Attention reader – This is notes that will eventually be turned into a general purpose document at a later date.
ISU EAR/ITAR policy definition: http://policy.iastate.edu/policy/export
- encrypted hard drives
- anti-virus mandate.
- data loss prevention
- Data controls (restrict USB ports, CD/DVD ROMS, locked PC case)
- 2 factor authentication.
- no local admins
- intrusion detection system (IDS)
- private network – ? Would a GW for Zion cluster be allowed
- no NetBIOS name broadcasts
- USER TRAINING, verbal and in writing.
- no auto-mounting
- Two-factor authentication:
- Something the user knows (e.g., password, PIN, pattern);
- Something the user has (e.g., ATM card, smart card, mobile phone); and
- Something the user is (e.g., biometric characteristic, such as a fingerprint).
- Use file system or block level encryption?
- What multi-factor authentication solutions work best?
- Does ISU maintain US National status in AD or other group?
- Does ISU provide group policies to harden MS directory clients? What policies should be set in such a policy? (no auto-mount, mandate AV, etc)
Linux storage encryption
File system level