Powerpoint Available


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Why is it important? Laptops are hot target for theft; same thing that makes them convenient (mobility) makes them easy to steal Have replaced desktops as people’s primary workstation, so hold or access lots of data Identity theft or financial fraud a thriving, growing “business” – criminals are searching the Internet for PII It’s now considered best practice to encrypt laptops. At $32 per license, is no excuse not to.
  • Thefts: Faculty laptop with PII Haymaker thefts (caught him!) Look at the police blotter in the Mercury
  • Advanced Encryption Standard w/ 256 bit keys
  • Powerpoint Available

    1. 1. Laptop/Desktop Encryption with PGP Whole Disk Encryption Harvard Townsend Chief Info Security Officer Kansas State University [email_address] December 12, 2008
    2. 2. Agenda <ul><li>Why is encryption important? </li></ul><ul><li>Why now at K-State? </li></ul><ul><li>Encryption terminology </li></ul><ul><li>Why PGP rather than freeware? </li></ul><ul><li>Which computers should be encrypted? </li></ul><ul><li>Overview of PGP deployment plan </li></ul><ul><li>Overview of PGP Whole Disk Encryption product </li></ul><ul><li>Product demo </li></ul>
    3. 3.
    4. 4. Why Now at K-State? <ul><li>Thefts are happening at K-State </li></ul><ul><ul><li>16,000 laptops lost or stolen per week in U.S. and European airports! </li></ul></ul><ul><li>State law requiring notification if Personal Identity Information (PII) breached </li></ul><ul><ul><li>Three notification incidents, several scares </li></ul></ul><ul><ul><li>Don’t have to notify in encrypted </li></ul></ul><ul><li>New data classification policy mandates it for confidential data </li></ul><ul><li>Encryption products mature, affordable </li></ul>
    5. 5. Terminology <ul><li>Encryption - process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. </li></ul><ul><li>Decryption – transforming the information back into a readable format </li></ul>
    6. 6. Terminology <ul><li>Encryption key – the secret code used to encrypt and/or decrypt information; you’re in big trouble if you lose/forget this… unless you have a key recovery system </li></ul><ul><li>Whole disk encryption (WDE) – all data on the drive is encrypted, including the operating system; master boot record often unencrypted; aka “full disk encryption”; are hardware WDE solutions </li></ul>
    7. 7. Terminology <ul><li>Volume or file/folder encryption – information in a specific file, folder, or volume is encrypted, not the entire disk. Usually the operating system volume is not encrypted. Leaves you vulnerable to temporary files, cache files, forgotten files </li></ul><ul><li>AES 256 - Advanced Encryption Standard w/ 256 bit keys; descriptive of the algorithm used to encrypt the data; the longer the key, the harder it is to crack </li></ul>
    8. 8. Why PGP Whole Disk Encryption? <ul><li>SIRT evaluation process selected PGP </li></ul><ul><ul><li>Met requirements </li></ul></ul><ul><ul><li>Supports Macs now </li></ul></ul><ul><ul><li>Attractive price </li></ul></ul><ul><ul><li>Superior management environment </li></ul></ul><ul><li>Need a managed product to ensure data can be recovered </li></ul><ul><li>TrueCrypt, which is free, can do whole disk encryption now but does not support centralized management of keys </li></ul>
    9. 9. What should be encrypted? <ul><li>Data classification security standards for confidential data: </li></ul><ul><li>“ Should not store on an individual’s workstation or mobile device (e.g., a laptop computer); if stored on a workstation or mobile device, must use whole-disk encryption ” </li></ul><ul><li>So this isn’t just about laptops – encrypting desktops important too </li></ul><ul><ul><li>Vulnerable to compromise </li></ul></ul><ul><ul><li>Can be stolen too </li></ul></ul>
    10. 10. What should be encrypted? <ul><li>Recommended for internal data too, like student grades </li></ul><ul><li>Confidential or internal data not always obvious – old files, temp files, browser cache, deleted file remnants </li></ul><ul><li>Considered best practice to encrypt all laptops </li></ul><ul><li>Those who travel a lot, especially out of the country, should use WDE (remember – 16,000 laptops per week lost or stolen in U.S. and European airports!) </li></ul>
    11. 11. PGP WDE deployment plan <ul><li>Purchase in process </li></ul><ul><ul><li>$32 instead of $38; invoice in January </li></ul></ul><ul><ul><li>Will accept more commitments until 5pm Dec. 19 </li></ul></ul><ul><ul><li>After that, normal higher ed price </li></ul></ul><ul><li>Developing web site with instructions, info </li></ul><ul><li>SIRT will develop a default recommended configuration </li></ul><ul><li>Distributed deployment, like Trend Micro </li></ul><ul><li>Licenses distributed by Josh McCune </li></ul>
    12. 12. PGP WDE deployment plan <ul><li>Central managed environment (“PGP Universal Server”) available </li></ul><ul><ul><li>Managed by Josh McCune </li></ul></ul><ul><ul><li>Free installation of laptop client by Tech Service Center in East Stadium (only for those using central service) </li></ul></ul><ul><ul><li>iTAC Help Desk for key/data recovery </li></ul></ul><ul><ul><li>Will announce it when available </li></ul></ul><ul><li>Departments, colleges can set up their own management environment </li></ul>
    13. 13. PGP WDE deployment plan <ul><li>Purchase includes two years basic support </li></ul><ul><ul><li>All product updates, patches </li></ul></ul><ul><ul><li>Mac version that supports Boot Camp on their product roadmap for summer 09 </li></ul></ul><ul><ul><li>Two phone contacts for University </li></ul></ul><ul><ul><ul><li>Josh McCune </li></ul></ul></ul><ul><ul><ul><li>iTAC Help Desk manager </li></ul></ul></ul><ul><ul><li>8-5 M-F phone support </li></ul></ul>
    14. 14. PGP WDE Overview <ul><li>Whole Disk Encryption for Windows and Macs </li></ul><ul><li>File/Folder encryption (works with USB flash drives) </li></ul><ul><ul><li>Must have PGP license wherever USB drive used </li></ul></ul><ul><li>File Shredder tool </li></ul><ul><li>PGP Zip archive tool </li></ul><ul><li>PGP Self-Decrypting archive tool </li></ul><ul><li>PGP Universal Server included </li></ul><ul><ul><li>Runs on Linux </li></ul></ul><ul><ul><li>Works well in a virtual server environment </li></ul></ul>
    15. 15. PGP for Macs <ul><li>Minimum requirements: </li></ul><ul><ul><li>Intel-based: Mac OS X 10.4.10 and later, system volumes only </li></ul></ul><ul><ul><li>PowerPC-based: Mac OS X 10.4.X and Mac OS X 10.5.X, non-system volumes only </li></ul></ul><ul><li>In other words, no whole disk encryption for Power PC-based Macs; will do file/folder-based </li></ul><ul><li>Does not support Boot Camp now; expected summer 2009 </li></ul><ul><li>Does support running Windows in a virtual machine with VMware Fusion or Parallels </li></ul>
    16. 16. PGP WDE Demo <ul><li>Windows client </li></ul><ul><li>Mac client </li></ul><ul><li>Management environment </li></ul>
    17. 17. What’s on your mind?
    18. 18. Requirements <ul><li>Full-disk encryption </li></ul><ul><ul><li>Pre-boot/Pre-OS encryption </li></ul></ul><ul><ul><li>File/folder encryption optional </li></ul></ul><ul><li>Strong encryption (AES 256) </li></ul><ul><li>Windows, Mac OS X support </li></ul><ul><li>Support centralized management (configuration, keys, data recovery) </li></ul><ul><li>Easy installation/uninstallation </li></ul><ul><li>Ease of use </li></ul><ul><li>Minimal performance impact </li></ul><ul><li>USB device support desirable </li></ul>