Presentation is loading. Please wait.

Presentation is loading. Please wait.

UNM Encryption Services in Development

Published byStuart Booth Modified over 6 years ago

Similar presentations

Presentation on theme: "UNM Encryption Services in Development"— Presentation transcript:

1 UNM Encryption Services in Development
June 8 – 9, 2017

2 Overview of the Encryption Service in Development at UNM
Focus of this presentation Overview of Current Encryption Services Why do we need Encryption? Types of Encryption Services at UNM Encryption Services for testing Possible Encryption Solutions Q and A

3 Defining Encryption for this Presentation
This presentation is going to focus on full disk encryption using Bitlocker.

4 Why do we need Encryption?
Compliance HIPAA FERPA PII Research Sensitive Data (Export Control, ITAR, Research Integrity) Safeguard Privacy Protect Data Secure Intellectual Property

5 Type of Encryption Service at UNM
Symantec Encryption Desktop Disk and File Encryption for Linux, Windows, & MacOS FileVault Full Disk Encryption for MacOS BitLocker Full Disk Encryption for Windows Self Encrypting Drives

6 Symantec Encryption Desktop Strengths and Weaknesses
File and Disk Level Encryption Cross platform support Can use Passphrase or public and private encryption key pair Keys are managed and monitored. Weaknesses: Not fully tested with macOS Sierra Not Native to any Operating System (OS) There is a additional dollar cost High Learning Curve for End users Setup is not intuitive Initial Encryption is slow because it is not native to the OS

7 MacOS FileVault Strengths and Weaknesses
Native MacOS Easy to implement Full Disk Encryption Additional users can be added easily to use the same device Weaknesses: Disk level encryption Does not encrypt boot camp partition Slow Encryption Not Centrally Managed Cannot encrypt Windows drives

8 Encryption Services for testing
Microsoft BitLocker Administration and Monitoring (MBAM) Recovery keys are stored in a secured central database Web portal allows for self-services and help desk unlock Unlocks will reset TPM and generate a new recovery key Encryption settings are controlled by GPO Reporting of device compliance and recovery is managed by SCCM MBAM client must be installed prior to encryption Devices that are already encrypted using BitLocker will need to be re-encrypted after installing the client and applying GPO

9 Encryption Services for testing
BitLocker Cannot be used for file level encryption.  Only encrypts disk at rest, useful for guarding against theft and lost desktops/laptops Native disk encryption since Windows Vista Supports operating system, fixed and removable drives Trusted Platform Module (TPM) Pin or password Removable USB key Cypher strengths AES 128bit AES 256bit XTS-AES 128bit (Windows 10 build 1511 or newer) XTS-AES 256bit (Windows 10 build 1511 or newer)

10 Microsoft BitLocker Strengths and Weaknesses
Native support in Windows OS Multiple ways to decrypt the disk Little to no impact to disk performance on modern systems Computer can be encrypted during imaging using SCCM No cost since it is part of our Microsoft Campus Agreement Centrally Managed Weaknesses: Does not support file level encryption TPM not required but needed to ensure best security Removable disk can only be used on Windows computers Not supported for BootCamp Cannot encrypt Linux or MacOS drives

11 BitLocker Demo First, create the BitLocker GPO and link it to the OUs you want to use BitLocker encryption. A BitLocker GPO is available in our MODEL OU for you to reference.

12

13

14 BitLocker Demo Install the MBAM client.
32bit or 64bit client versions available The MBAM client will be available in SCCM Software Center

15

16 What happens when you have to recover the key?
BitLocker Demo What happens when you have to recover the key?

17

18 BitLocker Demo Two Portals for recovery Help desk portal:
Self service portal:

19 Help desk portal: https://bitlocker.unm.edu/helpdesk
BitLocker Demo Help desk portal:

20

21

22

23

24 Self service portal: https://bitlocker.unm.edu/SelfService/
BitLocker Demo Self service portal:

25

26

27

28 Now we can enter our recovery key
BitLocker Demo Now we can enter our recovery key

29

30 SCCM can report compliance of systems that use MBAM and BitLocker
BitLocker Demo SCCM can report compliance of systems that use MBAM and BitLocker

31

32 Q and A

Download ppt "UNM Encryption Services in Development"

Similar presentations

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.
Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
Rambling on the Private Data Security

Rambling on the Private Data Security
Encryption – First line of defense Plamen Martinov Director of Systems and Security.

Encryption – First line of defense Plamen Martinov Director of Systems and Security.
BitLocker™ Drive Encryption A look under the covers Steve Lamb Technical Security Advisor, Microsoft UK

BitLocker™ Drive Encryption A look under the covers Steve Lamb Technical Security Advisor, Microsoft UK
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Support for Windows 7 Chapter 2 Securing and Troubleshooting Windows 7.

Support for Windows 7 Chapter 2 Securing and Troubleshooting Windows 7.
The future of Desktops Transform Your Desktop with Virtualization.

The future of Desktops Transform Your Desktop with Virtualization.
WCL317 Disclaimer The information in this presentation relates to a pre-released product which may be substantially modified before it’s commercially.

WCL317 Disclaimer The information in this presentation relates to a pre-released product which may be substantially modified before it’s commercially.
Windows 8: Windows To Go Overview Zvezdan PavkovicTanya Koval Senior ConsultantArchitect WCL333.

Windows 8: Windows To Go Overview Zvezdan PavkovicTanya Koval Senior ConsultantArchitect WCL333.
Www.nordic-backup.com The Ultimate Backup Solution.

The Ultimate Backup Solution.
BitLocker Deployment Using MBAM is a Snap!

BitLocker Deployment Using MBAM is a Snap!
Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.

Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.
Data Encryption Overview South Seas Corporation Jared Owensby.

Data Encryption Overview South Seas Corporation Jared Owensby.
SEC316: BitLocker™ Drive Encryption

SEC316: BitLocker™ Drive Encryption
You can run that from a USB Drive ? Portable Applications: the good, the bad and the ugly Jeff Gimbel © 2007.

You can run that from a USB Drive ? Portable Applications: the good, the bad and the ugly Jeff Gimbel © 2007.
Mobility for the Enterprise

Mobility for the Enterprise
Security Computing Practices Plamen Martinov Chief Information Security Officer.

Security Computing Practices Plamen Martinov Chief Information Security Officer.
MDOP 2010: Diagnostic and Recovery Toolset (DaRT) Speaker Fabrizio Grossi

MDOP 2010: Diagnostic and Recovery Toolset (DaRT) Speaker Fabrizio Grossi
File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006.

File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006.

Similar presentations

Ads by Google