1 / 9

Lessons learned during Sandia’s encryption implementation

Lessons learned during Sandia’s encryption implementation. NLIT 2009 May 2008 Sam Jones Matt Snitchler Desktop Technology Development.

mohawk
Download Presentation

Lessons learned during Sandia’s encryption implementation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Lessons learned during Sandia’s encryption implementation NLIT 2009 May 2008 Sam Jones Matt Snitchler Desktop Technology Development Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company,for the United States Department of Energy’s National Nuclear Security Administration under contract DE-AC04-94AL85000.

  2. Objective • Protect sensitive data on all mobile devices • Meet NAP 14-2-C Cyber Security Requirement

  3. Windows Solution • Credant Mobile Guardian • FIPS 140-2 Certified • Enterprise key management • Reporting capability • Supports removable media • Not a silver bullet

  4. Mac Solution • FileVault • Credant Mac Client (Beta) • Managed by console • Does not support Windows Credant EMS • WinMagic • Removable media support not integrated

  5. Linux Solutions • GnuPG • RHEL 5.3 • Linux Unified Key Setup (LUKS) • Does not support Windows Credant EMS • Dual Boot problems • Removable media support not integrated • Hardware based FDE software support immature

  6. Encryption hurts • Long encryption times • I/O intensive applications affected • Flash drives cumbersome • Large USB drives experience initial long encryption time • System recovery more complex

  7. Hardware FDE • Works well with I/O intensive applications • No initial encryption hit • Does not work with all hardware vendors • Dell, HP, Lenovo • Enterprise management solutions immature • Key management • Reporting • Wave, Secude, WinMagic • Technically not FIPS 140-2 • Hardware FDE option on Preferred System List

  8. Hardware encrypted flash • IronKey • Multi platform • Windows, Linux, Mac (Beta) • FIPS 140 certified • Expensive • Enterprise management solutions immature • Key management • Reporting • Does not work well with Credant EMS

  9. Questions • ? • sejones@sandia.gov • 505 845-8643 • mdsnitc@sandia.gov • 505 844-7790

More Related