• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] Army to Encrypt Computers
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] Army to Encrypt Computers

  • Subject: Re: [Fed-Talk] Army to Encrypt Computers
  • From: Amanda Walker <email@hidden>
  • Date: Mon, 28 Aug 2006 12:40:04 -0400
On Aug 28, 2006, at 9:40 AM, Timothy J. Miller wrote:
Amanda Walker wrote:
If a machine is lost or stolen, we'd really like it to be *only* an inventory problem, not an information or operational security problem.

You'll have to take all the inventory stickers off, then. Now it really is an inventory problem. :)

Heh. What I was getting at was that there is nothing visible to a thief or adversary from which they could deduce the ownership or purpose of the machine. Just a barcode label with a number, no organization name. Ideally, the disk itself, in the hands of a thief or adversary, would be just the hardware, with no usable information stored on it. Not just no PowerPoint files, but no VPN or LAN settings, no indication of what authentication mechanisms we use, no system logs showing server mounts/unmounts, etc.

That's ideally. Right now, we put up with FileVault because it solves the biggest problem, but there are risks that whole disk encryption would mitigate (as it does on PCs, despite my distates for Windows).

Can you say for certain that the incidence of theft is greater than the incidence of failure?

We've had laptops stolen. We have not, to my knowledge, had whole disk encryption fail in a way that caused data to be lost (though drives fail from mechanical failure left and right). The cost is different: drive failure does not result in accidental disclosure. We'd like the cost of theft or unauthorized physical access to be similar to that of drive failure.

Though to be fair, I suspect that human error is our largest cause of accidental disclosure. No infosec feature or product can solve the "I forgot to sanitize my PowerPoint presentation before putting it on the web" problem...

Unfortunately, for the private sector there seems to be no third party smart card or token system available that provides similar capabilities to a CAC. CRYPTOCard comes closest, but doesn't live up to all of its marketing claims.

A CAC is really just a JCOP card with a special applets. You can buy these anywhere, and ActivIdentity would be more than happy to supply their applet, which is all you need. 

Thanks for the pointer; I'll take a look.


Amanda Walker

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >[Fed-Talk] Army to Encrypt Computers (From: "Jim Emmons" <email@hidden>)


 >Re: [Fed-Talk] Army to Encrypt Computers (From: Amanda Walker <email@hidden>)


 >Re: [Fed-Talk] Army to Encrypt Computers (From: "Wm. Cerniuk" <email@hidden>)


 >Re: [Fed-Talk] Army to Encrypt Computers (From: Amanda Walker <email@hidden>)


 >Re: [Fed-Talk] Army to Encrypt Computers (From: "Timothy J. Miller" <email@hidden>)






    

  • Prev by Date:
RE: [Fed-Talk] 35 Day Time Lapse video

    • 

  • Next by Date:
[Fed-Talk] Snapz Pro updated for Intel

    • 

  • Previous by thread:
Re: [Fed-Talk] Army to Encrypt Computers

    • 

  • Next by thread:
RE: [Fed-Talk] Army to Encrypt Computers

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •