Yorkshire & Humberside Grid for Learning (YHGfL) Thread, Data Encryption in Regional Broadband Consortiums (RBC); Yes has been for about 12 months (I am on the LA working party). Few things True Crypt is good ...
26th January 2010, 07:57 PM #16
Yes has been for about 12 months (I am on the LA working party). Few things True Crypt is good for whole disk backup such as laptops.
As a memory stick solution I think it is very complicated and staff would not use them. Hence why for memory sticks we are looking for better solution (hardware based encryption was idea until someone broke it so need to look into it bit more).
But key issue here is finding a solution that works both on MACS and Windows.
But anyway feel free to give me a buzz if want to discuss it more.
26th January 2010, 08:05 PM #17
We currently use McAffee Endpoint Encryption (Safeboot) if anyone has any queries, we were forced to use this (NHS agreement). It's good at its job and most of the problems have been solved.
I would be interested in TrueCrypt (am I right in believing this is the free download one) for use on my netbook possibly.
26th January 2010, 08:09 PM #18
I think that's the area to spend money in - getting rid of the need for teachers and other staff to carry around external storage devices and laptops with locally-kept copies of files in the first place.
Originally Posted by russdev
26th January 2010, 08:42 PM #19
Yes it is the free one, I use it with good success
Originally Posted by MatthewL
27th January 2010, 08:49 AM #20
I've wondered about that, when it was suggested that we should buy all teachers hardware-encrypted drives - I thought, hmm, a decent remote access system would be cheaper... I suspect that people are now so engrained in the use of pen drives that it would be an impossible battle to win, however sensible it is.
Originally Posted by dhicks
27th January 2010, 09:33 AM #21
Now it's interesting that you should say that. I have been having the exact same thoughts, and to that end, we are now going to be developing a low cost VPN solution that uses Cisco IPSEC VPN tunnelling secured by two factor authentication with a one time password. We already have a solution in place which is used by IT Technicians really and a few teachers which is secured by CRYPTOCard 2FA tokens, but when the tokens are £30 a pop, they will never be rolled out to the whole teaching staff in a school as you would be looking at a £3K outlay. So we are looking at SMS one time passwords, your mobile phone then becomes one facter and your memeorised PIN becomes the other factor in 2FA. My logic is if you have a secure tunnel into the school, the data will never need to leave school and you don't have to worry about encryption. If we get the security right, it could be rolled out to parents and even students for access to various bit of reporting and RDP to desktop for use of specialised software.
Originally Posted by enjay
Watch this space.
27th January 2010, 10:04 AM #22
I'd still fully encrypt laptops, but that approach definitely has my sympathy and also because it helps with another risk i.e. the data might get backed up if it's still at the school.
the data will never need to leave school
I work like that a lot and the issues for me (which may depend on how you configure it):
* I'm exclusively on the Cisco VPN network i.e. it messes with the local routing tables so I can't send something to a printer on my local network.
* Similarly I can't fire up a local browser to go check someting on the net (unless I'm RDPd into a box). For me this turns out to be quite a pain, so I often have Laptop-on-VPN and home PC-not-on-VPN going at the same time.
* RDP works fine then just freezes sometimes... could be anything between me on contended 10Mb ISP link typically talking to a target on 100Mb. As ever, you do have to think about bandwidth and bottlenecks at various times and places.
27th January 2010, 10:35 AM #23
What you need is split tunnelling. If you get it right, you should be able to do what ever you like on your local network and only the stuff that needs to will go down the VPN. What you would need to be careful of in that situation though is that you need to be sure that your local network is clean and patched so you can't inroduce something inadvertently to your VPN network. You will have the "Tunnel Everything" switched on on your VPN concentrator. Let me know if you need any pointers as to what you will need to change if you don't already know.
Originally Posted by PiqueABoo
27th January 2010, 11:09 AM #24
Yeah - we put in an outward facing Citrix solution - so that staff can work from home pretty much as if they were at their PC in school - which seems to work well - as they can do their reports etc when they feel like it and there are no problems with backups/incompatible software etc - the only probs are with people out in the sticks who can't get a relatively decent bb connection
Originally Posted by dhicks
5th February 2010, 10:55 AM #25
Last time I looked at truecrypt, it required users to have administrative access to be able to work with encrypted content... has this changed of late?
We've been using AxCrypt where required, which allows stuff to be encrypted using a key file which we host on internal server shares which are restricted departmentally. All staff then use either a central or departmental keyfile, to prevent "forgotten my key..." issues.
5th February 2010, 12:02 PM #26
They either need to be admins or working on a PC with the drivers already installed, so if you put them on the PCs in school, they will be fine with restricted accounts. I think!
Originally Posted by Marci
By enjay in forum How do you do....it?
Last Post: 12th May 2009, 10:41 AM
By Sylv3r in forum How do you do....it?
Last Post: 12th May 2009, 09:10 AM
By witch in forum Educational Software
Last Post: 7th May 2009, 11:59 AM
By link470 in forum Windows
Last Post: 6th February 2008, 05:48 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)