Solved

Want to encrypt all data on a laptop drive

Posted on 2006-06-22
5
582 Views
Last Modified: 2012-05-05
I have very very sensitive data sitting on a laptop that I must occasionally travel with.  I need to find out what software is the absolute best at encrypting data against theft.  Military grade is great, and cost is of little concern, though two or three suggestions with diff. price would be welcome.  Also it is important that it be fairly easy to implelemt.
Also, I wanted to be sure that if something is deleted from the harddrive, it is truly deleted.  I know there are a number of programs to do this.  What do you guys think is the best one?
Thanks so much for your suggestions!
0
Comment
Question by:thomasrmurray
5 Comments
 
LVL 32

Accepted Solution

by:
r-k earned 43 total points
ID: 16962994
The following is often recommended by Rich, the top expert on this list:

 http://www.truecrypt.org/

I haven't used it personally but it does seem very good.

For erasing a disk, I would suggest the following:

 http://dban.sourceforge.net/

If you work for the Military they may have specific requirements that you should check.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 41 total points
ID: 16963332
:) I will indeed say truecrypt, as it's free, and has added security in certain situations. From a recent top 100 list

TrueCrypt is an excellent open source disk encryption system. Users can encrypt entire filesystems, which are then on-the-fly encrypted/decrypted as needed without user intervention beyond entering their passphrase intially. A clever hidden volume feature allows you to hide a 2nd layer of particularly sensitive content with plausible deniability about whether it exists. Then if you are forced to give up your passphrase, you give them the first-level secret. Even with that, attackers cannot prove that a second level key even exists.

Data erasure takes time, and the new standard seems to be the "Guttman method" http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
With encryption, even if the data store is found, they must then bruteforce their way in, adding in even more time/effort.
I recommend TrueCrypt because a leading cryptographer does, I've used it even before I saw the article on it http://www.schneier.com/blog/archives/2006/05/truecrypt.html

There are others, such as PGP that cost money and are also considered de facto standard software for such tasks. PGP is considerably harder to setup, but the use afterwards is easy as anything else. http://www.pgp.com/products/index.html

Expanding on that, I'd probably recommend the Seagate FDE drives, made for laptops. They are whole-disk encryption hardware devices, so nothing on your HD is ever plain-text. PGP/TrueCrypt/EFS and many others can do full disk encryption, but not of the bootable (commonly the "C:") partition or primary harddrive. However, they have not released them for sale yet...
http://www.xbitlabs.com/news/storage/display/20060607235730.html
http://www.anandtech.com/tradeshows/showdoc.aspx?i=2507&p=9

So until they are for sale, TrueCrypt get my vote, it's been out for 3+ years with no considerable falw found.
-rich
0
 
LVL 4

Assisted Solution

by:MalleusMaleficarum
MalleusMaleficarum earned 41 total points
ID: 16963584
On the commercial side, I've used a product called BestCrypt from Jetico Software.  They use standard 256-bit encryption algorithms and I like it because I can create a "container" and dump stuff into it and mount it and dismount it as I see fit.

(Website marketing blurb)
BestCrypt software keeps your confidential data in a strongly encrypted form on your disk and provides you with transparent access to it from any application. Keep your letters, databases, private information in an encrypted form on your hard disks, removable media, magneto-optical devices, CD ROMs, floppies or network disks - all within a standard operating environment. Read more about our Standard Edition and Corporate Edition.

For data erasure, Jetico also makes BCWipe which is their erasure tool.  I particularly like this tool because it has many levels of wiping (# of passes, 1's, 0's, random characters)  I also like that it will wipe the wiindows page file.  If you use the "Hibernate" feature (which stores a snapshot of RAM to a file) it will even wipe the hiberfil.sys file.

(Website marketing blurb)
BCWipe software is designed to securely delete files from disks and other media. Standard file deletion leaves the contents of the "deleted" file on your disk. Unless it has been overwritten by files saved afterwards, it can be recovered easily using standard disk utilities. BCWipe is fully integrated into the Windows Shell and efficiently shreds file data so that recovery by any means is impossible.

I am a gov. contractor and I use this product daily at work and at home.  With all the press of stolen gov. laptops lately here in the US, it only makes sense to adopt some kind of product like this.

0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now