On 1/22/07 13:42, "Christopher Fox" <email@hidden> wrote:
> There is always compromise between security and funcionality. Users want
> mobility; and it must be provided in as secure a manner as possible.
>
> Centrally managed whole disk encryption is certainly less of "a wing and a
> prayer" than hoping users will use encrypted disk images and not use trivial
> passwords.
you can't guarantee the quality of the passwords any better with whole disk
encryption. you can try, but realistically, that doesn't work real well. You
also can't guarantee they won't immediatley post-it note the password to the
laptop, nor can you guarantee they won't just put it on a USB key. You can't
guarantee much of anything with laptops really.
However, whole disk encrpytion is *a* solution, but hardly the best possible
solution unless you also mandate no human created or memorized passwords,
forced idle time lockouts of the disk, not just the screen saver, and a host
of other things.
Considering the continual vulnerability of Windows, yes, even Vista to
user-initiated stupidity without getting so draconian as to make the laptop
useless, ("No, you can't set up your own printers, sorry"), I'm amazed that
anyone worried about laptop security allows anyone to boot windows at all.
--
John C. Welch Writer/Analyst
Bynkii.com Mac and other opinions
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Client-management mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/client-management/email@hidden
This email sent to email@hidden
