- Campuses :
- Twin Cities
- Crookston
- Duluth
- Morris
- Rochester
- Other Locations
Encryption is the conversion of data into a form, called ciphertext, that cannot be easily understood by unauthorized people. Decryption is the process of converting encrypted data back into its original form, so it can be understood.
Before using encryption programs, evaluate if it is absolutely necessary to store confidential or private data on this computer or mobile computing device (e.g., PDA or USB flash drive). Consult with your local technical support staff. If you need to store private data, take steps to encrypt the data to help prevent unauthorized disclosure of private data. For laptops, data encryption is just one of the required steps in the University's Securing Private Data Standard.
There is a variety of encryption software available for common operating systems. Some software encrypts the entire hard disk, while others have an option to encrypt specific files or folders on the hard disk. Some operating systems, such as Microsoft Windows and Apple Macintosh have an option to turn on the operating systems built-in encryption software. There are also some readily available data encryption products from third party vendors. Some are even free.
No matter what product you choose, here are some important reminders:
Below are options for various operating systems/media: Macintosh, Unix, Windows and USB flash drives.
At the University for full disk encryption, in rough order based on number of users, the following encryption products are used: CheckPoint (PointSec), Sophos (Utimaco), Microsoft BitLocker, TrueCrypt.
Below are some products used within the University by some departments. Be sure to download the software from a reputable site and periodically check the vendor web site for security patches or updates that must be applied.
Product | Windows Platforms | Options | Web site | Notes |
Windows Encrypting File System (EFS) | XP, Vista and 2003 | Built into the Windows Operating System | File and folder encryption. See Required Steps for EFS. Files emailed or saved to external media are NOT encrypted. | |
| Windows BitLocker | Vista, Windows 7 | Built into the Windows Operating System | http://technet.microsoft.com/en-us/windows/aa905065.aspx | Full disk encryption |
| CheckPoint FDE (formerly called PointSec) | Purchase, under state contract | http://www.checkpoint.com/products/datasecurity/index.html | Full disk encryption State Contract (for University-owned computers): | |
| Sophos SafeGuard Easy/Utimaco | XP, 2000 and 2003 | Purchase | http://www.sophos.com/products/enterprise/encryption/safeguard-easy/ | Full disk encryption |
| TrueCrypt | XP, 2000, Vista and 2003 | Free | http://www.truecrypt.org/ | Full disk encryption, folder encryption, directory or virtual drive |
GNU Privacy Guard (open source version of PGP) | XP and 2000 | Free | File and folder encryption With the Windows Privacy Tray for GnuPG, this allows for easy encryption, decryption and file shredding options. See http://www.gpg4win.org/. | |
PGP commercial | XP, 2000, Vista and 2003 | Purchase | File, folder, whole disk or virtual disk encryption. Includes a feature to securely wipe or shred individual files. The gold standard of encryption, but more complex. | |
| SecureZip | XP, 2000, Vista and 2003 | Free trial, Purchase | http://www.pkware.com/software-data-security/windows-file-encryption | File and folder encryption. |
*
Below are some products used within the University by some departments. Be sure to download the software from a reputable site and periodically check the vendor web site for security patches or updates that must be applied.
Product | Macintosh Platforms | Options | Web site | Notes |
Mac File Vault | Mac OS X or higher | Built into the Macintosh Operating System | http://docs.info.apple.com/article.html?path=Mac/10.4/en/mh1877.html | Folder encryption |
CheckPoint FDE (formerly called PointSec) |
| Purchase, under state contract | Full disk encryption State Contract (for University-owned computers): | |
| TrueCrypt | Mac OS X | Free | http://www.truecrypt.org/ | Full disk and folder encryption |
| Mac GNU Privacy Guard | Mac OS X 10.1 or higher | Free | File and folder encryption | |
| PGP commercial | Mac OS X 10.4 or higher | Purchase | http://www.pgp.com/products/desktop/index.html | File, folder, whole disk or virtual disk encryption. Includes a feature to securely wipe or shred individual files. The gold standard of encryption, but more complex. |
Macintosh OS X has native 128-bit encryption, called File Vault. File Vault encrypts the contents for a user's home directory.
Note:
Be sure to download the software from a reputable site and periodically check the vendor web site for security patches or updates that must be applied.
Product | Platforms | Options | Web site | Notes |
| CheckPoint FDE (formerly called PointSec) | Linux (Red Hat, Suse, OpenSuSe) | Purchase, under state contract | http://www.checkpoint.com/products/datasecurity/index.html | Full disk encryption State Contract (for University-owned computers):http://www.oet.state.mn.us/itproducts/software/manufacturers/Checkpoint_Pointsec_software_index.html |
| TrueCrypt | Linux | Free | http://www.truecrypt.org/ | Full disk and folder encryption |
| GNU Privacy Guard (open source version of PGP) | Unix, Linux | Free | File and folder encryption | |
SecureZip | Unix, Linux | Free trial, Purchase | http://www.pkware.com/software-data-security/windows-file-encryption | File and folder encryption |
USB flash drives are available with encryption to protect the contents. As with all software, periodically check the vendor web site for security patches or updates that must be applied.
Product | Options | Web site | Notes |
| DataTraveler-PE | Purchase | http://www.kingston.com/flash/DataTravelers_gov.asp | Privacy Edition has only an encrypted partition, so the first thing the user sees is the password prompt. Ten attempts to enter the password or it locks (only allows a utility to delete all data and do a clean setup again). Users need to know this. Minimum password length is 6 characters and complexity is enforced. |
| IronKey Basic | Purchase | https://www.ironkey.com/basic | User can select a "read-only" check-box for untrusted presentation computers (e.g. at conferences) with all versions to protect against autorun viruses from untrusted computers. The Enterprise version allows enforcement of all the options, but the cost is higher. Ten attempts to enter the password, but it locks and is useless after that (no reset or anything). Minimum password length is 4 characters. |
| DataTraveler BlackBox | Purchase | http://www.kingston.com/flash/DataTravelers_gov.asp | Hardware based encryption and function without administrative rights. |
| KanguruDefender | Purchase | http://www.kanguru.com/defender.html | Hardware based encryption and function without administrative rights. |
Other third party encryption software is also available to encrypt data on USB flash drives. Be sure to download the software from a reputable site and periodically check the vendor web site for security patches or updates that must be applied.
Product | Options | Web site | Notes |
| CheckPoint FDE (formerly called PointSec) | Purchase, under state contract | http://www.checkpoint.com/products/datasecurity/index.html | State Contract (for University-owned computers): |
| PGP Commercial | Purchase | http://www.pgp.com/products/desktop/index.html | |
| Sophos SafeGuard Easy/Utimaco | Purchase | http://www.sophos.com/products/enterprise/encryption/safeguard-easy/ | |
TrueCrypt | Free |
Note: The University of Minnesota has no business relationship and makes no endorsement of any product listed.