Presentation on theme: "Encryption Jack Roberts, PPD, RAL, STFC. Why? Government reaction to high profile data losses. STFC General Notices 30 th January, 1 st February 2008."— Presentation transcript:
Encryption Jack Roberts, PPD, RAL, STFC
Why? Government reaction to high profile data losses. STFC General Notices 30 th January, 1 st February staff are hereby instructed that no unencrypted laptops or drives containing personal data should be taken off STFC sites (30 th January)
What is Personal Data? A. Any information that links one or more identifiable living person with private information about them. B. Any source of information about 1,000 identifiable individuals or more, other that information sourced from the public domain. Consequently, all laptops and PDAs need to be encrypted before they can be taken off site. (1 st February)
What Product? CRITERIA CESG approved FIPS-140 Full Disk encryption Need to be able to manage centrally Transparent to the user BUT No Mac solution Only limited Linux support No dual boot solution Products used in STFC BeCrypt Pointsec for PC Pointsec Mobile Red Hat SuSE 9.x RHEL 4 NLD
BeCrypt Pointsec Mobile Quick fix ~5 installations in PPD/~100 in STFC No installation problems No central management console. Slightly more expensive than Pointsec for PC For PDAs Not yet used in PPD Tested on a few PDAs in STFC, only 1 successful install. Newer version being tested.
Pointsec for PC (now renamed as Check Point Full Disk Encryption?)
Installation Method Initial preparation. Installed like a normal application. Typically takes around 4 hours. Problems Has refused to install on one or two laptops. Not compatible with 64-bit Vista.
How Does It Work? BIOS Pointsec Authentication Screen OS Loads OS Loads User works as normal Log in to OS User Account Single Sign On (SSO) Enters users OS account details automatically.
Recovery Management Console Central store of recovery files. Unlocking user accounts/changing passwords remotely Decryption
License Key bug Temporary license key expired 21 st March (Good Friday......). Mad rush on Tuesday 25 th to distribute new license key to make sure laptops dont decrypt. Some laptops with the new key start decrypting – eek! Why? License key checks at logon that it can contact an IP address, i.e. No Network Connection = Invalid license = Laptop Decrypts.
Current Status In PPD: ~95% Windows Laptops encrypted ~75% of all Laptops encrypted. 0 laptops corrupted. In STFC: 724 laptops encrypted (6th June). Maybe one or two laptops corrupted.
For the future... Hope to be able to perform a risk assessment within the organisation. Hopeful that a Mac solution will soon be available. Start encrypting PDAs.