Solved

Want to encrypt all data on a laptop drive

Posted on 2006-06-22
5
587 Views
Last Modified: 2012-05-05
I have very very sensitive data sitting on a laptop that I must occasionally travel with.  I need to find out what software is the absolute best at encrypting data against theft.  Military grade is great, and cost is of little concern, though two or three suggestions with diff. price would be welcome.  Also it is important that it be fairly easy to implelemt.
Also, I wanted to be sure that if something is deleted from the harddrive, it is truly deleted.  I know there are a number of programs to do this.  What do you guys think is the best one?
Thanks so much for your suggestions!
0
Comment
Question by:thomasrmurray
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 32

Accepted Solution

by:
r-k earned 43 total points
ID: 16962994
The following is often recommended by Rich, the top expert on this list:

 http://www.truecrypt.org/

I haven't used it personally but it does seem very good.

For erasing a disk, I would suggest the following:

 http://dban.sourceforge.net/

If you work for the Military they may have specific requirements that you should check.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 41 total points
ID: 16963332
:) I will indeed say truecrypt, as it's free, and has added security in certain situations. From a recent top 100 list

TrueCrypt is an excellent open source disk encryption system. Users can encrypt entire filesystems, which are then on-the-fly encrypted/decrypted as needed without user intervention beyond entering their passphrase intially. A clever hidden volume feature allows you to hide a 2nd layer of particularly sensitive content with plausible deniability about whether it exists. Then if you are forced to give up your passphrase, you give them the first-level secret. Even with that, attackers cannot prove that a second level key even exists.

Data erasure takes time, and the new standard seems to be the "Guttman method" http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
With encryption, even if the data store is found, they must then bruteforce their way in, adding in even more time/effort.
I recommend TrueCrypt because a leading cryptographer does, I've used it even before I saw the article on it http://www.schneier.com/blog/archives/2006/05/truecrypt.html

There are others, such as PGP that cost money and are also considered de facto standard software for such tasks. PGP is considerably harder to setup, but the use afterwards is easy as anything else. http://www.pgp.com/products/index.html

Expanding on that, I'd probably recommend the Seagate FDE drives, made for laptops. They are whole-disk encryption hardware devices, so nothing on your HD is ever plain-text. PGP/TrueCrypt/EFS and many others can do full disk encryption, but not of the bootable (commonly the "C:") partition or primary harddrive. However, they have not released them for sale yet...
http://www.xbitlabs.com/news/storage/display/20060607235730.html
http://www.anandtech.com/tradeshows/showdoc.aspx?i=2507&p=9

So until they are for sale, TrueCrypt get my vote, it's been out for 3+ years with no considerable falw found.
-rich
0
 
LVL 4

Assisted Solution

by:MalleusMaleficarum
MalleusMaleficarum earned 41 total points
ID: 16963584
On the commercial side, I've used a product called BestCrypt from Jetico Software.  They use standard 256-bit encryption algorithms and I like it because I can create a "container" and dump stuff into it and mount it and dismount it as I see fit.

(Website marketing blurb)
BestCrypt software keeps your confidential data in a strongly encrypted form on your disk and provides you with transparent access to it from any application. Keep your letters, databases, private information in an encrypted form on your hard disks, removable media, magneto-optical devices, CD ROMs, floppies or network disks - all within a standard operating environment. Read more about our Standard Edition and Corporate Edition.

For data erasure, Jetico also makes BCWipe which is their erasure tool.  I particularly like this tool because it has many levels of wiping (# of passes, 1's, 0's, random characters)  I also like that it will wipe the wiindows page file.  If you use the "Hibernate" feature (which stores a snapshot of RAM to a file) it will even wipe the hiberfil.sys file.

(Website marketing blurb)
BCWipe software is designed to securely delete files from disks and other media. Standard file deletion leaves the contents of the "deleted" file on your disk. Unless it has been overwritten by files saved afterwards, it can be recovered easily using standard disk utilities. BCWipe is fully integrated into the Windows Shell and efficiently shreds file data so that recovery by any means is impossible.

I am a gov. contractor and I use this product daily at work and at home.  With all the press of stolen gov. laptops lately here in the US, it only makes sense to adopt some kind of product like this.

0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses
Course of the Month6 days, 18 hours left to enroll

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question