Re: [Fed-Talk] FileVault and Data Encryption Feedback
Re: [Fed-Talk] FileVault and Data Encryption Feedback
- Subject: Re: [Fed-Talk] FileVault and Data Encryption Feedback
- From: "Timothy J. Miller" <email@hidden>
- Date: Tue, 05 Sep 2006 08:56:10 -0500
Shawn Geddis wrote:
* Why do you feel that FileVault is not the answer at all ?
- FileVault encrypts the User's Whole Home Directory -- All of the
User's Data while at rest
Because that's not all the user's data, potentially. How about a MySQL
database stuffed in /var/db/?
* Apple has publicly stated that it is committed to completing the FIPS
140-2 Conformance Validation and has been under contract with a
certified lab for sometime now in an effort to complete that validation.
Yeah, but that was supposed to be completed when Tiger shipped. ;) And
have you started with Leopard yet?
Since on Mac OS X systems, the Standard user is very limited to where
they can store data on their machine (Home Directory, Group Shared
Folder, etc) FileVault is actually able to protect the important PII
that is the key reason for the OMB Guidelines to begin with.
Unless an application stores data elsewhere.
Those that are focusing on complete disk encryption are trying to
address the concerns of data being written all over the drive which
happens on Windows, but is not in accordance with the Permissions / ACLs
on Mac OS X.
Except for applications where it is, or when the user is a local admin. 8)
It would be great to have full disk encryption with two-factor
authentication (smart card, USB token, whatever), like can be done on
PCs...
Understood.
*Must* support CAC, CAC/PIV transitional, and PIV.
(I'll note that I've currently only seen *one* working PC product that
supports CAC with disk encryption, do don't feel bad. ;)
I've tried loading a MUSCLE applet onto a Java card, which works for
Windows and Linux boxes, but MacOS X apparently no longer supports
MUSCLE in Tiger and above. I'm currently playing with OpenSC, which
looks very promising, but haven't quite gotten it to work.
MUSCLE is a Framework and not an Applet.
Well, musclecard is a framework that *provides* an applet.
We also provided a Briefing on August 17 at the Apple Reston, VA
Briefing center on: "Meeting OMB Encryption Guidelines with Mac OS X
Today" which included Enterprise Management of FileVault.
This I would like to see. Link?
-- Tim
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden