1. Data Encryption Overview South Seas Corporation Jared Owensby

2. Important Points  Full Disk Encryption  Typically sector by sector: OS is also encrypted; the entire drive is encrypted including the empty space on the HDD. One-time initial encryption only.  Selective Encryption  Only certain parts of the OS and the information on the HDD.  File/Folder Based Encryption  Each file by itself, and each file as you add or create them.  Encryption of the SAM File  If the SAM file is not encrypted there is a possibility of compromising windows passwords, which also may be used for encryption authentication.  Encryption of Hibernation Files  The risk is very small, but it is possible to extract hibernation files from a drive that has been lost or stolen. These should also be encrypted.  Multi OS support  Linux and Macintosh have become larger players over the years. Your security shouldn’t be limited because of the OS you chose.

3. Considerations  Dual Boot support  Dual boot machines are very handy when you have them, and they should also be entitled to the same protection that a single OS machine has  Pre-Boot Authentication (PBA)  Login screen prior to the OS booting, usually made to be very resistant against brute force attacks  Windows Authentication  Allowing the Windows GINA to handle the authentication procedures  Two Factor Authentication  Tokens such as Aladdin eToken pro 32k or RSA (PKCS or PKI)  Biometrics*  Bio-Password*  Single Sign On (Limited to Windows login/authentication)  Multiple options to achieve a single sign on to the desktop: *Cached Credentials, not typically considered to be true two-factor authentication

4. Common Encryption Software  FileVault  PGP  Pointsec  TruCrypt (open source)  Utimaco  WinMagic

5. Gartner Magic Quadrant (1H06)

6. Utimaco  SafeGuard Easy (In bundle)  Full disk encryption, AES as well as others  Private Disk (In bundle)  Secure volumes  Private Crypto (In bundle)  Files and Folders  Removable Media (Added to bundle)  Flash memory, CD/DVD, External HDD  SafeGuard Advanced Security (In bundle)  Single Sign on enhancements, granular control over ports  LanCrypt (In bundle)  Network Shares  SafeGuard PDA (In bundle)  PDA’s  SafeGuard Enterprise (Migration option, in bundle)  Email Gateway (Optional purchase, State Pricing)  Hardware Security Module (Optional purchase, State Pricing)

7. Pointsec  Pointsec*  Full Disk encryption  AES, 3DES, Blowfish, CAST  Boot Protection  Client Machines  Port Protection*  Granular Protection from unauthorized USB devices  Removable media encryption *May require separate purchase

8. PGP  Full Disk Encryption*  AES, 3DES  Boot Sectors  Removable Media Protection*  File Based Encryption*  Network Shares*  IM Services*  Secure Transfer and Backup Services* *May require separate purchase

9. Win Magic  Enterprise Solution  Pre Boot Authentication (Required)  Must use a SQL Server for Central Management  Active Directory  Client is to be pushed out over the network  AES  File, Folder, and Secure Volume Encryption

10. True Crypt  Open Source  Secure volumes  Portable devices are supported  Uses AES as well as others  Can combine Algorithms, unique to TC  Can do an entire device, but it will format the device first  Cannot encrypt existing data, but data can be put into secure volumes

11. File Vault  Comes with Mac OS (Free)  Mac Only (Not Windows)  AES128  Secures the Home Directory  Secure Volume  Company wide master password  Very specific use

12. Project Planning/Lessons Learned  Include Everyone!  Communication is paramount.  Network/Server, IT Security, Management, Training Department, Helpdesk, etc.  Written Security Policy & Procedures.  Know your environment.  Determine what you are going to encrypt.  Laptop, Desktop, PDA, Files, Email, Removable media.  Phased Approach. (Lab Test, Pilot Group, Push)  Don’t try to “Fix” encryption software issues without help!  Plan Ahead!!!!

13. Best Practices  Back up your data, before deployment!!!  Turn off Anti Virus, or any other MBR monitoring software.  Turn off any software that monitors sector based write access.  Install software and then turn on encryption in a second step.  Do not lose master passwords!!!  Write them down.  Keep in a safe place.

14. Questions?????