Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
522
Views
0
Helpful
4
Replies

Device Encryption

mgzwepaing
Level 1
Level 1

‎03-10-2008 06:26 AM - edited ‎03-09-2019 08:16 PM

We currently have CSA and NAC and would like to have suggestions on what could be the best way to handle device encryption/endpoint security, mostly on laptops for remote users.

Our main goal is to have file/folder encryption enabled on the device. Would Windows built-in encryption or any third party software (Synmantec/Zenworks) do the job and what would you recommend?

We were lead to believe that CSA have the capability to do encryption on the end device but found out the hard way that it's not true or is it?

We have both NAC and CSA in place and would like to do anything we can to enforce or have the device secured without adding another Cisco appliance if at all possible.

Thank you.

Labels:
0 Helpful
4 Replies 4

mhellman
Level 7
Level 7

‎03-10-2008 08:42 AM

No, CSA does not provide endpoint encryption.

What exactly are you trying to accomplish with endpoint encryption? i.e. what risks are you trying to mitigate? If you're worried about stolen laptops, your best bet IMHO is probably full disk encryption. If there is some very specific data you're trying to protect or if you can trust your users to encrypt everything that needs encrypting, then consider file/folder encryption. There are lots of solutions to do either, even some free ones. see:

http://www.truecrypt.org/

0 Helpful

mgzwepaing
Level 1
Level 1
In response to mhellman

‎03-10-2008 09:59 AM

I believe, in this case, there will be two pieces involved for the encryption, CSA and TrueCrypt or other similar app.

We are trying to prevent remote users from abusing/losing the sensitive data as they work off-site and would like to have it accomplished (secure data) without too much user's action involved and no education or training on how to operate. We were hoping that the software/agent can take care of everything. But I don't think we could in this case.

I will have to get back to the planning game again. Do you have any suggestions on how to best use of available CSA policies and rules combining with TrueCrypt or will they be just two separate process with more user's action?

Thank again.

0 Helpful

srue
Level 7
Level 7
In response to mgzwepaing

‎03-10-2008 10:04 AM

my old company uses "Pointsec" and has been pretty pleased w/ that for laptop encryption.

it's now owned by checkpoint:

http://www.checkpoint.com/products/datasecurity/pc/index.html

0 Helpful

mhellman
Level 7
Level 7
In response to mgzwepaing

‎03-12-2008 07:08 AM

Sorry, just noticed your other question in there about CSA and truecrypt. I'm pretty ignorant of the CSA product at that level, but there are some really sharp folks in this forum that are all over it. You may have better luck reposting as its own topic.

0 Helpful
Customers Also Viewed These Support Documents