![Page 1: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/1.jpg)
Julian Heywood
Development Manager
MIS Active Management Systems
Session TS2
Mark Appleyard
Managing Director
MIS Systems Engineering
Security of data, networks and mobile solutions
![Page 2: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/2.jpg)
Session Focus
• Understanding the data security risks in the mobile working environment
• Developing an open, multi-layered approach to mobile security
• Delivering secure mobile working practises to drive productivity and business opportunities
![Page 4: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/4.jpg)
![Page 5: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/5.jpg)
What is mobile working?
![Page 6: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/6.jpg)
![Page 7: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/7.jpg)
![Page 8: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/8.jpg)
![Page 9: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/9.jpg)
![Page 10: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/10.jpg)
![Page 11: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/11.jpg)
![Page 12: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/12.jpg)
8 Rules of Good Security
![Page 13: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/13.jpg)
Nothing is 100% secure
1
![Page 14: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/14.jpg)
Nothing is 100% secure
“The most secure computers are those not connected to the internet and shielded from any interference.”
- Wikipedia - Computer Security
1
![Page 15: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/15.jpg)
Trust No One And No Thing
2
![Page 16: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/16.jpg)
Security should be designed into the system, not added as an afterthought.
3
![Page 17: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/17.jpg)
Don’t Re-Invent The Wheel
4
![Page 18: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/18.jpg)
5
![Page 19: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/19.jpg)
5
![Page 20: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/20.jpg)
Encrypt Everything
5
![Page 21: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/21.jpg)
Usernames & Passwords
Network Protocols
Offsite Data
Database
5
![Page 22: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/22.jpg)
6
![Page 23: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/23.jpg)
Don’t make yourself a target
6
![Page 24: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/24.jpg)
Don’t Neglect The Social Aspect
7
![Page 25: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/25.jpg)
8
http://tinyurl.com/79j4o9o
![Page 26: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/26.jpg)
Good security is like Shrek
8
http://tinyurl.com/79j4o9o
![Page 27: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/27.jpg)
Good security has layers
8
http://tinyurl.com/79j4o9o
![Page 28: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/28.jpg)
Good security has layers
8
![Page 29: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/29.jpg)
Some Vectors of Attack
![Page 30: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/30.jpg)
Unpatched Software
![Page 31: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/31.jpg)
XSS – Cross Site Scripting
![Page 32: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/32.jpg)
SQL Injection
![Page 33: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/33.jpg)
![Page 34: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/34.jpg)
Real Life Examples
![Page 35: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/35.jpg)
MySQL.com
SQL Injection Attack
27th March 2011
Usernames And Passwords Compromised
![Page 36: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/36.jpg)
Gawker.com
Made Themselves A Target
11th December 2010
Whole Server Compromised
![Page 37: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/37.jpg)
Sony PSN
Too Much Trust In Users
26th April 2011
Whole Network Compromised
![Page 38: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/38.jpg)
Black and Berg Security
Made Themselves A Target
8th June 2011
Web Server Compromised
![Page 39: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/39.jpg)
![Page 40: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/40.jpg)
![Page 42: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/42.jpg)
Securing Remote Access to Corporate Resources
• VPN
• Multi-factor Authentication
• Enforced Health Requirement NAP/NAC
• An Integrated Approach to Improve Security
• Secure Virtual Applications & Desktops
• Wireless Considerations
• Portable USB and Encrypted Storage Devices
![Page 43: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/43.jpg)
VPN Connectivity
Hardware based site-to-site IPsec• Secure and can be locked to specific TCP/IP addresses for added protection
• No direct involvement of non-technical users
• Can be scaled to support many users
Client based such as PPTP/L2TP IPsec• Cisco VPN client or Microsoft VPN client
• Often requires installation of software onto device
• Compatibility issues between various vendor products
Browser based SSL VPN• Works with most browsers
• Mostly does not require any software to be installed onto device
• Good compatibility between various vendor products
• Only requires HTTPS (normally open on most networks)
![Page 44: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/44.jpg)
VPN Connectivity
![Page 45: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/45.jpg)
Risks associated with VPN technology
• Spread of viruses, worms, and Trojans
• Split tunnelling
• User credential related risks
• A compromised VPN may go unnoticed for a good deal of time
• Intrusion Detection Systems (IDS) does not monitor traffic on VPNs because it is encrypted
Encryption, authentication and securing the machines of end users are critical components of overall enterprise VPN security
A compromised VPN connection is the equivalent of leaving your front door wide open!
![Page 46: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/46.jpg)
VPN Risk Mitigation
• Session timeouts (10 minutes or less)
• SSL version verification (reject SSL 2.0)
• Discouraging use at public terminals or WiFi
• Security policies and secure access through strong user authentication
• Host identity verification• Host security posture validation (NAP/NAC)• Secure desktop, portals or application publishing
![Page 47: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/47.jpg)
Secure User Authentication
Two factor authentication - "something you have" + "something you know" concept
The simplest security tokens do not need any connection to a computer. The client enters the number to a local keyboard as displayed on the token (second security factor), usually along with a PIN (first security factor), when asked to do so
![Page 48: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/48.jpg)
Enforced Health requirement policiesMicrosoft - Network Access Protection (NAP)Cisco - Network Admission Control (NAC)
Benefits• NAP Enables policy validation, network restriction, network
remediation and on-going compliance• Inspecting client computer health state, limits network access for
noncompliant clients• Secures the network from unauthorised users and systems • Provides highly customizable role-based access to network
resources for employees• NAP/802.1X Enforcement works seamlessly across both wired and
wireless networks
![Page 49: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/49.jpg)
Enforced Health requirement policies
![Page 50: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/50.jpg)
We need to empower users to be productive from virtually any device or location …
![Page 51: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/51.jpg)
An Integrated Approach to Improve Security
Network Administrators are under pressure to provide anywhere-access to messaging, collaboration and other resources. To achieve Secure Anywhere Access IT departments must employ a variety of security strategies.
• It is no longer feasible simply to protect at the perimeter
• Protection and security must exist throughout the network
• Application-agnostic network security recommended
• Determine access control policies and key management strategies to address that risk
• Determine what data is considered sensitive, and where it resides in the organisation
![Page 52: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/52.jpg)
Security vendors are introducing new purpose-built platforms which deliver comprehensive, secure remote access to corporate resources for employees and partners on both managed and unmanaged PCs and mobile devices.
![Page 53: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/53.jpg)
Delivers simple and secure access optimised for applications such as SharePoint, Exchange, and Dynamics CRM.
Integrating a deep understanding of the applications published, the state of health of the devices being used to gain access, and the user's identity – Forefront UAG enforces granular access controls and policies to deliver comprehensive remote access, ensure security, and reduce management costs and complexity.
![Page 54: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/54.jpg)
Citrix Access Gateway
• Simple secure HTTPS access to published apps, full desktops or VDI from web browsers
• Consolidates points of access by combining your traditional IPSecVPN and Secure gateway into a single appliance
• Citrix Access Gateway VPX is a software virtual appliance that you can deploy on any off-the-shelf server in the datacentre
• Secure Virtual Desktops - Give users secure access from anywhere while maximising their productivity
Citrix Access Gateway is a secure application access solution that provides administrators granular application-level control while empowering users with remote access from anywhere.
Citrix Receiver now supports Android and Apple (as well as Windows) so no need to load or install software on device
![Page 55: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/55.jpg)
Wireless Access
• Wired Equivalent Privacy (WEP) – can be hacked in less than 10 mins
• Wi-Fi Protected Access (WPA) more secure than WEP but has now been replaced with WPA2
• WPA2 – Mandatory for Wi-Fi–certified devices since 2006 so no reason not to use it, if your devices are older than this or don’t support WPA2 they should be replaced
• Small businesses can use AES pre-shared keys but for larger Enterprises better to use 802.1X (WPA2 Enterprise)
Many businesses access points are still accepting WEP connections and lots of home networks with no encryption !!!
![Page 56: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/56.jpg)
802.1X Wireless Access Authentication
AES pre-shared keys are OK but for larger Enterprises better to use 801X, this way keys don’t have to be given out – changing when someone leaves or after visitors is unmanageable.
• Windows XP, Vista and Windows 7 have support 802.1X for all network connections by default. Windows Mobile 2003 and later operating systems also come with a native 802.1X client
• Mac OS X has offered native support since 10.3. The iPhone and iPod Touch also support 802.1X
• Android support from 2.2 (Froyo)
![Page 57: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/57.jpg)
Disk Encryption Disk encryption prevents unauthorised access to data storage. The term "full disk encryption" (or whole disk encryption) is often used to signify that everything on a disk is encrypted
Microsoft BitLocker is available only in the Enterprise and Ultimate editions of Windows Vista and Windows 7. Users of other versions of Windows that don't include BitLocker could use a third-party encryption program to satisfy the need for full drive encryption such as TrueCrypt – Free Open-Source Disk Encryption Software
![Page 58: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/58.jpg)
Removable Storage Devices
• Portable storage devices are a big risk to network security
• Firewalls and antivirus software are no defence against the latest forms of computer attack that comes via open USB, eSATA and FireWire ports
• Viruses, worms and trojans get into the corporate network this way
• Valuable data can leave the company in huge quantities
• Microsoft Group policies can't manage USB and FireWire access very easy so recommend using third-party products to lockdown access
![Page 59: Security of data, networks and mobile solutionsdoc.housing.org.uk.s3.amazonaws.com/Presentations/TS2 Julian He… · identity –Forefront UAG enforces granular access controls and](https://reader034.vdocuments.us/reader034/viewer/2022042910/5f3e58c63cab443cce113ab0/html5/thumbnails/59.jpg)
Julian Heywood
Development Manager
MIS Active Management Systems
Mark Appleyard
Managing Director
MIS Systems Engineering
Security of data, networks and mobile solutions