Need some help with a paper for class on encryption products

[DisgruntledVirus]

I have to write a paper as a fake business proposal basically that looks at 6 different security products, compare/contrast them and then select 3 for the fake company to test onsite. So, been doing some research to find the 6 products and 3 sources but been having some issues. I plan to include Bitlocker (since it is included with some versions of Win7), Truecrypt (it's usually recommended by people when you ask what to use), and am thinking about including TPM for a hardware based version (I think this is more a software focused paper but TPM might be an interesting product).

Any suggestions on other products to add in to this review, and also any good security websites that do reviews on products like Anandtech does for hardware?

 

[Chiefcrowe]

I'd suggest Pointsec product as one to look at, we are in the process of implementing it here right now.

 

[blackangst1]

PGP?

edit: You can also check out Cisco Iron Port

 

[seepy83]

You can check the SANS Reading Room (http://www.sans.org/reading_room/) for relevant papers. However make sure you check their minor disclaimer to confirm if these would be relevant sources for your paper:

Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

I think your topic needs to be narrowed down a little bit. Exactly what type of encryption products are you looking for? Are you trying to encrypt data "at rest" (i.e. on a file server or a local hard drive)? Are you trying to encrypt data in transit (like a Tumbleweed or Zix product for encrypted email, or a VPN product, etc) ?

Also, my understanding of TPM (although I haven't implemented it) is that it is used in conjunction with other encryption software (like Bitlocker, or PGP Whole Disk Encryption, etc). So TPM is often an option when you are writing policies or configuring the softwar,e but it is not necessarily a product in and of itself...it's more of a facilitating technology. If TPM can be included as a "product" in your paper, then you could probably also include USB Tokens or Smartcards from a number of different vendors (Aladdin, RSA, etc) as products for two-factor authentication to be used in conjunction with some other encryption software.

 

[DisgruntledVirus]

Originally posted by: seepy83
You can check the SANS Reading Room (http://www.sans.org/reading_room/) for relevant papers. However make sure you check their minor disclaimer to confirm if these would be relevant sources for your paper:

Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

I think your topic needs to be narrowed down a little bit. Exactly what type of encryption products are you looking for? Are you trying to encrypt data "at rest" (i.e. on a file server or a local hard drive)? Are you trying to encrypt data in transit (like a Tumbleweed or Zix product for encrypted email, or a VPN product, etc) ?

Also, my understanding of TPM (although I haven't implemented it) is that it is used in conjunction with other encryption software (like Bitlocker, or PGP Whole Disk Encryption, etc). So TPM is often an option when you are writing policies or configuring the softwar,e but it is not necessarily a product in and of itself...it's more of a facilitating technology. If TPM can be included as a "product" in your paper, then you could probably also include USB Tokens or Smartcards from a number of different vendors (Aladdin, RSA, etc) as products for two-factor authentication to be used in conjunction with some other encryption software.

The assignment given was pretty broad. I asked the professor last night and she said that doing full disk encryption programs would work for the paper. Also, in reading more on TPM you are correct and I ended up deciding to look at Bitlocker, Truecrypt, Checkpoint, McAffee Endpoint, Suredoc, and Guardian Edge.

I need to answer:
Problem it may solve

Perform a technical analysis (how it works, is it the best solution, etc)

Perform an administrative analysis (is it feasable to admin, what will it take to implement)

Perform a risk analysis (risks of doing and not doing it)

What 3 products would you chose for an onsite eval and why? What criteria would be used for onsite testing?

What policies would need to be put in place?

 

[HKSturboKID]

McAfee Safeboot encrytion = disk encrytion

 

[zerocool1]

CREDANT Mobile Guardian?

 

[Zugzwang152]

Sounds like you're looking for full disk encryption products... TrueCrypt is popular here as a free solution, but will only work on Windows for FDE.

For commercial solutions, PGP and Pointsec are popular. PGP has the only full-disk encryption product for Macs (I think they're still the only ones).

We use Seagate encrypted hard drives and the management software from Wave Systems. Better than all of them because it's hardware-based and thus does not impact performance at all.