• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Encription for USB Drives

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion

View previous topic :: View next topic  
Author Message
SystemAdmin
Just Arrived
Just Arrived


Joined: 02 Jul 2007
Posts: 0


Offline

PostPosted: Tue Mar 29, 2011 7:55 am    Post subject: Encription for USB Drives Reply with quote

Hi,

We are looking for a best solution to implement encription on the USB drives we provide to our staff. There are many software available on the Internet which can be used for this purpose but I wanted to have an expert advice on going for a best method of encription and/or selecting a good (paid) software for this purpose.

Many thanks in advance for any help with this!
Back to top
View user's profile Send private message
AdamV
SF Mod
SF Mod


Joined: 06 Oct 2004
Posts: 24
Location: Leeds, UK

Offline

PostPosted: Tue Mar 29, 2011 10:45 am    Post subject: Reply with quote

What's the mix of OS in use on the clients?

Is this a domain environment?

(it may be worth using group policy to ensure that only compliant USB keys can be used, to make sure that the only drives that can be written to are encrypted, you may also want to restrict reading from drives to prevent people bringing in malware or unlicensed software that way)

How many users / USB sticks are you likely to be dealing with (more means you need better central control tools, fewer maybe means something a bit manual is required).

Do you need to worry about having a means of central (secure) recovery if users lose their decryption key / pin / password? Or do you only expect data on the sticks to be copies of things you already have and control within the corporate data centre?

Are you looking for a pure software solution or hardware (such as IronKey)?
Back to top
View user's profile Send private message Visit poster's website
SystemAdmin
Just Arrived
Just Arrived


Joined: 02 Jul 2007
Posts: 0


Offline

PostPosted: Tue Mar 29, 2011 11:05 am    Post subject: Reply with quote

Thanks for the reply AdamV!

The OS is Windows (7 and XP).

Actually we are looking for a solution so that when staff loses their drives during travel etc then official data should not be accessible to the person who found lost drive(s).

We do not have any need to implement encription within our domain.

It would be very useful if you could give your advice for both software and hardware solutions.

Many thanks!
Back to top
View user's profile Send private message
AdamV
SF Mod
SF Mod


Joined: 06 Oct 2004
Posts: 24
Location: Leeds, UK

Offline

PostPosted: Tue Mar 29, 2011 2:52 pm    Post subject: Reply with quote

My point about controlling this through domain policies is that, for example, you can control your Windows 7 machines so that no-one can write to a USB thumb drive which has not been suitably encrypted (using "Bitlocker to go" as an option).

Encrypting company-supplied drives is all very well, but if users can also bring in their own cheap devices and copy data to these, they are still vulnerable.
Back to top
View user's profile Send private message Visit poster's website
Dezaxa
Forum Fanatic
Forum Fanatic


Joined: 22 Mar 2007
Posts: 16777214


Offline

PostPosted: Thu Mar 31, 2011 4:19 pm    Post subject: Reply with quote

Adam makes an important point that you should consider. There are many encryption systems that will encrypt a USB device, but the result might be that each user will have a separate password for their device. This can mean
- more passwords to remember;
- if the user forgets the password, it cannot be recovered;
- if the user falls under a bus, nobody else can access their device;
- a malicious user might smuggle data out.

In a small company, you may be able to deal with these issues by using administrative controls, e.g. requiring every user to keep a record of their device password in a secure location. In a larger company, you may want to find a system that ties in with your directory service (e.g. ActiveDirectory), or that provides an enterprise management service.

As a starting point, Ironkey have a good reputation in this space, though you should definitely compare a few others.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register