Lessons learned during sandia s encryption implementation
Download
1 / 9

- PowerPoint PPT Presentation


  • 62 Views
  • Uploaded on

Lessons learned during Sandia’s encryption implementation. NLIT 2009 May 2008 Sam Jones Matt Snitchler Desktop Technology Development.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '' - garrison-baxter


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Lessons learned during sandia s encryption implementation

Lessons learned during Sandia’s encryption implementation

NLIT 2009

May 2008

Sam Jones

Matt Snitchler

Desktop Technology Development

Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company,for the United States Department of Energy’s National Nuclear Security Administration under contract DE-AC04-94AL85000.


Objective
Objective

  • Protect sensitive data on all mobile devices

  • Meet NAP 14-2-C Cyber Security Requirement


Windows solution
Windows Solution

  • Credant Mobile Guardian

  • FIPS 140-2 Certified

  • Enterprise key management

  • Reporting capability

  • Supports removable media

  • Not a silver bullet


Mac solution
Mac Solution

  • FileVault

  • Credant Mac Client (Beta)

    • Managed by console

    • Does not support Windows Credant EMS

  • WinMagic

  • Removable media support not integrated


Linux solutions
Linux Solutions

  • GnuPG

  • RHEL 5.3

    • Linux Unified Key Setup (LUKS)

  • Does not support Windows Credant EMS

  • Dual Boot problems

  • Removable media support not integrated

  • Hardware based FDE software support immature


Encryption hurts
Encryption hurts

  • Long encryption times

  • I/O intensive applications affected

  • Flash drives cumbersome

  • Large USB drives experience initial long encryption time

  • System recovery more complex


Hardware fde
Hardware FDE

  • Works well with I/O intensive applications

  • No initial encryption hit

  • Does not work with all hardware vendors

    • Dell, HP, Lenovo

  • Enterprise management solutions immature

    • Key management

    • Reporting

    • Wave, Secude, WinMagic

  • Technically not FIPS 140-2

  • Hardware FDE option on Preferred System List


Hardware encrypted flash
Hardware encrypted flash

  • IronKey

    • Multi platform

      • Windows, Linux, Mac (Beta)

    • FIPS 140 certified

    • Expensive

    • Enterprise management solutions immature

      • Key management

      • Reporting

  • Does not work well with Credant EMS


Questions
Questions

  • ?

  • sejones@sandia.gov

  • 505 845-8643

  • mdsnitc@sandia.gov

  • 505 844-7790