1 / 13

Encryption

Encryption. Jack Roberts, PPD, RAL, STFC. Why?. Government reaction to high profile data losses. STFC General Notices 30 th January, 1 st February 2008.

eunice
Download Presentation

Encryption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Encryption Jack Roberts, PPD, RAL, STFC

  2. Why? • Government reaction to high profile data losses. • STFC General Notices 30th January, 1st February 2008. “staff are hereby instructed that no unencrypted laptops or drives containing personal data should be taken off STFC sites” (30th January)

  3. What is “Personal Data”? “A. Any information that links one or more identifiable living person with private information about them.” “B. Any source of information about 1,000 identifiable individuals or more, other that information sourced from the public domain.” “Consequently, all laptops and PDAs need to be encrypted before they can be taken off site.” (1st February)

  4. What Product? • CRITERIA • CESG approved • FIPS-140 • Full Disk encryption • Need to be able to manage centrally • Transparent to the user • BUT • No Mac solution • Only limited Linux support • No dual boot solution • Products used in STFC • BeCrypt • Pointsec for PC • Pointsec Mobile Red Hat SuSE 9.x RHEL 4 NLD

  5. BeCrypt Pointsec Mobile • Quick fix • ~5 installations in PPD/~100 in STFC • No installation problems • No central management console. • Slightly more expensive than Pointsec for PC • For PDAs • Not yet used in PPD • Tested on a few PDAs in STFC, only 1 successful install. • Newer version being tested.

  6. Pointsec for PC(now renamed as Check Point Full Disk Encryption?)

  7. Installation • Method • Initial preparation. • Installed like a normal application. • Typically takes around 4 hours. • Problems • Has refused to install on one or two laptops. • Not compatible with 64-bit Vista.

  8. How Does It Work? BIOS Pointsec Authentication Screen OS Loads Log in to OS User Account User works as normal Single Sign On (SSO) Enters user’s OS account details automatically.

  9. Recovery • Management Console • Central store of recovery files. • Unlocking user accounts/changing passwords remotely • Decryption

  10. License Key bug • Temporary license key expired 21st March (Good Friday......). • Mad rush on Tuesday 25th to distribute new license key to make sure laptops don’t decrypt. • Some laptops with the new key start decrypting – eek! • Why? License key checks at logon that it can contact an IP address, i.e. No Network Connection = Invalid license = Laptop Decrypts.

  11. Current Status • In PPD: • ~95% Windows Laptops encrypted • ~75% of all Laptops encrypted. • 0 laptops corrupted. • In STFC: • 724 laptops encrypted (6th June). • Maybe one or two laptops corrupted.

  12. For the future... • Hope to be able to perform a risk assessment within the organisation. • Hopeful that a Mac solution will soon be available. • Start encrypting PDAs.

  13. Any Questions?

More Related