Looking at some options in this regard but first want to make sure I have my head properly wrapped around the whole idea.
Server holds data and only PCs with the client software (and crypto key) installed can access server data. - Correct?
Clients are also encrypted and a passphrase is provided by user before OS login. - Also correct?
For a few reasons I am considering TrueCrypt for workstations and a commercial product (PGP?) for the server. My thought process is I don't want to rely on the TC forums for a problem on my server. I know it's a popular product but I need someone to call if a problem comes up. If TC somehow bombs on a workstation there shouldn't have been any irreplaceable data anyway. Commercial product on the server so I get the security of a support contract at minimal cost of only 1 license per server.
Can anyone confirm my thoughts and give their .02 on my preliminary plan?
I think these technologies encrypt data, while it's on the disk only and the decryption engine sits at a fairly low-level in order for the data to be decrypted so the OS can read it's own files. I assume once a higher level protocol, like SMB, has the data, it's already decrypted.
From what I understand, the primary reason for using whole disk encryption is to protect the data from compromise should the hardware fall into the wrong hands.
I think the point Rick might be trying to make (and I'd agree with) is that it may be unnecessary to encrypt the server disks... unless they travel.
it's nice to have a translator on hand...
;)
Not that I can contribute anything to this conversation - but thought I would mention that Sophos has Full Disk Encryption - not sure if it is available NOW but I did just listen to a webinar regarding Endpoint 10 that is supposed to be released in December and that was one of the areas briefly discussed along with Patch assessment for PCs and Web security that will be Add-Ons to your current licenses.
Hey - I was in that webinar too - I didn't see you!
Did they list attendees? I didn't see a list...I thought it would be a lot of people since it was Users only.
No list - I was being facetious... but I did attend the webinar. It was good - nice new features, but unfortunately they cost extra.
LOL - many times the attendees are listed for these things! Yes - I thought the same thing.....not that I would be taking advantage of all the things offered..but since we seem to working OK...that old saying....If it's not broke don't fix it.....applies here.