I have definitely loaded sensitive information onto my laptop or
workstation, but only for short periods of time, and I'm careful to
shred(1) the data when I'm done with the particular task. If I did that
sort of thing a lot, I would probably switch to using loop-aes (allows
you to have an encrypted filesystem.)
I think W2K and up also allow for encrypted files in an ad-hoc method,
but I don't know how secure that system is. I remember some discussion
on BUGTRAQ about where the crypto keys were stored and how difficult
they would be for a 3rd party to recover.
Do we have a short course on how to deal with sensitive information at
UVM? Even a page with links to useful tips, or software?
Geoffrey Duke wrote:
> It does, though, beg the question "How much sensitive UVM data is on
> laptops, palm devices, home computers of folks who work from home, etc, and
> how vulnerable are these systems to loss or comprimise?"
> As I've done development work, I've accummulated some stuff on my laptop
> that I'd rather not get lost; nothing with SSNs, but long lists of accounts
> and affiliations. My cached email includes an account and SSN here and
> I'll have to give some thought to how I work with this information and where
> I store it.
Technical Support Group
Computing & Information Technology
University of Vermont
Burlington, VT USA