SlideShare a Scribd company logo

Encryption

Download as PPT, PDF
Nitin Parbhakar, profile picture
Nitin Parbhakar

This document summarizes the UW Desktop Encryption Project. The project aims to research encryption tools to protect restricted data on lost or stolen devices. It will recommend a product for pilot testing and evaluate its full disk and file/folder encryption. Challenges include supporting different platforms, key management, and gaining user acceptance. The project selected SafeBoot due to its features and will pilot it through June before recommending a solution to sponsors.

Technology
1 of 44
Downloaded 20 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
UW Desktop Encryption Project UW’s approach to data encryption
Introductions • Allen Monette - Security Coordinator • Linda Pruss – Security Engineer
AGENDA • Overview of technology • Endpoint Encryption Project • Challenges/Issues • What’s next
Effective Practices for Restricted Data Handling Risk Reduction Strategy Risk Assessment Risk Reduction Strategies OR THEN OR
Why Encryption?
It’s 3am… Do you know where your laptops are? Full Disk Encryption protects against lost devices
Would you trust… this guy with your files? File and Folder Encryption protects specific data
How does it work?
File encryption Think of file encryption as a secret code A simple code: A=0 B=1 C=2 D=3 Etc A message: 7 4 11 11 14 22 14 17 11 3
Folder encryption Think of folder encryption as a safe deposit box
Full Disk Encryption Think of Full Disk Encryption like a bank vault
How does it really work?
File and folder Encryption • Encrypts individual files or entire folders • Requires authentication to decrypt and access the files
Full Disk Encryption • Replaces the master boot record with a special preboot environment • Encrypts the entire hard drive • Preboot Authentication plus OS authentication • Decrypts as files are used
How to choose between Full Disk and File/Folder?
When to use Full Disk Encryption Full Disk Encryption protects against lost devices
When to use file/folder • Need an additional layer of security • Need portability • Need to support removable media
Endpoint Encryption Project
Charter • • To research tools and methods for encrypting data on desktops and laptops so that risk is reduced if a computer storing restricted data is lost, stolen, compromised or disposed of improperly. Deliverables are : 1) recommend a product for pilot 2) pilot the product 3) recommend final product to sponsors
Scope • Common desktops operating systems – Macintosh and Windows • Full disk and file/directory level encryption • Removable media devices – USB drives, CDRW • Managed (IT administered) and unmanaged (self-administered) systems
Out of scope • Encryption of Linux OS, handhelds or smart phones • Hardware encryption • Database encryption • Encryption of server-based solutions • Secure transmission • Secure printing
Out of scope • End user education • Best practices • Support infrastructure • Policy work
Approach • Define the project • Get Smart! – Product and Market Analysis – Requirements Gathering
Get Smart! • Team knowledge and research • NIST document (800-111) – Nov, 2007 – Guide to Storage Encryption Technologies for end user devices – http://csrc.nist.gov/publications/nistpubs/ 800-111/SP800-111.pdf • Campus forum • Leverage others work
Market Analysis Source: Gartner Group Full report at: http://mediaproducts.gartner.com/reprints/credant/151075.html
Requirements • Device support – Windows … all flavors – Macintosh – Linux – Smart Phone/Handheld • Industry Standard Encryption – AES 256 – FIPS certified
Requirements • Key Management – Key backup/escrow mechanisms – Key recovery mechanisms – Key generation mechanisms • Removable Media support – USB disks, etc – CD R/W
Requirements • Management Capabilities – Centrally managed • Provide service to campus departments – Cooperatively managed • Delegated management – Delegated management • IT managed • UW campus or IT department – Unmanaged • Self-managed
Requirements • Directory Integration – Diversity on our campuses – The more varieties the better • File and Folder encryption – Don’t want to support multiple product • Leverage our Public Key Infrastructure – Strong AuthN
Approach • Define the project • Get Smart! – Product and Market Analysis – Requirements Gathering • Mapped Solutions to Requirements – Reduce possible solutions to 9
Approach • Define the project • Get Smart! – Product and Market Analysis – Requirements Gathering • Mapped Solutions to Requirements – Reduce possible solutions to 9 • Team Test of top 2 products
Product Selected SafeBoot – http://www.safeboot.com/ – Acquired by McAfee in Q4 2007
Product Selected • Key Differentiators – Macintosh on Roadmap – File/Folder; smartphone encryption too – Allows for centralized, collaborative and delegated models – Management not tied to specific product – Lots of connectors (or not) – Small desktop footprint – Ease of use; understandable
Challenges/Issues
Technical Challenges • Market Turbulence/Definition – Acquisitions/partnerships – Many new features being introduced • Assumes client/server model – Periodic check in to server – Delegated/collaborative management
Technical Challenges • Laptop states – Power off protection – Screen saver – Logoff – Hibernate, Suspend • Not a panacea – Still need host hardening – Power on protection
Technical Challenges • Authentication – Strong passwords – 2 factor authentication – Integrated Windows AuthN • Synchronization issues • Recovery – User or machine password recovery • Identity proofing – Hardware Failure – Forensics
Non-Technical Challenges
Non-Technical Challenges Policy • Where and when to use Full Disk Encryption? • Where and when to use File/Folder? • What encryption solutions are acceptable? • Log in once or twice?
Non-Technical Challenges Centralized service; decentralized campus • Who pays? • Maintenance • Running the server • Administering the application • Managing the service • Support • Help Desk calls • 2nd level technical expertise • Licenses
Non-Technical Challenges User Acceptance • Department IT Staff • Willingness to collaborate • End Users • Strong passwords necessary • Double authentication with Pre-Boot • Initial setup cost - takes time to encrypt
What Next?
What next? • Two new project teams • Policy • Support & Best Practices • Pilot runs through the end of June • Evaluating our ability to collaborate as well as the software • Initial rollouts of 10-20 laptops • Report to sponsors with recommendations • Gradually open up pilot starting in July
UW Desktop Encryption Project Allen Monette, amonette@wisc.edu Linda Pruss, lmpruss@wisc.edu

More Related Content

PPT
Data security
sbmiller87
 
PDF
Design Summit - User stories from the field - Chris Jung
ManageIQ
 
PPTX
Hardware, Software, Facilities and Support Services
LoCoMoTion Project
 
PPTX
Presentation cyber forensics & ethical hacking
Ambuj Kumar
 
PPTX
Wirth’s law
Laurence Lim
 
PPTX
Business hardware
Jirasak Hengsrisombat
 
PPTX
501 ch 5 securing hosts and data
gocybersec
 
PDF
Selling SaaS in a product world
SVPMA
 
Data security
sbmiller87
 
Design Summit - User stories from the field - Chris Jung
ManageIQ
 
Hardware, Software, Facilities and Support Services
LoCoMoTion Project
 
Presentation cyber forensics & ethical hacking
Ambuj Kumar
 
Wirth’s law
Laurence Lim
 
Business hardware
Jirasak Hengsrisombat
 
501 ch 5 securing hosts and data
gocybersec
 
Selling SaaS in a product world
SVPMA
 

What's hot (10)

PDF
Accidental Architecture 0.9
Mark Cathcart
 
PPTX
IWMW 1998 Server Management (4) Security Principles
IWMW
 
PDF
Traka education brochure
Tara Wally
 
PPTX
Cincinnati window shade technology overview
rippea
 
PDF
Tsg Signature Care Core Help Desk Desktop Management Offering
mcini
 
PPTX
Power point lab5
Demi Hall
 
PPTX
Highlights
Dave Charlesworth
 
PPTX
501 ch 4 securing your network
gocybersec
 
PPT
ppt application softwears (getting work)
Dynamic Research Centre & institute
 
PPTX
B) Computer Basics
remotestaffdesignsolution
 
Accidental Architecture 0.9
Mark Cathcart
 
IWMW 1998 Server Management (4) Security Principles
IWMW
 
Traka education brochure
Tara Wally
 
Cincinnati window shade technology overview
rippea
 
Tsg Signature Care Core Help Desk Desktop Management Offering
mcini
 
Power point lab5
Demi Hall
 
Highlights
Dave Charlesworth
 
501 ch 4 securing your network
gocybersec
 
ppt application softwears (getting work)
Dynamic Research Centre & institute
 
B) Computer Basics
remotestaffdesignsolution
 
Ad

Similar to Encryption (20)

PDF
Encryption: Who, What, When, Where, and Why It's Not a Panacea
Resilient Systems
 
PPT
Implementing whole disk encryption State Wide, the good, the bad and the encr...
Duane Rigsby
 
PPT
[ppt]
webhostingguy
 
DOCX
Securing data at rest with encryption
Ruban Deventhiran
 
PPT
DSS @Arrow_Inspiration_Roadshow_2013_Symantec_Extends_Encryption_Offerings
Andris Soroka
 
PPTX
What is hard drive encryption or full disk encryption?
UmerSiddiqui49
 
PPTX
PKI in today's landscape (Mauritius - Siddick)
Siddick Elaheebocus
 
PPT
[ppt]
webhostingguy
 
PPT
BCS_PKI_part1.ppt
UskuMusku1
 
PDF
(eBook PDF) Corporate Computer Security 4th Edition by Randall J. Boyle
oscgbksaxg403
 
PPTX
How to write secure code
Flaskdata.io
 
PPT
Computersystemssecurity 090529105555-phpapp01
Miigaa Mine
 
PPT
Computer Systems Security
drkelleher
 
PPTX
Encryption in Cyber Security with detailed
Bert Blevins
 
PPTX
Securing embedded systems
aissa benyahya
 
PDF
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Ben Rothke
 
PPT
Pki by Steve Lamb
Information Security Awareness Group
 
PDF
iaetsd Using encryption to increase the security of network storage
Iaetsd Iaetsd
 
PPT
20-security.ppt
ajajkhan16
 
PDF
Windows 10: Windows 10 de ITPros a ITPros
Juan Ignacio Oller Aznar
 
Encryption: Who, What, When, Where, and Why It's Not a Panacea
Resilient Systems
 
Implementing whole disk encryption State Wide, the good, the bad and the encr...
Duane Rigsby
 
[ppt]
webhostingguy
 
Securing data at rest with encryption
Ruban Deventhiran
 
DSS @Arrow_Inspiration_Roadshow_2013_Symantec_Extends_Encryption_Offerings
Andris Soroka
 
What is hard drive encryption or full disk encryption?
UmerSiddiqui49
 
PKI in today's landscape (Mauritius - Siddick)
Siddick Elaheebocus
 
[ppt]
webhostingguy
 
BCS_PKI_part1.ppt
UskuMusku1
 
(eBook PDF) Corporate Computer Security 4th Edition by Randall J. Boyle
oscgbksaxg403
 
How to write secure code
Flaskdata.io
 
Computersystemssecurity 090529105555-phpapp01
Miigaa Mine
 
Computer Systems Security
drkelleher
 
Encryption in Cyber Security with detailed
Bert Blevins
 
Securing embedded systems
aissa benyahya
 
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Ben Rothke
 
Pki by Steve Lamb
Information Security Awareness Group
 
iaetsd Using encryption to increase the security of network storage
Iaetsd Iaetsd
 
20-security.ppt
ajajkhan16
 
Windows 10: Windows 10 de ITPros a ITPros
Juan Ignacio Oller Aznar
 
Ad

Recently uploaded (20)

PDF
Structs to JSON: How Go Powers REST APIs
Emily Achieng
 
PPTX
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
 
PDF
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
PPTX
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
PDF
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
PPTX
The Future of AI & Machine Learning.pptx
pritsen4700
 
PDF
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
PDF
MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdf
Neo4j
 
PDF
Peak of Data & AI Encore - Real-Time Insights & Scalable Editing with ArcGIS
Safe Software
 
PDF
The Future of Artificial Intelligence (AI)
Mukul
 
PPTX
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
PPTX
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
PDF
Software Development Methodologies in 2025
KodekX
 
PDF
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
PDF
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
PPTX
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
PPTX
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
 
PPTX
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
PPTX
Introduction to Flutter by Ayush Desai.pptx
ayushdesai204
 
PDF
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 
Structs to JSON: How Go Powers REST APIs
Emily Achieng
 
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
 
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
The Future of AI & Machine Learning.pptx
pritsen4700
 
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdf
Neo4j
 
Peak of Data & AI Encore - Real-Time Insights & Scalable Editing with ArcGIS
Safe Software
 
The Future of Artificial Intelligence (AI)
Mukul
 
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
Software Development Methodologies in 2025
KodekX
 
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
 
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
Introduction to Flutter by Ayush Desai.pptx
ayushdesai204
 
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 

Encryption

  • 1. UW Desktop Encryption Project UW’s approach to data encryption
  • 2. Introductions • Allen Monette - Security Coordinator • Linda Pruss – Security Engineer
  • 3. AGENDA • Overview of technology • Endpoint Encryption Project • Challenges/Issues • What’s next
  • 4. Effective Practices for Restricted Data Handling Risk Reduction Strategy Risk Assessment Risk Reduction Strategies OR THEN OR
  • 6. It’s 3am… Do you know where your laptops are? Full Disk Encryption protects against lost devices
  • 7. Would you trust… this guy with your files? File and Folder Encryption protects specific data
  • 8. How does it work?
  • 9. File encryption Think of file encryption as a secret code A simple code: A=0 B=1 C=2 D=3 Etc A message: 7 4 11 11 14 22 14 17 11 3
  • 10. Folder encryption Think of folder encryption as a safe deposit box
  • 11. Full Disk Encryption Think of Full Disk Encryption like a bank vault
  • 12. How does it really work?
  • 13. File and folder Encryption • Encrypts individual files or entire folders • Requires authentication to decrypt and access the files
  • 14. Full Disk Encryption • Replaces the master boot record with a special preboot environment • Encrypts the entire hard drive • Preboot Authentication plus OS authentication • Decrypts as files are used
  • 15. How to choose between Full Disk and File/Folder?
  • 16. When to use Full Disk Encryption Full Disk Encryption protects against lost devices
  • 17. When to use file/folder • Need an additional layer of security • Need portability • Need to support removable media
  • 19. Charter • • To research tools and methods for encrypting data on desktops and laptops so that risk is reduced if a computer storing restricted data is lost, stolen, compromised or disposed of improperly. Deliverables are : 1) recommend a product for pilot 2) pilot the product 3) recommend final product to sponsors
  • 20. Scope • Common desktops operating systems – Macintosh and Windows • Full disk and file/directory level encryption • Removable media devices – USB drives, CDRW • Managed (IT administered) and unmanaged (self-administered) systems
  • 21. Out of scope • Encryption of Linux OS, handhelds or smart phones • Hardware encryption • Database encryption • Encryption of server-based solutions • Secure transmission • Secure printing
  • 22. Out of scope • End user education • Best practices • Support infrastructure • Policy work
  • 23. Approach • Define the project • Get Smart! – Product and Market Analysis – Requirements Gathering
  • 24. Get Smart! • Team knowledge and research • NIST document (800-111) – Nov, 2007 – Guide to Storage Encryption Technologies for end user devices – http://csrc.nist.gov/publications/nistpubs/ 800-111/SP800-111.pdf • Campus forum • Leverage others work
  • 25. Market Analysis Source: Gartner Group Full report at: http://mediaproducts.gartner.com/reprints/credant/151075.html
  • 26. Requirements • Device support – Windows … all flavors – Macintosh – Linux – Smart Phone/Handheld • Industry Standard Encryption – AES 256 – FIPS certified
  • 27. Requirements • Key Management – Key backup/escrow mechanisms – Key recovery mechanisms – Key generation mechanisms • Removable Media support – USB disks, etc – CD R/W
  • 28. Requirements • Management Capabilities – Centrally managed • Provide service to campus departments – Cooperatively managed • Delegated management – Delegated management • IT managed • UW campus or IT department – Unmanaged • Self-managed
  • 29. Requirements • Directory Integration – Diversity on our campuses – The more varieties the better • File and Folder encryption – Don’t want to support multiple product • Leverage our Public Key Infrastructure – Strong AuthN
  • 30. Approach • Define the project • Get Smart! – Product and Market Analysis – Requirements Gathering • Mapped Solutions to Requirements – Reduce possible solutions to 9
  • 31. Approach • Define the project • Get Smart! – Product and Market Analysis – Requirements Gathering • Mapped Solutions to Requirements – Reduce possible solutions to 9 • Team Test of top 2 products
  • 33. Product Selected • Key Differentiators – Macintosh on Roadmap – File/Folder; smartphone encryption too – Allows for centralized, collaborative and delegated models – Management not tied to specific product – Lots of connectors (or not) – Small desktop footprint – Ease of use; understandable
  • 35. Technical Challenges • Market Turbulence/Definition – Acquisitions/partnerships – Many new features being introduced • Assumes client/server model – Periodic check in to server – Delegated/collaborative management
  • 36. Technical Challenges • Laptop states – Power off protection – Screen saver – Logoff – Hibernate, Suspend • Not a panacea – Still need host hardening – Power on protection
  • 37. Technical Challenges • Authentication – Strong passwords – 2 factor authentication – Integrated Windows AuthN • Synchronization issues • Recovery – User or machine password recovery • Identity proofing – Hardware Failure – Forensics
  • 39. Non-Technical Challenges Policy • Where and when to use Full Disk Encryption? • Where and when to use File/Folder? • What encryption solutions are acceptable? • Log in once or twice?
  • 40. Non-Technical Challenges Centralized service; decentralized campus • Who pays? • Maintenance • Running the server • Administering the application • Managing the service • Support • Help Desk calls • 2nd level technical expertise • Licenses
  • 41. Non-Technical Challenges User Acceptance • Department IT Staff • Willingness to collaborate • End Users • Strong passwords necessary • Double authentication with Pre-Boot • Initial setup cost - takes time to encrypt
  • 43. What next? • Two new project teams • Policy • Support & Best Practices • Pilot runs through the end of June • Evaluating our ability to collaborate as well as the software • Initial rollouts of 10-20 laptops • Report to sponsors with recommendations • Gradually open up pilot starting in July
  • 44. UW Desktop Encryption Project Allen Monette, [email protected] Linda Pruss, [email protected]

Editor's Notes

  • #5: OCIS is out on the two ends with ongoing projects: Find it; Encrypt it. Middle is harder. Restricted data, for us defined by WI Statue, but can be applied to any data you need to protect. Two types of encryption: full disk and file/folder.
  • #7: Endpoints defined. Lost laptops—VA; estimated costs per record are around $200 for 10000 records $2million
  • #8: Lost CDs – British government
  • #11: Photo by "Scott Beale / Laughing Squid” laughingsquid.com.
  • #14: Good solutions integrate with the OS, eg added to right-click context menu; can select files by type, eg .doc
  • #17: Data at rest. Can also be used for secure hdd disposal.
  • #18: FDE can’t protect a laptop that’s on and logged in; FDE doesn’t stop unencrypted data from leaving the encrypted drive
  • #20: Create charter and solicit a team Team Members Sponsors
  • #22: Server based solutions like mywebspace, webDAV Novell and Microsoft filie server; Incidental not intended.
  • #23: (e.g. encrypting the restricted data, but then emailing it unencrypted; strong encryption passwords)
  • #24: Get SMART
  • #25: Campus concerns and experiences Milwaukee … Survey Center … Educause list Burton group
  • #26: Describe quadrants
  • #27: Variety of machines supported Vista laggers; none—some promised; why important? Why should audience care?
  • #28: Key management importance; lost keys mean lost data Just encrypted disk, but then just copy the entire thing to USB in clear text
  • #31: invited vendors for demos/webex; gathered additional information; ranked products as demos completed see what floated to top
  • #32: Get SMART; hands on test of both products; continued to gather information; decide on product to pilot—license affordable?
  • #35: Some are Safeboot specific most would pertain to any product we selected. Think about any particular challenges you would have with implementation of this kind of product