ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: laptop encryption
Google.com Learn it. Live it. Love it. On Thu, May 27, 2010 at 08:53, David Lum david@nwea.org wrote: How many laptops and how many locations? Many remote users? How does it work when a user forgets their password? Dave about 30 laptops, one location, although people bound around the region quite a bit, we use truecrypt Full disk encryption, and the password ah yes... that's why we have the rescue disk, all the ISO's are saved, and I burn them as needed (not often). never had a user forget. we use a passphrase. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: laptop encryption
Yeah you can get away with it in that kind of environment, we (briefly) looked at it and it wouldn't be manageable for us. 450 users, 25+ travel almost constantly, 3 offices in 3 states... For small shops Truecrypt is likely perfect. Dave -Original Message- From: S Powell [mailto:powe...@gmail.com] Sent: Thursday, May 27, 2010 11:06 AM To: NT System Admin Issues Subject: Re: laptop encryption Google.com Learn it. Live it. Love it. On Thu, May 27, 2010 at 08:53, David Lum david@nwea.org wrote: How many laptops and how many locations? Many remote users? How does it work when a user forgets their password? Dave about 30 laptops, one location, although people bound around the region quite a bit, we use truecrypt Full disk encryption, and the password ah yes... that's why we have the rescue disk, all the ISO's are saved, and I burn them as needed (not often). never had a user forget. we use a passphrase. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: laptop encryption
Encryption has no bearing on whether a keylogger is installed on a sytem protected by whole disk encryption. WDE encrypts the disk while it is at rest. A keylogger can be installed on WDE protected drive as easily as one that is not. I agree with your assertion, that leaving part of the disk unencrypted requires a bit of trust on the part of the user, and is not easily verifiable whether the user is doing the right thing with data On Thu, May 27, 2010 at 1:26 PM, Mike Gill lis...@canbyfoursquare.comwrote: IT seems like you're trading one caveat for another, which is trusting that the user will always put sensitive data in the container. Also, this does nothing to protect the OS being compromised with key loggers, which may take less time than Evil Maid and still provide the encryption key. I'm sure it could be emailed in the background as well so the attacker who already copied the container will not need to come back for the either. You could add the ATA password as a second layer. On my Latitude, the password is prompted even when resuming. I have seen this configurable on other notebooks. They can't install a boot loader if they can't access the drive. This is assuming they are trying to be covert about it all. Resetting the ATA password would be fairly noticeable. I'm not aware of any method to bypass it. -- Mike Gill -Original Message- From: Peter van Houten [mailto:peter...@gmail.com] Sent: Thursday, May 27, 2010 8:48 AM To: NT System Admin Issues Subject: Re: laptop encryption I am a TrueCrypt fan with one caveat; we never use full-disk encryption for our clients but rather create an encrypted file container which, when mounted as a separate drive, becomes the repository for all data, including but not limited to Outlook PSTs or Thunderbird profile and mail files, Firefox profile cache, mobile phone sync data and all documents. Still working on moving Skype and other IM data on to the encrypted drive and using an on-screen keyboard program to enter the encrypted drive's password to try to defeat key loggers. Besides the vulnerability of full-disk encryption to monitors such as Evil Maid, I have seen fully-encrypted disks presented to Windows, to which the response is Format Drive XX?. Too risky if laptop is abroad and needs to be attended to by an ignorant technician. -- Peter van Houten ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: laptop encryption
On 27 May 2010 at 10:00, Bill Lambert wrote: TrueCrypt...free. http://www.truecrypt.org/ +5 Latest version even supports OS X 10.6. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: laptop encryption
Not the answer you're looking for, but what about a different thought? Don't keep anything of value on a laptop. Only run laptops client/server (VPN or TS or whatever). Alex From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 10:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: laptop encryption
I don't swing that large a stick here... On Thu, May 27, 2010 at 3:39 PM, Alex Eckelberry al...@sunbelt-software.com wrote: Not the answer you’re looking for, but what about a different thought? Don’t keep anything of value on a laptop. Only run laptops client/server (VPN or TS or whatever). Alex *From:* Jeff Brown [mailto:2jbr...@gmail.com] *Sent:* Thursday, May 27, 2010 10:58 AM *To:* NT System Admin Issues *Subject:* laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: laptop encryption
Plus, regardless of what I tell people to do/don't do, some are still going to do whatever they want, either on purpose or in ignorance and I don't think I can take that position and feel good about being in compliance... was the missing data encrypted? NO. was there phi on it? I don't know would have to be the honest answer. I don't think there wasn't supposed to be works. On Thu, May 27, 2010 at 3:43 PM, Jeff Brown 2jbr...@gmail.com wrote: I don't swing that large a stick here... On Thu, May 27, 2010 at 3:39 PM, Alex Eckelberry al...@sunbelt-software.com wrote: Not the answer you’re looking for, but what about a different thought? Don’t keep anything of value on a laptop. Only run laptops client/server (VPN or TS or whatever). Alex *From:* Jeff Brown [mailto:2jbr...@gmail.com] *Sent:* Thursday, May 27, 2010 10:58 AM *To:* NT System Admin Issues *Subject:* laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: laptop encryption
+100 That's what I've been doing for several years. I let the servers do the heavy lifting and keep most of my files on tha SAN. In fact, I use a Thin Client running Windows CE on my desk for the majority of my computing needs. It proves a point that I can use the same computing resources as what I provide to my end users from just about anywhere in the world and still get my job done. Yes, there are exceptions, but not many, and most of those are specific to my job. I reserve my laptop for more resource intensive apps (like pac-man and pong). Sorry couldn't resist given the threads this week and last. Cheers! Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA www.eaglemds.comhttp://www.eaglemds.com/ jra...@eaglemds.commailto:jra...@eaglemds.com From: Alex Eckelberry [al...@sunbelt-software.com] Sent: Thursday, May 27, 2010 4:39 PM To: NT System Admin Issues Subject: RE: laptop encryption Not the answer you’re looking for, but what about a different thought? Don’t keep anything of value on a laptop. Only run laptops client/server (VPN or TS or whatever). Alex From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 10:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: laptop encryption
What about looking at Intels' VPro technology on newer laptops. I believe two benefits are out of band management, hardware based encryption, and ability to remove encryption keys from drives if lost or stolen based on policies and checking in with a management server. I heard about it last week and it seems very intriguing. Regards, Paul Paul Muhlbach, A+, CNA, MCSE, MCT APM Computer Services Camrose, AB Phone 403-894-5802 email: pmuhl...@apmcomp.com On 5/27/2010 at 2:39 PM, Alex Eckelberry al...@sunbelt-software.com wrote: Not the answer you’re looking for, but what about a different thought? Don’t keep anything of value on a laptop. Only run laptops client/server (VPN or TS or whatever). Alex From:Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 10:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: laptop encryption
I agree that is the way to do things, but disk encryption for our environment has very little to do with me, lots to do with clinical staff in the field. On Thu, May 27, 2010 at 4:02 PM, Raper, Jonathan - Eagle jra...@eaglemds.com wrote: +100 That's what I've been doing for several years. I let the servers do the heavy lifting and keep most of my files on tha SAN. In fact, I use a Thin Client running Windows CE on my desk for the majority of my computing needs. It proves a point that I can use the same computing resources as what I provide to my end users from just about anywhere in the world and still get my job done. Yes, there are exceptions, but not many, and most of those are specific to my job. I reserve my laptop for more resource intensive apps (like pac-man and pong). Sorry couldn't resist given the threads this week and last. Cheers! Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA www.eaglemds.comhttp://www.eaglemds.com/ jra...@eaglemds.commailto:jra...@eaglemds.com From: Alex Eckelberry [al...@sunbelt-software.com] Sent: Thursday, May 27, 2010 4:39 PM To: NT System Admin Issues Subject: RE: laptop encryption Not the answer you’re looking for, but what about a different thought? Don’t keep anything of value on a laptop. Only run laptops client/server (VPN or TS or whatever). Alex From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Thursday, May 27, 2010 10:58 AM To: NT System Admin Issues Subject: laptop encryption There was a post last week about HIPAA compliance and a small part of that discussion there were a couple of encryption programs mentioned. I have bitlocker running on the OS's that happen to come with it, and need something for those that don't. Might consider OS upgrade if the encryption piece is too costly. anyone using something they LOVE? any chance there is a program that will report encryption status back to a management station? tiafah. Jeff Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~