[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 24/11/10 08:37, Henry Bremridge wrote: > > Or would they use opensource: Â60,000 would certainly for someone to > install opensource encryption tools in a business. I suspect it is more complex than meets the eye, cryptography usually is. To do it for Â60,000 for a county council you need free software that doesn't need a reinstall to encrypt as otherwise you are installing Windows (or whatever) on a few hundred laptops. Looking around I suspect only "TrueCrypt" (whose freedom is open to discussion but we'll ignore those issues) is likely to meet the requirement. Lots of Free Software tools out there, but most fall down badly on basic issues. On a sales pitch you are also up against Bitlocker which is included in recent Windows Enterprise versions. Also since users do forget their passwords no matter how keenly you tell them that they must not forget this one, you almost certainly need IT to keep a copy of the original cryptographic volume header for each device. Now every time IT touch a laptop without the owner they'll need to change the password, and get the user to reset it afterwards. Now is IT work all centralised - if so issue solved? Otherwise you end up with having too many folk who can unlock stuff. Been there with a similar proprietary product in a big organisation, after a few months everyone in PC support knew the master unlock code for that product because they needed to fix PCs, but off course they don't all stay in PC support or even in the organisation (unless you work at Hotel California). So now you may need to expire that information, or at least cycle the master password with time, depending on policy. Now data on the hard drive is reasonably secure against simple hardware theft, but you should probably train staff to understand that they should never use the laptop if its physical integrity or physical access has been compromised. Good luck teaching end users that for any amount of cash. In the pre-boot authentication, with non-administrator users, this does nothing for data on removable media without additional work..... > A county council that faxed ... No easy answer here..... people will always be able to send stuff to the wrong place. Unless there is full PKI in place, and even then you can still email it to the wrong person and the tools will carefully encrypt it so only the wrong person can read the email. I'd throw out the fax machines simply to encourage them to use email, and keep stuff electronic, but that is because I hate faxes, not because it will do anything for information security. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq