On 3/24/06, Paul W. Frields <stickster@xxxxxxxxx> wrote: > On Thu, 2006-03-23 at 09:31 -0500, Daniel J Walsh wrote: > > Received an FedEX from Fidelity this morning seems, one of their > > laptops was stolen. On the laptop, was the Personal information, > > including Social Security number, of everyone in the HP Retirement > > plan (I suppose this includes DEC/Compaq and HP. They have us jumping > > through hoops and going to Credit Agencies to watch for unusual activity. > > Now if the system had been encrypted ... Now why was this data on a > > laptop? I don't know. > > > > Laptops have becoming the standard machine for people, replacing the > > desktop. We need to consider defaulting FC6 with encrypted filesystem > > or at least homedirs out of the box. This should be a key feature of FC6. > > As long as there's a clear visible option to do away with encryption on > the FS, that's cool. Deciding to put important data in a possibly > unretrievable state in the event of a user departure from a company or > an untimely demise is not a great idea without a plan to recover it. My > laptop is owned by my company, and I am sure they don't want me > encrypting data on it in a manner which prevents them from accessing it > should they wish to. The solution I have seen with this is corporate key management. This means that every unit that is encrypted is encrypted so that the corporate secret key or the users key can decrypt the file. On our systems we are supposed to use Entrust for this key management . On the windows side you can create an entrust folder that you drop your documents to and also tell the wellbehaved applications (ha) to use as their tempspace /save space. -- Stephen J Smoogen. CSIRT/Linux System Administrator