Critical data is best protected against misuse on business trips complete encryption of notebook hard disks. If 4,500 notebooks are involved, as is the case for the Zurich firm Swiss Re, precise selection criteria and exact planning for the international rollout are important.
Pointsec - the de facto security standard for mobile devices and PCs
AUTHENTICATION AND ENCRYPTION
BRy Jürgiesn Waksem--Guftenrsoehn* e Travel
Critical data is best protected against misuse on business trips by complete en-cryption of notebook hard disks. If 4,500 notebooks are involved, as is the case for the Zurich ?rm Swiss Re, precise selection criteria and exact planning for the international rollout are important. It's all in the name - for example "Enigma". An encryption machine bearing this name was de-signed back in the 1920s. The Enigma machine was used ?rst in the civil commercial ?eld and later by the military. Enigma is also the name chosen by Swiss Re for its IT project involving the encryption of 4,500 notebooks. The laptops are used by employees who travel a lot, commute between different locations or occasionally work in a home of?ce. The reason behind the project is that the password protection in Windows XP was not adequate for those in charge at the reinsur-ance company. Notebooks protected in this way are open to any form of misuse within minutes with easily available hacking tools.
However, complete encryption of notebook hard disks, including the operating system and data, prevents unauthorized persons from reading the data. To ?nd the right solution, the project team was asked to de?ne selection criteria and to assess the products offered on the market on that basis.
SELECTION CRITERIA SEPARATE THE WHEAT FROM THE CHAFF"The essential requirement for an encryption solution for mobile termi-nals is that it must be compatible with the existing server infrastructure, the application components on the laptops and the software distribution mechanism," stresses Fredi Schmid, the competent Project Manager at Swiss Re in Zurich. "This also means that the software can be installed automatically during operation (i.e. without support employees on site) on the devices in use. The solution currently used, Pointsec for PC, meets these requirements." Installation should be as easy as possible for users. If complete encryption of notebook hard disks runs in the background, according to Schmid, the user can largely perform his daily work undisturbed.
The encryption of the entire notebook hard disk is binding on all notebook users. This means complete sector-by-sector encryption of the entire hard disk. This includes not only the storage areas in use but also areas with temporary or deleted ?les and the space not currently in use. For this reason, complete encryption is necessary. The Swiss Re headquarters were built The necessity of compliance with the encryption measures also means in 1913 and are located very close to that even employees with administration rights on a notebook cannot Lake Zurich. (Source: Swiss Re)disable or delete encryption software that has been installed. Measures are also necessary for cases in which users enter the wrong password repeatedly or have forgotten the combination of characters they chose. If a company has consciously decided against a central repository with all passwords, a challenge-response procedure between the user and the administra-tor helps in such cases. The user must ?rst identify himself to the helpdesk. The user then generates a chain of characters (challenge). The administrator, who administers the user accounts but not the passwords, responds with the suitable response. The central administration software determines the Pointsec - the de facto security standard for mobile devices and PCs
response on the basis of the challenge. It is important that each response applies for only one access attempt. There-fore, the challenge-response procedure is superior to the transmission of encrypted passwords.
After a detailed evaluation of several quotations, Swiss Re decided on the Pointsec solution. "First of all, we were impressed by the technology. Another feature in its favor is the user authentication in addition to the actual encryp-tion. This protection function works immediately after the devices are switched on, i.e. even before they actually boot up," stresses Schmid. "Secondly, the international experi- Critical data stored on notebook hard disks ence of Pointsec from the rollout of extensive installations is best protected against misuse by complete also played an important role in the decision." encryption of the hard disks.
256-BIT DATA ENCRYPTIONThe encryption algorithm used in the Pointsec... [download for more]
