|
Posted by Gary S. Terhune on November 9, 2006, 10:45 am
If you were Registered and logged in, you could reply and use other advanced thread options
> much like a big-daddy legal system
> that attempts to protect its citizens with ever pickier, less-generalized,
> rules and regulations.
>
Love that line! Gonna steal it, <g>.
--
Gary S. Terhune
MS-MVP Shell/User
http://grystmill.org/articles/cleanboot.htm
http://grystmill.org/articles/security.htm
|
|
Posted by Roger Abell [MVP] on November 10, 2006, 2:21 am
If you were Registered and logged in, you could reply and use other advanced thread options
>
>> much like a big-daddy legal system
>> that attempts to protect its citizens with ever pickier,
>> less-generalized,
>> rules and regulations.
>>
>
> Love that line! Gonna steal it, <g>.
>
Perhaps I just need become more rural once again :-)
Roger
|
|
Posted by Roger Abell [MVP] on November 8, 2006, 11:55 pm
If you were Registered and logged in, you could reply and use other advanced thread options
the more immediate issue. If laptops with sensitive information in
the clear are off-site, out of physical control, then something is wrong
with the policies that are in place to control sensitive data.
If you solve that one, so that such as a stole laptop is not so tramatic,
then wireless use would also become less of a concern (depending on
if sensitive data is still allowed then how it is secured, that is, would
a keylogger be sufficient to subvert the protections?)
>I am trying to weigh the pros and cons of allowing a set of users in my
>enviroment to use public wireless (hotel etc). These users are s specific
>group (politicians). They are travelling to hotels with their laptops.
>The laptops could contain sensitive data and do not currently have any form
>of encryption etc. Does anyone have any recommendations on where to start
>or what to implement before allowing wireless?
>
|
|
Posted by S. Pidgorny on November 9, 2006, 2:53 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Forget the use of wireless question, at least until you have resolved
> the more immediate issue. If laptops with sensitive information in
> the clear are off-site, out of physical control, then something is wrong
> with the policies that are in place to control sensitive data.
In practical terms, full laptop encryption is required. Politicians, execs,
consultants - nowadays many lost laptop incidents go public, and sometimes
documents pop up in press (hapened recently in Australia).
Vista is RTM today. Use Bitlocker. Or any of the 3rd-party products.
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
|
|
Posted by Roger Abell [MVP] on November 9, 2006, 10:08 am
If you were Registered and logged in, you could reply and use other advanced thread options
I agree entirely that full-disk encryption is a great solution to
the stolen mobile device problem, assuming valid, unbreakable
encryption. However, this does nothing for the scenario:
"sensitive data, in clear available within login to running system,
and running system compromised and network active"
It seems the only valid approaches encompass:
1. do not allow sensitive data on the devices (not realistic?)
2. do not allow compromise (note: this is also in the flavor
of compromise of the user account, either its credentials
compromised or a user-level malware compromise)
This one is much more simply claimed than it is done
(as it includes user behavior, not just maintaining health
and protection of system/application binaries)
3. do not allow connectivity (again, not realistic)
Perhaps only some combination of active health maintanance
softwares, digital rights management control of the sensitive
data with required two-factor authN, and user "training" (that
both Steve and yourself noted as not likely possible for this
specific user set) is available today to address the scenario.
Roger
> G'day:
>
>> Forget the use of wireless question, at least until you have resolved
>> the more immediate issue. If laptops with sensitive information in
>> the clear are off-site, out of physical control, then something is wrong
>> with the policies that are in place to control sensitive data.
>
> In practical terms, full laptop encryption is required. Politicians,
> execs, consultants - nowadays many lost laptop incidents go public, and
> sometimes documents pop up in press (hapened recently in Australia).
>
> Vista is RTM today. Use Bitlocker. Or any of the 3rd-party products.
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
>
|
| Similar Threads | Posted | | Microsoft 'recommendation' for virus protection | January 19, 2006, 11:47 am |
| Does anyone have a good recommendation for a legitimate/safe tool that monitors changes to the registry? | April 5, 2007, 10:16 am |
| RE: General PKI Question | July 8, 2005, 9:07 am |
| General VPN question | January 5, 2006, 4:35 am |
| General EFS Question | November 17, 2006, 10:16 am |
| IE6 and OE6 security in general | March 7, 2007, 4:16 pm |
| General Recommendations | April 25, 2007, 11:47 am |
| AVG 7/8 - general story | April 24, 2008, 12:21 pm |
| General Network Security question | October 19, 2005, 4:19 am |
| Network security general discussion | April 18, 2008, 12:24 pm |
|
XML site map