1 / 9

Lessons Learned: Sandia's Encryption Implementation at NLIT 2009

Sandia's experience implementing encryption solutions at NLIT 2009 to protect sensitive data on mobile devices and meet cyber security requirements. Learn about Windows, Mac, Linux solutions, and hardware-based encryption pros and cons.

garrison-baxter
Télécharger la présentation

Lessons Learned: Sandia's Encryption Implementation at NLIT 2009

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lessons learned during Sandia’s encryption implementation NLIT 2009 May 2008 Sam Jones Matt Snitchler Desktop Technology Development Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company,for the United States Department of Energy’s National Nuclear Security Administration under contract DE-AC04-94AL85000.

  2. Objective • Protect sensitive data on all mobile devices • Meet NAP 14-2-C Cyber Security Requirement

  3. Windows Solution • Credant Mobile Guardian • FIPS 140-2 Certified • Enterprise key management • Reporting capability • Supports removable media • Not a silver bullet

  4. Mac Solution • FileVault • Credant Mac Client (Beta) • Managed by console • Does not support Windows Credant EMS • WinMagic • Removable media support not integrated

  5. Linux Solutions • GnuPG • RHEL 5.3 • Linux Unified Key Setup (LUKS) • Does not support Windows Credant EMS • Dual Boot problems • Removable media support not integrated • Hardware based FDE software support immature

  6. Encryption hurts • Long encryption times • I/O intensive applications affected • Flash drives cumbersome • Large USB drives experience initial long encryption time • System recovery more complex

  7. Hardware FDE • Works well with I/O intensive applications • No initial encryption hit • Does not work with all hardware vendors • Dell, HP, Lenovo • Enterprise management solutions immature • Key management • Reporting • Wave, Secude, WinMagic • Technically not FIPS 140-2 • Hardware FDE option on Preferred System List

  8. Hardware encrypted flash • IronKey • Multi platform • Windows, Linux, Mac (Beta) • FIPS 140 certified • Expensive • Enterprise management solutions immature • Key management • Reporting • Does not work well with Credant EMS

  9. Questions • ? • sejones@sandia.gov • 505 845-8643 • mdsnitc@sandia.gov • 505 844-7790

More Related