Forgot your password?
typodupeerror

Comment For the luv of linus and older folks... (Score 1) 473

Urm Gnome isn't Linux? I was under the impression that gnome was simply a GUI, and that the "core" of the OS or "Kernel" was Linux, a UNIX derivative originally developed by Linus. Also,that open source projects were based on standards that may have deviations in the implementation, but still try to follow the standards. Please have tolerance before you blast me, as this is my interpretation and observations without any definitive answers. Additionally, I don't get the "making Linux look like windows for older folks". Are you sure this hangup isn't in your head? Personally, I installed Ubuntu about 2 years ago on my 83 year old grandmothers PC. After two months, I asked her how the computer was doing, and she said "It is running faster than it used to, and I like the version of Mahjong, because I can read the letters easier." I did not tell her I changed her PC to Linux, I just took the time to explain that her computer was gonna be different now, and that she needed to do things slightly differently.

Comment Risk vs Reward (Score 3, Informative) 480

alaederach wasn't looking for a sales pitch on Truecrypt. The decision has been made. He is looking to the slashdot community to empower him with a good argument to resist encryption. I hope that he chooses to embrace encryption, while recognizing that it is not applicable to every environment or computer. He can still make an informed argument against it in his case, provided he is correct in his assessment.

POLICY

alaederach, I believe the folks that posted advice about resolving this through the proper channels to get an exception to the policy is your best route. Dont start argumentatively. Explain your concerns and keep an open mind about them. Start with a member of the team that is deploying PGP and ask what the proper procedure is to get an exception to the policy. If there is a project manager assigned, that would be the person to start with. Project managers are usually more open to the needs of your area, and have the power to address issues that are raised during the implementation process. Kindly explain your concern, and ask if a high performance system can be benchmarked and tested prior to the roll out of PGP.

PERFORMANCE

As a proud tin foil hat wearing network administrator whom has rolled out PGP, I did not find a performance hit that was enough justification to make an exception in our environment. However, the identified risk of data loss and theft was a concern for the traveling laptops. The servers were less of a risk due to the physical security controls that were in place. PGP was only rolled out to laptops in my environment. I would recommend extensive testing prior to the roll out for high performance machines. Boot times were slower, but were measured in seconds vs minutes. In every case where performance was an issue, it was typical problems that one might find on a windows machine, and was unrelated to the encryption.

SECURITY

Every time I have worked as a member of a team deploying a security measure, the same argument is claimed by someone. "There is no reason to do X as it can be subverted." That goes for policy, physical access controls, software, and hardware. Encryption is no exception to this. Yes, warm and cold boot attacks are possible. Yes, highly motivated individuals, groups, and governments may have the ability to access your data. Security is best used with many layers. It can be highly effective at reducing risk, and keep higher percentages of the population from accessing or corrupting your data. alaederach, your best argument here is risk vs reward. This is where you kindly make your claim that risk is low due to the low impact of data loss in your environment. At the same time, if you have good physical security controls, you might want to include that in your argument. If the data that your work produces is valued higher by the decision makers than what you are sharing with us, then you may want request the performance testing and explain the risk of lower production due to performance. Geeks love performance testing, and if the highest risk is determined to be your computing performance, you just might find an exception to the policy.

MYTHS

A network adminstrator that gets hit by a bus, will cause your data to be lost. FALSE. The majority of organizations that have the funds to implement a project such as this, will also have determined off site storage of encryption keys as well as any othe data that would be backed up. Usually it is a different geographical location that utilizes high physical security controls. Yes there will be members of the staff that will have access. That is why there are Human Resource controls in place to vet the administrators. I.E. background checks.

An encrypted drive can not be accessed to retrieve data. FALSE. encrypted or unencrypted, proper data backup methods should be in place. With PGP specifically, I created a bartPE cd that allowed retrieval of data on a hard drive. While the bartpe addon is on the password protected portion of the PGP website, and is not very well documented, it is entriely possible to retrieve the data with a rescue CD, provided you have the keys and password.

A user that forgets the password cant access the computer in Africa. FALSE. The PGP suite has a feature that allows the user to gain access with a one time password that a PGP universal server administrator has access to. Yes, it does have auditing logs for use.

Encrypted drives go against "Green" computing, and restrict network administrators from powering off systems remotely or deploying software. FALSE. A secondary user can be configured with the PGP suite to allow for software deployment or to change the state of the system to reduce power consumption in the company. Yes, it does require other security controls be placed on system management products, however that should be done anyway.

*** To the Truecrypt Salesmen, I did not choose PGP, I just rolled it out to the best of my abilities. I actually like Truecrypt.

Slashdot Top Deals

It's later than you think, the joint Russian-American space mission has already begun.

Working...