+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 28 of 28
How do you do....it? Thread, Encryption of school data in Technical; Originally Posted by pooley We use truecrypt to encrypt all usb pens that are used within school. We are about ...
  1. #16
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,132
    Thank Post
    177
    Thanked 49 Times in 42 Posts
    Rep Power
    24
    Quote Originally Posted by pooley View Post
    We use truecrypt to encrypt all usb pens that are used within school. We are about to start encrypting laptops that will be used off site.
    How are schools choosing passwords when encrypting laptop hds? Is it all laptops use the same password or do you let the laptop owner choose their own password?

  2. #17

    Join Date
    Dec 2008
    Posts
    66
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    One problem I've found with TrueCrypt in within our particular setup appears to be related to roaming profiles.

    One feature of TC is the ability to set Favorites. This allows you to have TC try to mount favorite file containers. This means the user doesn't have to find the container/partition manually. This works fine except on our laptops when not connected to the domain. It appears that TC stores it's favorite information in Documents & Settings and cannot find the info it needs when offline. Since the main reason for using TC is to encrypt data being transported away from the network, this is pretty annoying.

    Has anyone else come across this and solved it?

  3. #18

    Join Date
    Dec 2008
    Posts
    66
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    As I understand it, the password relates to the volume header and you can make header backups. This means you can have more than one password, as long as you have the corresponding header.

    This is what they say "After you create a volume, back up its header to a file (select Tools -> Backup Volume Header) before you allow a non-admin user to use the volume. Note that the volume header (which is encrypted with a header key derived from a password/keyfile) contains the master key with which the volume is encrypted. Then ask the user to choose a password, and set it for him/her (Volumes -> Change Volume Password); or generate a user keyfile for him/her. Then you can allow the user to use the volume and to change the password/keyfiles without your assistance/permission. In case he/she forgets his/her password or loses his/her keyfile, you can "reset" the volume password/keyfiles to your original admin password/keyfiles by restoring the volume header from the backup file (Tools -> Restore Volume Header)."

  4. #19
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,132
    Thank Post
    177
    Thanked 49 Times in 42 Posts
    Rep Power
    24
    After testing TC I find that there can only be one password in use at a time. When the hard drive is encrypted a backup of the header is made which will allow the original password to be reinstated if a user has subsequently change it.

    So in a nutshell, regardless of what the current password is the HD can be ‘unlocked’ as long as you have the original password and the backup CD that was made at the time the HD was encrypted.

    After a practice run on a spare laptop TC seems straight forward to use and we plan to encrypt all staff laptops before the report session starts this year.

  5. #20
    Gerry's Avatar
    Join Date
    Jun 2007
    Location
    North Wales
    Posts
    431
    Thank Post
    60
    Thanked 38 Times in 35 Posts
    Rep Power
    24
    We use CompuSec for laptop encryption. It's free and does what it says on the tin. Make sure you disable it's "Single Sign-On" feature though, as this can remember your domain account log-in which can cause user confusion with password expiry policies. You can set a master password, and the password screen users see immediately after switching on can be customised.

    As for USB sticks, I think we're going for Kingston's Enterprise DataTraveller sticks, supposedly for ease-of-use, but I haven't played with one yet so don't know if it's any good.

  6. #21
    bandgeekmafia78's Avatar
    Join Date
    May 2007
    Location
    Salford
    Posts
    382
    Thank Post
    88
    Thanked 22 Times in 14 Posts
    Rep Power
    21
    Our school has also been advised to use TrueCrypt. Does anyone have guidelines on how to use this product?

  7. #22
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,132
    Thank Post
    177
    Thanked 49 Times in 42 Posts
    Rep Power
    24
    Quote Originally Posted by bandgeekmafia78 View Post
    Our school has also been advised to use TrueCrypt. Does anyone have guidelines on how to use this product?
    See here http://schools.becta.org.uk/upload-d...encryption.pdf

  8. Thanks to Jobos from:

    bandgeekmafia78 (13th May 2009)

  9. #23
    dalsoth's Avatar
    Join Date
    Sep 2008
    Location
    Cambridgeshire
    Posts
    547
    Thank Post
    190
    Thanked 108 Times in 80 Posts
    Rep Power
    46
    With regards to TrueCrypt and full laptop hard disk encryption, could we encrypt each hard disk using the same password and use a single rescue cd or is the rescue cd going to need creating for every laptop?

    We have nearly 100 laptops and i don't really want to have to store all of the cd's for them.

    Any tips would be appreciated as we are looking at implementing this if we can make it work for us.

    One other thing to ask on the topic. Do you guys have a policy that staff do not use any memory sticks other than those supplied by the school? How do you enforce this? I don't like to mess about with staff owned equipment as i will not take responsibility for any damage.

    Do any of you use any products that prevent usb from being used or restricted to those allowed? Is that even doable?

    Thanks for the info in this thread so far, has been useful

  10. #24
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,132
    Thank Post
    177
    Thanked 49 Times in 42 Posts
    Rep Power
    24
    Quote Originally Posted by dalsoth View Post
    With regards to TrueCrypt and full laptop hard disk encryption, could we encrypt each hard disk using the same password and use a single rescue cd or is the rescue cd going to need creating for every laptop?
    Each laptop will need its own cd even if the laptop is encrypted with the same password.

  11. #25

    Join Date
    Mar 2009
    Location
    London
    Posts
    7
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by dalsoth View Post
    With regards to TrueCrypt and full laptop hard disk encryption, could we encrypt each hard disk using the same password and use a single rescue cd or is the rescue cd going to need creating for every laptop?

    We have nearly 100 laptops and i don't really want to have to store all of the cd's for them.

    Any tips would be appreciated as we are looking at implementing this if we can make it work for us.

    One other thing to ask on the topic. Do you guys have a policy that staff do not use any memory sticks other than those supplied by the school? How do you enforce this? I don't like to mess about with staff owned equipment as i will not take responsibility for any damage.

    Do any of you use any products that prevent usb from being used or restricted to those allowed? Is that even doable?


    Thanks for the info in this thread so far, has been useful
    I must admit that I am not familiar with TrueCrypt but my company deals with a number of Encryption vendors and most of them are able to distinguish between particular device models. ie, you can restrict use to one particular model of USB stick.

    The big players in the encryption market are (in no particular order);
    Sophos (formerly utimaco)
    Symantec
    Mcaffe (formerly safeboot)
    PGP
    Becrypt
    Checkpoint
    Lumension

  12. #26
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,485
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    75
    TrueCrypt is overkill for our requirements here, and would likely lead to as many problems as it solved. What else do people use, ideally which is also Mac compatible?

  13. #27

    Join Date
    Dec 2008
    Posts
    66
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    i think you have to compromise when it comes to encryption. There are tons of folder and file level encryption apps around that will secure files on demand. They work fine for a few files but take ages for larger amounts of data. Truecrypt is very fast but it does have the whole mounting'/container thing and a level of complexity for users which might not suit other situations.

    One thing that is interesting....people don't seem to be pushing EFS in these sorts of discussions. I'd be interested to know if people are use it. I've been reading up on it a bit. Clearly it can be very convenient for users as it's transparent and pretty quick. I've read of a number of vulnerabilities in Win2000 which appear to have been fixed for XP even on standalone machines. As long as the user has a decent password it sounds quite secure even on a laptop with a roaming profile sitting on it. Or is that not right?

  14. #28
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,485
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    75
    I've just noticed that TrueCrypt has a Mac version - could that be used in tandem with the Windows one, i.e. encrypt a file/volume on Windows and decrypt it on a Mac?

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Data Encryption Memory sticks
    By witch in forum Educational Software
    Replies: 44
    Last Post: 7th May 2009, 11:59 AM
  2. Replies: 4
    Last Post: 24th September 2008, 11:38 AM
  3. Data Manager - Birmingham School
    By GregNeumann in forum Educational IT Jobs
    Replies: 4
    Last Post: 15th May 2008, 08:20 PM
  4. Data encryption for servers
    By link470 in forum Windows
    Replies: 7
    Last Post: 6th February 2008, 05:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •