Versions Compared

Old Version 13

changes.mady.by.user Jonathan Hunt

Saved on

compared with

New Version Current

changes.mady.by.user Jonathan Hunt

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Corrected links that should have been relative instead of absolute.

...

  1. Ease of use (if it is hard to use, it won't be used)
  2. Transparency to the user (beyond authenticating at login or boot up)
  3. Recovery from forgotten passwords (don't loose the important data) and hardware failures
  4. Effective encryption to thwart a thief from getting sensitive data off the disk
  5. Ease of setup

The project is not focussed on:

  • Protecting data from network attacks
  • Securing data communication channels for sharing the data

...

  • Is the data backed up encrypted or in the clear?  (Dependent on backup solution) 
    • If encrypted in backup, what extra precautions must be taken to ensure recoverability of the data should a disk failure or forgotten password happen?
    • Does the backup solution backup the data as a file (may make incremental system backups really large for FileVault)?
    • What is the impact on incremental backups, particularly on multi-user systems?
  • Does the solution protect against a stolen laptop or hard drive?
  • What behaviors might a typical user do that would result in the data being on the disk unencrypted?
    • What can be done to mitigate these risks?
  • How do the operating system tools compare to 3rd party products like PGP for functionality, key escrow, recovery, etc.?
  • What are other schools doing?
    **Harvard appears to be going with PGP whole disk
    **UPenn is at a similar state in evaluating possible solutions
  • How should central recovery work when passwords are lost?
    • i.e. who should have the keys to unlock the castle
  • What steps can be done with installers or other tools to ease the setup and ensure useful configurations?
    • like requiring non-blank login passwords, passwords to return from sleep, etc.
      *What performance hit does encrypting the files have, if any?
    • Could play large video file from encrypted spot - see how long it took to load and if they was any file read problems, then do the same thing on the same machine from a non-encrypted location.

Feel free to add additional questions in the comments section below and the pilot team will look into them.

...

  • Jonathan Hunt - IS&T Client Support Services Software (Project Leader)
  • Deb Bowser - IS&T Software Release Team (SWRT Team Leader)
  • Alex Koslov - IS&T Software Release Team (Windows Platform Coordinator)
  • Al Willis - IS&T Software Release Team (Macintosh Platform Coordinator)
  • Patrick Whitney -  IS&T TSM Team (TSM/Backup Expert)
  • TBDs - ITPartners, MacPartners and WinPartners
  • Dave Kalenderian - IS&T TSM Team (TSM/Backup Expert)
  • David Ferrante - MIT Federal Credit Untion
  • Rich Garcia - IS&T
  • Matt Sullivan - IS&T Departmental IT Resources
  • Helen Rose - Resource Development
  • Matthias Thorn - IS&T Computing Help Desk
  • Scott Jensen - MIT Corporate Relations - Industrial Liaison Program
  • Andre Pierre - MIT OpenCourseWare
  • Jason Marshall - MIT Sloan Technology Services
  • Michael Mappes - MIT Sloan Technology Services
  • Alison Knott - MIT Medical, Manager Security and Integration
  • Ann Birk - COFHE Director of Information Technology
  • Greg Hudson - MIT Sloan Technology ServicesTBDs - other volunteers

Disk Encryption Test Results

...