Domain: pointsec.com
Stories and comments across the archive that link to pointsec.com.
Comments · 7
-
Have you considered Pointsec on Linux?
They have a Linux version. Then your virtualized Windows image will also be encrypted. BTW, for virtualizing Windows, I'd recommend you get a copy of VMWare, rather than using Xen. The open source virtualization tools are coming along, but at this point in time VMWare will perform much better.
-
Good NewsThe good news about this case is that it will set the trend and soon a proper FDE will become mainstream.
Common current OS:s (Windows, Linux, OS-X) std out of the box disk encryption solutions are still more addhoc than anything else compared to a feature-rich manageable solutions that don't let you down not even the most worst situations, install/removal (encryption, decrypting) is transparent background job that won't even bother if you shut down the system and reboot later -- it will just continue where it was etc, hierarcial management of keys and other credentials, removable media automatic encryption and sharing between same organization. Lot's of very useful features even for the home user once you know those are available for you
.
There are good solutions, like pointsec.com have, but I just wish I didn't have to pay exra for personal use and that all common OS:ses (mentioned above) would be supported, currently OS X isn't by pointsec.
Cheers.
-
Re:It should be done.We use Pointsec. That certainly works on Windows NT & XP, I'd be surprised if it didn't work for 2000 too.
Works pretty well, there's even a method of unlocking if you forget/lose the password to get into the box.
-
What's not to like?
Full disk encryption (FDE) is simple, is easy to use, is readily available, imposes negligible user-visible performance penalties on Windows laptops, and is completely effective in solving "theft of laptop" problems. Not using it should be automatic evidence of gross negligence.
I've deployed both PointSec and DriveCrypt Plus Pack for over five years on a large number of machines, and even for heavy-duty software development, where "rebuild world" takes many minutes, the actual impact--in terms of effect on end-user activities--is negligible.
Sure, if you imagine performance is an issue, you can try any of the vastly more difficult to manage solutions that try to "encrypt only sensitive data", or the even sillier solutions that "delete sensitive data" when the laptop connects to the Internet after it's stolen, but why bother? Try it yourself, and you'll find that performance is NOT an issue in the vast majority of real-world situations. As long as you don't use FDE on heavy-duty I/O-bound database servers and such, you'll rarely notice a difference. Modern computers are so fast that encryption just isn't an issue.
Yes, key management requires some attention. For example, as system administrator, you can just generate some reasonably long passphrases, write them on little cards, and give them to your users to carry in their wallets--and explain the rules. Don't allow users to change them, and keep a copy along with other critical corporate records, and key management is a solved problem. Worried about users losing wallet and laptop simultaneously? Take the cards back after a week, and obfuscate their contents to begin with. Worried about backup? Keep two copies. And so forth. Sure, it could be stronger, and some users will always work around the system, but users will lie, cheat, and steal in other ways, too. In the corporate world, at least, your goal is risk management, not perfection.
Too hard to type a password when you boot the machine? Gosh, fifteen characters at one character per second is, yes, fifteen whole seconds--and anyone will learn to type it more quickly over even a short period of use. Don't change the passwords, either: they're not shared, and not transmitted over networks, so there's virtually no risk of interception--just pick a good one and stay with it.
Backup and recovery also requires some thought. I've actually recovered encrypted drives occasionally, but most recovery is done from file-level backups, where the data is backed up in the clear, over a secured network, and stored on other encrypted volumes. That's really no different when using FDE as not.
If computer theft is the problem, full disk encryption is the answer. It's not the whole answer, and it's not perfect, but it sure goes a long way toward solving the problem. Heck, even Microsoft is offering it in Windows Vista, only a decade or so too late.
-
Re:Security vs Convenience
How about a combination of:
-- RSA secure ID /one-time number generator
-- Pointsec
for laptops or certain mobile devices. If Pointsec or similar products don't/didn't cost a ton in licensing, then even sensitive desktops' hard drives could be encrypted and protected to prevent sleuths from easily accessing the content on the hardware (tho, MITM/packet sniffing might work until detected, monitored and the unauthorized perps apprehended...)
I've worked at a couple places where Pointsec was the preference. See:
Pointsec for Removable Media
http://www.eurokom.ie/servMainSite?inner=pointsec4 media
Pointsec Unveils New Version Of Encryption Software For Linux
http://www.managinginformation.com/news/content_sh ow_full.php?id=5153
(This answers a question which only a few days ago popped into my head...)
"The numbers don't lie - 60% of information theft results from lost or stolen equipment; only 25% from network intrusion. In short, every laptop, PC, PDA or smart phone is a potential weak point - unless you have Pointsec encryption software"
http://www.pointsec.com/ -
Re:I work for a bank and...There's lots of different products on the market and I'm not going to reveal which product we use, as that may be construed as giving out proprietary information. No, we didn't develop the product in-house, it's commercial, and I'm sure we pay out the butt for it.
Thus, it's something like Pointsec; http://www.pointsec.com/. That's what they use on all laptops where I work. This is not an endorsement, by the way; I never used it.
-
Re:TrueCrypt
try http://www.pointsec.com/. it's not biometrics, it's a username/password, but it encrypts the whole drive in 256 DES. works great, we have it on thousands of machines at work. it'll slow down a borderline-spec laptop though.
it gives a logon prompt before windows boots, and supports single-sign on, too, so it can log you into your domain as well.