On Wed, September 20, 2006 2:59 pm, Brown, Sam wrote:
We're going to be deploying whole disk encryption to our laptops so I am
interested in hearing how others have distributed the software
encryption ID's and passwords to users. I'm concerned about a user
leaving the id and password on paper in or near the laptop.
Sam Brown
Depending on which app you're using for the disk encryption, you could
make the username and password match their domain (or local) login. Some
provide autologon as well following successful credential entry during the
boot process. This way, they've only got to remember one password.
Alternatively, you could consider using a shared, regularly changing
username/password pair. This of course depends on the level of security
you're after, but even with credentials that are common to the entire
company, you're still protected against the consequences of the vast
majority of laptop thefts. Unless it's a targeted attack against your
company or an employee, the thief would have to know that the credentials
are shared and would have to retrieve them from someone else. Passwords
could be changed every month, every theft incident, both, etc.
Neither of these are the most secure way of managing this, but they do
provide a reasonable balance (especially if your users tend to write
things down).
--
Nick Besant (lists@hwf.cc)
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
