You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

The Hard Disk Encryption Evaluation project is being conducted at the request of ITAG and led by Jonathan Hunt. The goal is to identify a product that can be utilized with relative easy to encrypt data on local hard drives in an effort to better protect against sensitive data therby lowering MIT's risk at exposing sensitive data. The target audience is laptops as they are more likely to "disappear", but we do not anticipate and reasons why a desktop would need a different solution.

Problem: MIT is at risk for sensitive data exposure when laptops and other hardware is stolen or left unattended.
Solution: Provide a technical solution to lower that risk by encrypting sensitive data on hard disks in laptops (and desktops). 

The goals of the encryption solutions are:

  1. Ease of use (if it is hard to use, it won't be used)
  2. Transparency to the user (beyond authenticating at login or boot up)
  3. Recovery from forgotten passwords (don't loose the important data) and hardware failures
  4. Effective encryption to thwart a thief from getting sensitive data off the disk
  5. Ease of setup

The project is not focussed on:

  • Protecting data from network attacks
  • Securing data communication channels for sharing the data

The initial evaluation will focus on utilizing the Encrypted File System that is an option as part of Windows XP Professional and FileVault that is an option as part of Mac OS X 10.4 Tiger (and 10.3 Panther). We have taken a brief look at other possible solutions including commericial products like PGP, but for decided to start with solutions that are already available to the target audience without the need for additional software management.

The project will also pilot the Software and Hardware Evaluation Pilot Process seeing if a Wiki provides a useful way to collect feedback from the community evaluators.

If you are interested in participating in the evaluation, please contact jmhunt@mit.edu.

Questions to Explore During the Pilot

  •  Is the data backed up encrypted or in the clear?  (Dependent on backup solution) 
    • If encrypted in backup, what extra precautions must be taken to ensure recoverability of the data should a disk failure or forgotten password happen?
    • Does the backup solution backup the data as a file (may make incremental system backups really large for FileVault)?
  • Does the solution protect against a stolen laptop or hard drive?
  • What behaviors might a typical user do that would result in the data being on the disk unencrypted?
    • What can be done to mitigate these risks?

Feel free to add additional questions in the comments section below and the pilot team will look into them.

Disk Encryption Test Results

The pilot is just beginning, so our results are not ready.

  • No labels