UNM Encryption Services in Development

Slides:



Advertisements
Similar presentations
Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.
Advertisements

Ljubomir Ivaniš CPU d.o.o.
Rambling on the Private Data Security
Encryption – First line of defense Plamen Martinov Director of Systems and Security.
BitLocker™ Drive Encryption A look under the covers Steve Lamb Technical Security Advisor, Microsoft UK
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Support for Windows 7 Chapter 2 Securing and Troubleshooting Windows 7.
The future of Desktops Transform Your Desktop with Virtualization.
WCL317 Disclaimer The information in this presentation relates to a pre-released product which may be substantially modified before it’s commercially.
Windows 8: Windows To Go Overview Zvezdan PavkovicTanya Koval Senior ConsultantArchitect WCL333.
The Ultimate Backup Solution.
BitLocker Deployment Using MBAM is a Snap!
Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.
Data Encryption Overview South Seas Corporation Jared Owensby.
SEC316: BitLocker™ Drive Encryption
You can run that from a USB Drive ? Portable Applications: the good, the bad and the ugly Jeff Gimbel © 2007.
Mobility for the Enterprise
Security Computing Practices Plamen Martinov Chief Information Security Officer.
MDOP 2010: Diagnostic and Recovery Toolset (DaRT) Speaker Fabrizio Grossi
File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006.
ENCRYPTION Coffee Hour for August HISTORY OF ENCRYPTION Scytale Ciphers – paper wrapped around rod, receiver needed same size rod to get the message.
Virtual techdays Desktop Security with Windows 7 AppLocker & BitLocker to Go Aviraj Ajgekar│ Technology Evangelist │Microsoft Corporation Blog:
Security SIG August 19, 2010 Justin C. Klein Keane
Using Mobile Computers Lesson 12. Objectives Understand wireless security Configure wireless networking Use Windows mobility controls Synchronize data.
Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Microsoft ® Official Course Module 8 Securing Windows 8 Desktops.
Week #7 Objectives: Secure Windows 7 Desktop
Windows 7 for Information Workers NetCom SME: Neil Masih.
1 st Lost Data and Files Recovery Planning Distributed Workforce System Failures Traditional approaches to machine recovery don’t meet the needs.
Lost Data and Files Recovery Planning Distributed Workforce System Failures Traditional approaches to machine recovery don’t meet the needs of.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
DC-B312 BitLocker Improvements in Windows 8 MBAM 2.0 Investment Areas and Key New Features Deploying MBAM 2.0MBAM 2.0 End User Experience.
ITSS 2015: Encryption Edward Carter, Manager, Architecture and Response Stephen Hoffer, Senior Information Security Analyst Haley Baker, Associate Information.
Understand Encryption LESSON 2.5_A Security Fundamentals.
May 25 – June 15, Technical Overview Bruce Cowper IT Pro Advisor Microsoft Canada Damir Bersinic IT Pro Advisor Microsoft.
Security SIG August 19, 2010 Justin C. Klein Keane
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 6 Today’s Windows Windows Vista and Windows 7 McGraw-Hill.
Lesson 18: Configuring Security for Mobile Devices MOAC : Configuring Windows 8.1.
Backup Exec System Recovery. 2 Outline Introduction Challenges Solution Implementation Results Recommendations Q & A.
MICROSOFT AZURE ISV: CloudLink WEB SITE: LOCATION: Ottawa, Canada ORG SIZE: 35+ MICROSOFT AZURE ISV PROFILE:
What is BitLocker and How Does It Work? Steve Lamb IT Pro Evangelist, Microsoft Ltd
© ExplorNet’s Centers for Quality Teaching and Learning 1 Explain the importance of security and encryption. Objective Course Weight 2%
IBM Software Group © 2008 IBM Corporation IBM Tivoli Provisioning Manager 7.1 OS Management with TPM for OS Deployment.
Using Mobile Computers Lesson 12. Objectives Understand wireless security Configure wireless networking Use Windows mobility controls Synchronize data.
Windows Vista Configuration MCTS : NTFS Security Features and File Sharing.
SQL Server Encryption Ben Miller Blog:
From: windows-7-password.html.
Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.
Protecting Data at Rest Through Encryption CIO Summit November 30, 2007.
Leveraging SCCM: Brockport’s Journey to Software Deployment and Image Automation Thomas Calandra Stephen Lane.
Configuring Encryption and Advanced Auditing
SmartCenter for Pointsec - MI
Phase 4: Manage Deployment
Deploy and Manage BitLocker using MBAM
Mobile Device Encryption
Hardware security: The use of a Trusted Platform Module
(Presented by Eric Nobel)
Presented by, K.K.Radhika.
תרגול 9 – Windows Security
The Microsoft 365 Powered Device
Uses Of Encryption Algorithms
Data Security for Microsoft Azure
Hiding Information, Encryption, and Bypasses
System & Network Administration (MCSA & RHCSA)
Windows 10 Deployment with MDT 2016 (8443)
The bios.
“Encryption threatens to lead all of us to a very dark place.”
IT Management, Simplified
Presentation transcript:

UNM Encryption Services in Development June 8 – 9, 2017

Overview of the Encryption Service in Development at UNM Focus of this presentation Overview of Current Encryption Services Why do we need Encryption? Types of Encryption Services at UNM Encryption Services for testing Possible Encryption Solutions Q and A

Defining Encryption for this Presentation This presentation is going to focus on full disk encryption using Bitlocker.

Why do we need Encryption? Compliance HIPAA FERPA PII Research Sensitive Data (Export Control, ITAR, Research Integrity) Safeguard Privacy Protect Data Secure Intellectual Property

Type of Encryption Service at UNM Symantec Encryption Desktop Disk and File Encryption for Linux, Windows, & MacOS FileVault Full Disk Encryption for MacOS BitLocker Full Disk Encryption for Windows Self Encrypting Drives

Symantec Encryption Desktop Strengths and Weaknesses File and Disk Level Encryption Cross platform support Can use Passphrase or public and private encryption key pair Keys are managed and monitored. Weaknesses: Not fully tested with macOS Sierra Not Native to any Operating System (OS) There is a additional dollar cost High Learning Curve for End users Setup is not intuitive Initial Encryption is slow because it is not native to the OS

MacOS FileVault Strengths and Weaknesses Native MacOS Easy to implement Full Disk Encryption Additional users can be added easily to use the same device Weaknesses: Disk level encryption Does not encrypt boot camp partition Slow Encryption Not Centrally Managed Cannot encrypt Windows drives

Encryption Services for testing Microsoft BitLocker Administration and Monitoring (MBAM) Recovery keys are stored in a secured central database Web portal allows for self-services and help desk unlock Unlocks will reset TPM and generate a new recovery key Encryption settings are controlled by GPO Reporting of device compliance and recovery is managed by SCCM MBAM client must be installed prior to encryption Devices that are already encrypted using BitLocker will need to be re-encrypted after installing the client and applying GPO

Encryption Services for testing BitLocker Cannot be used for file level encryption.  Only encrypts disk at rest, useful for guarding against theft and lost desktops/laptops Native disk encryption since Windows Vista Supports operating system, fixed and removable drives Trusted Platform Module (TPM) Pin or password Removable USB key Cypher strengths AES 128bit AES 256bit XTS-AES 128bit (Windows 10 build 1511 or newer) XTS-AES 256bit (Windows 10 build 1511 or newer)

Microsoft BitLocker Strengths and Weaknesses Native support in Windows OS Multiple ways to decrypt the disk Little to no impact to disk performance on modern systems Computer can be encrypted during imaging using SCCM No cost since it is part of our Microsoft Campus Agreement Centrally Managed Weaknesses: Does not support file level encryption TPM not required but needed to ensure best security Removable disk can only be used on Windows computers Not supported for BootCamp Cannot encrypt Linux or MacOS drives

BitLocker Demo First, create the BitLocker GPO and link it to the OUs you want to use BitLocker encryption. A BitLocker GPO is available in our MODEL OU for you to reference.

BitLocker Demo Install the MBAM client. 32bit or 64bit client versions available The MBAM client will be available in SCCM Software Center

What happens when you have to recover the key? BitLocker Demo What happens when you have to recover the key?

BitLocker Demo Two Portals for recovery Help desk portal: https://bitlocker.unm.edu/helpdesk Self service portal: https://bitlocker.unm.edu/SelfService/

Help desk portal: https://bitlocker.unm.edu/helpdesk BitLocker Demo Help desk portal: https://bitlocker.unm.edu/helpdesk

Self service portal: https://bitlocker.unm.edu/SelfService/ BitLocker Demo Self service portal: https://bitlocker.unm.edu/SelfService/

Now we can enter our recovery key BitLocker Demo Now we can enter our recovery key

SCCM can report compliance of systems that use MBAM and BitLocker BitLocker Demo SCCM can report compliance of systems that use MBAM and BitLocker

Q and A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.