Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Encryption/Protection for USB storage media
From: gbugbear at gmail.com (Tim Mugherini)
Date: Sat, 16 May 2009 14:30:06 -0400

I looked at several solitions a years ago and went with Ironkey for
the aforementioned reasons. They also have an enterprise version with
central policies and silver bullet functionality.

We pair it up with device lock for usb and peripheral control. Which
was only about 10 a node. Took all of a day to setup

On 5/16/09, Jack Daniel <jackadaniel at gmail.com> wrote:
For a relatively painless solution, I'll join the IronKey chorus. It
has the added bonus of being able to survive much more physical abuse
than other USB drives.  I, er, I mean Bob, says they might even
survive a trip through the washing machine if the cap is on tight.

As far as Bitlocker-to-go, this is a classic MS "innovation"- they get
parts of it right and then drop the ball hard.  Bitlocker-to-go is a
great solution, one checkbox in GP and no more writing to unencrypted
USB drives on your domain (several more places to control passphrase
complexity, X.509 certs, backwards compat, etc).  If you use a
password/phrase you can open it (read-only) with XP/Vista machines,
but they cannot write to it (that's default, can be set in GP).  Note-
if you use SmartCard or other X.509 cert. based auth, no backwards
compatibility.

Now the thud- it will only be available on Enterprise and Ultimate
SKUs, not on Pro or any Home version.  Enterprise is Volume licensing
only, Ultimate will mostly be a retail  software purchase. In other
words, you are not likely to ever purchase a PC with Bitlocker-to-go
enabled- if you want it you will pay again.

And no, I have not tried to carve up the registry looking for a way to
open Bitlocker, the pre-beta, beta and RCs I have used were all
Ultimate.

Jack



--
______________________________________
Jack Daniel, Reluctant CISSP
http://twitter.com/jack_daniel
http://blog.uncommonsensesecurity.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


-- 
Sent from my mobile device


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]