Security, Full Disk Encryption

Security information from Technology Services Privacy and Information Security team.

Technology Services will no longer support McAfee and McAfee ePO after 12/31/2016

After 12/31/2016, antivirus and full disk encryption cannot be managed via ePO. On the endpoint, the software will continue to function; however, it will need to be managed at the endpoint. That means it will no longer be logging virus and encryption information centrally. When the McAfee software reaches end of life, it will require manual intervention at each endpoint. The University will continue to support other popular antivirus software like Malwarebytes, which will not be affected by this change. The personal version of McAfee antivirus for Windows or Mac, previously downloaded from the WebStore, will also not be affected by this change. However, moving forward, we will no longer be offering a personal version of McAfee antivirus. Instead, the University of Illinois makes the following recommendations for antivirus software: https://answers.uillinois.edu/illinois/page.php?id=67971.

What you can do

We recommend that you begin to transition to other software solutions on your University machines.

For a list of available antivirus and encryption software, as well as instructions for use, please see our blog post: https://techservices.illinois.edu/news/2016/ending-support-mcafee-products-university-computers.

Help

For questions or concerns, please contact the Technology Services Help Desk at 217-244-7000 or by email at consult@illinois.edu.


Full disk encryption (FDE) helps prevent unauthorized access to data stored on a device if that device is lost or stolen. As of January 1, 2013 all University owned laptops must be encrypted with FDE, per the laptop standard.

Technology Services used to recommend but no longer fully supports McAfee's Full Disk Encryption product, available through ePO.

Additional products can be used for full disk encryption; however, Tech Services does not currently offer support for these products. Other FDE offering include but are not limited to TruecryptBitLocker, and FileVault

A secure FDE product should provide the following features and functionality:

  • Key Management:
    • Encryption keys managed by a central server curtail many of the risks associated with manual management via the client disk. For example, a user who manually stores a key on a thumb drive could misplace it, potentially allowing unauthorized access to sensitive data
  • Compliance:
    • Your FDE solution should provide a reporting framework that allows you to prove a disk was encrypted at the time of physical compromise.
    • You should also be able to reconcile the number of encrypted disks in your environment with how many computers actually are in use.
  • Pre-boot authentication:
    • Any viable disk encryption product should require a user to authenticate before booting the computer, thus allowing encryption of the boot disk.
  • Custom authentication:
    • Enables custom authentication mechanisms to be implemented with third-party applications, such as the University's Active Directory.
  • Two-factor authentication:
    • The product provides support for optional security tokens, such as smart cards?
  • Single Sign On:
    • A good encryption system allows users to sign in one time, providing a greater level of security transparency.
  • Platform(s) supported:
    • Ideally, the product should offer support for more than one operating system (i.e. Mac OS and Windows) or file system type (NTFS, XTS, etc) and allow management by a central server?
  • Encryption Cipher(s) used:
    • A viable FDE option should make use of a strong encryption cipher, such as the Advanced Encryption Standard (AES) 128 bit and 256 bit. AES is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST).




Keywords:security, privacy, information   Doc ID:62908
Owner:Security S.Group:University of Illinois Technology Services
Created:2016-04-22 14:00 CDTUpdated:2017-02-03 10:29 CDT
Sites:University of Illinois Technology Services
Feedback:  0   0