Art Alexion on 2 Oct 2008 08:07:46 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] eeePC partitioning suggestions

On Thursday 02 October 2008 10:23:55 am Michael Leone wrote:
> On Thu, Oct 2, 2008 at 10:15 AM, Jason Stelzer <> 
> > On Thu, Oct 2, 2008 at 9:16 AM, Art Alexion <> wrote:
> >> I hadn't thought about it, but it's a good idea.  We've had people break
> >> LCDs and lose chargers, but have been lucky so far about losing the
> >> laptop itself. We don't have much in terms of trade secrets, but some
> >> people have a lot of HIPPA protected stuff.
> >>
> >> These are not technical users.  Encryption suggestions that won't freak
> >> them out?
> >
> > There are a bunch of ways to do this, but in this case you want
> > something invisible to the user. I've been happily using pgp desktop
> > on my mac since it was released.
> We use PGP Desktop here. The server runs on Linux, but you can encrypt
> any filesystem (we're an all Windows shop), and it works fine and
> transparently for us. I have it on my work laptop, and wouldn't even
> know it's there, except for the PGP password I have to enter at boot
> time.

Knowing my users, I am considering two problems.  

First, it is a Linux laptop, either the standard Xandros, or eee-Ubuntu.  I am 
wondering when and how they are going to be prompted for the key.  I am 
guessing it has to be before X loads because X needs some files in $HOME, 
like .Xauthority, in order to load in the first place. As character mode 
freaks out some of our younger IT personnel, I don't even want to be around 
when one of our end users encounter it.

Second involves the password itself. It can take up to a month to teach our 
users that their VPN password is different from their NT password, and that 
their UID and PWD are different on these shared laptops from their desktops.  
When the laptops come back, the UID/PWD is usually on a post-it on the wrist 
rest area of the keyboard.  I can only assume that the encryption password 
will be stuck there as well.

I really don't care about their data, and our only concern would be HIPPA.  I 
really like this idea, and think our IT laptops should use it, but I don't 
have a lot of faith in our users,  I fear it would be like spending a lot of 
money on a sturdy door and sophisticated lock, only to constantly find the 
door propped open with a brick or a trash can.

Attachment: signature.asc
Description: This is a digitally signed message part.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --