USB encryption and other Security things

noah_swanson
New Contributor

Currently we're in the process of testing some policies with Windows where all USB and CD/DVD writing is disabled. If a user is exempt from that we'll be implementing BitLocker To Go (Built into Windows for USB encryption). It's inevitable to think this won't hit the Mac environment so I've been looking at the options.

Currently we have PGP for whole disk encryption that has the ability to do USB encryption. This would be a great way for users to go from mac to pc with these disks (granted it's a fat formatted drive). However, with Windows 7 we're not installing the PGP software onto peoples machines so that would add to licensing for PGP as well as extra steps for these users.

When this happens I'd like to put something on the Macs where they won't lose the PC/Mac boundary. Anyone know of any software that I could do this with? After consulting Google, all I've found is EncryptStick that seems to go between Mac and PC.

After that, is there a way to force encryption before writing? I know there are some MCX policies to disable USB mounting but not much else.

Thanks,
Noah Swanson
Imaging Specialist
Enterprise Desktop Services
Phone: 309-765-3153
SwansonNoah at johndeere.com

4 REPLIES 4

noah_swanson
New Contributor

Excellent. We have toyed with the idea of issuing hardware encrypted drives for those users being exempted. We still have the barrier of them using a drive from home, but I guess there's not a whole lot to do given that perspective.

Thanks for the information!

jarednichols
Honored Contributor

I'll give a nod to Ironkey. Great product. FIPS 140-2 certified.

j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

nkalister
Valued Contributor

Also big ups from me for iron key. We used them at lucasfilm, and were very happy with them.
Also, what about true crypt? It's cross platform and free.
nick

noah_swanson
New Contributor

Truecrypt would be nice but the process for getting open sourced stuff approved isn't fun. The only way I got reposado approved was to say we'd need another Mac Server if they didn't approve it