Finally, someone (who knows his shit) is piping up on the subject of laptop crypto. I’ve grown tired of security practitioners that are dismissive towards this subject. Ed Skoudis has written a great piece on this subject.
How can your enterprise deal with this concern? A multi-pronged approach is best. First, in conjunction with the deployment of desktop crypto, you must encourage your users to choose complex passwords, those that cannot be easily guessed or cracked. Educate your users with good awareness programs so that they choose reasonable passwords with a mix of alpha, numeric and special characters. Automated password complexity enforcement tools, such as the Anixis Password Policy Enforcer, can help prevent your users from choosing poor passwords. Going further, set your minimum password length to at least 15 — or even 20 — characters to boost your password strength. Now, you might be thinking, “There’d be riots in the cubicles if we made such a change!” But, with your awareness program, work on transitioning your users from the mindset of passwords to passphrases. The latter are easier to remember, easier to type and far less likely to be cracked.
Now, we need more people to chime in and help. Of course this is not a cure all. But, it is better than a kick in the head.
[tags]Laptop Security, Laptop Crypto, Ed Skoudis, Mobile Security[/tags]
