Laptop Security: Encryption & Security Solutions

[pcbananas]

Hello,

I wanted to find out what security solutions are available for laptop users in a corporate environment. We would like to implement hdd encryption as well as a way to lock down users to only use the network card if they are at work or using VPN from home.

any tips?

THanks

 

[dbwillis]

We use pointsec on our laptops at work, so far it seems unobtrusive and havent had many problems

 

[delemorte]

we use PGP to encrypt the laptops and a policy manager to help us create user polocies to keep them where they are supposed to be...


http://www.pgp.com/

 

[Darthkim]

PGP and Pointsec are both excellent products. We have been using PGP for about 3 years now and it has been rock solid.

Now, as far as wanting to restrict which NIC they connect from and such.... any of the unified security clients such as Symantec Endpoint Protection might come to mind.

 

[SpaceHonkey]

I used to work for a top US bank - rhymes with race. We used EncrytionPlus, but it seems the name has changed - http://www.guardianedge.com/products/guardianedge-hard-disk-encryption.php

 

[xtox]

We use our own solution.. it takes a full working day to provision a laptop with encryption, is this more or less the same with the software metioned here?

 

[makaze]

We also use pointsec at my job on all laptops, and certain desktops.

It works fairly well, and havn't had any issues with it.

 

[Darthkim]

We use our own solution.. it takes a full working day to provision a laptop with encryption, is this more or less the same with the software metioned here?

On a rollout, it takes about 4 hours. The encryption portion runs in the backgraound after we deploy the laptop to the end user. This is with PGP WDE on XP. Obviously it helps to have client management tools like altiris which automate most of the provisioning process.

 

[SpaceHonkey]

We use our own solution.. it takes a full working day to provision a laptop with encryption, is this more or less the same with the software metioned here?

GuardianEdge is like any other software install, except that on install you choose your credentials. After initial steps - (5min) the encryption process starts in the background. You can reboot if you want, it won't start asking for a password until the full process has completed. The time that takes just depends on how much data. When we deployed, the next day they would be prompted, meaning it had completed.

I just visited with them today, and found out that they now also have a single sign on implemented that includes the disk encryption. So they turn on the laptop, authenticate once - and the novell/windows GINA is passed the credentials along with Sametime. Very nice, better than having to use three different (potentially) passwords, and they all are enforced to change every 90 days.