Disk Encryption Service

NOTE: This draft page is for illustration purposes only

Description

The Disk Encryption Service will help protect the data on your York computing device (e.g. computer, laptop, USB key, etc.) by locking all the data down with a security encryption key. This way if the computing device becomes lost, stolen, or mishandled, others cannot easily gain access to the data without the necessary credentials even by gaining direct access to the hard drive. Once a device is setup with the Disk Encryption Service, the device and data can be accessed with Passport York.

Terms Of Service

Mandatory Requirements of a desktop/laptop computer that is on DES.

Automatic 3rd party Updates
User is required to apply the latest Microsoft updates on a monthly schedule, typically every 2nd Tuesday of the month

  • Mandatory setting:
    Install updates automatically, including other Microsoft product updates

Automatic 3rd party Updates
User is required to apply 3rd party security updates on a regular schedule. Examples are Adobe Acrobat / Flash / Shockwave, Oracle Java

  • Mandatory setting:
    Check/Allow to install updates automatically

Anti-Virus / Anti-Spyware
A reputable anti-virus / anti-spyware client is mandatory

  • Mandatory setting:
    Full Scan, weekly

Passwords
Please refer to the password guidelines when choosing a password. Password / passphrase for encryption should be different from the Passport York password.

  • You must choose a password that is not easy to guess.
  • Please do not use passwords based on dictionary words or personal information
  • Some combinations of dictionary words, and some foreign words are not allowed even if they are reversed or otherwise modified.
  • Passwords must be at least 7 characters and less than 9 characters long and may not contain a semi-colon (;) or double quotes (").
  • Passwords should not contain sequential characters i.e., 9876543.

Password lock
To return to normal operation from a sleep / hibernate / screenlock/screen saver / any other hybrid state, a password is required

  • Mandatory setting:
    Require a password on wakeup from sleep/hibernate/screenlock / screensae / any other hyrid power state
    Screensave=on;’On resume,display logon screen’=checked

Automatic login
Auto login is not allowed and should be disabled; user should be prompted for credentials on boot or when recovering from any power state

  • Mandatory setting:
    Auto login, disabled

DES check in
Computer is required to check in to service on a weekly basise

  • Mandatory setting:
    Connected to the Internet, weekly

Other prohibitions
Participating computers are discouraged from running on local computer:

  • Web server
  • FTP server
  • File server
  • Peer to peer service
  • Providing un-authenticated access of any kind

This service is supported by University Information Technology during regular business hours Monday - Friday 8:30am - 4:30pm.

  • The maintenance window for this service will be Thursdays 6am-8am for any necessary maintenance
  • Supported desktops and laptops running Operating Systems: Windows 7 Enterprise with Service Pack 1 and Windows 8.1 Enterprise (contact local desktop support group for current supported Operating Systems)
  • Supported for external hard drives, USB flash drives, and Firewire drives

Charges

  • The service will cost $30/year per device payable by department budget number (non-refundable). Note that a computer purchased through CRP is 3 years so this service can be purchased for 3 years.

How do I get it?

  • Eligibility: This service is being made available for all Faculty, full-time Staff, and Graduate Students in some cases (with approval from a faculty member) on University owned equipment.
  • Submit a service request
  • This service will typically be ready in 4 business days.

How do I get help?

FAQs

What if I forget?

Self-service online password recovery is available based on personal challenge questions

What is encryption?

An Encryption is a way to enhance security by scrambling the data or contents so that it can only be read by someone who has the right encryption key to unscramble it.

How is my computer (or hard disc) more secure with this service?

In the event that the computer (or hard disc) is lost, stolen, or physically removed, the data on the device will not be accessible without the necessary credentials.