Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 590
  • Last Modified:

Want to encrypt all data on a laptop drive

I have very very sensitive data sitting on a laptop that I must occasionally travel with.  I need to find out what software is the absolute best at encrypting data against theft.  Military grade is great, and cost is of little concern, though two or three suggestions with diff. price would be welcome.  Also it is important that it be fairly easy to implelemt.
Also, I wanted to be sure that if something is deleted from the harddrive, it is truly deleted.  I know there are a number of programs to do this.  What do you guys think is the best one?
Thanks so much for your suggestions!
0
thomasrmurray
Asked:
thomasrmurray
3 Solutions
 
r-kCommented:
The following is often recommended by Rich, the top expert on this list:

 http://www.truecrypt.org/

I haven't used it personally but it does seem very good.

For erasing a disk, I would suggest the following:

 http://dban.sourceforge.net/

If you work for the Military they may have specific requirements that you should check.
0
 
Rich RumbleSecurity SamuraiCommented:
:) I will indeed say truecrypt, as it's free, and has added security in certain situations. From a recent top 100 list

TrueCrypt is an excellent open source disk encryption system. Users can encrypt entire filesystems, which are then on-the-fly encrypted/decrypted as needed without user intervention beyond entering their passphrase intially. A clever hidden volume feature allows you to hide a 2nd layer of particularly sensitive content with plausible deniability about whether it exists. Then if you are forced to give up your passphrase, you give them the first-level secret. Even with that, attackers cannot prove that a second level key even exists.

Data erasure takes time, and the new standard seems to be the "Guttman method" http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
With encryption, even if the data store is found, they must then bruteforce their way in, adding in even more time/effort.
I recommend TrueCrypt because a leading cryptographer does, I've used it even before I saw the article on it http://www.schneier.com/blog/archives/2006/05/truecrypt.html

There are others, such as PGP that cost money and are also considered de facto standard software for such tasks. PGP is considerably harder to setup, but the use afterwards is easy as anything else. http://www.pgp.com/products/index.html

Expanding on that, I'd probably recommend the Seagate FDE drives, made for laptops. They are whole-disk encryption hardware devices, so nothing on your HD is ever plain-text. PGP/TrueCrypt/EFS and many others can do full disk encryption, but not of the bootable (commonly the "C:") partition or primary harddrive. However, they have not released them for sale yet...
http://www.xbitlabs.com/news/storage/display/20060607235730.html
http://www.anandtech.com/tradeshows/showdoc.aspx?i=2507&p=9

So until they are for sale, TrueCrypt get my vote, it's been out for 3+ years with no considerable falw found.
-rich
0
 
MalleusMaleficarumCommented:
On the commercial side, I've used a product called BestCrypt from Jetico Software.  They use standard 256-bit encryption algorithms and I like it because I can create a "container" and dump stuff into it and mount it and dismount it as I see fit.

(Website marketing blurb)
BestCrypt software keeps your confidential data in a strongly encrypted form on your disk and provides you with transparent access to it from any application. Keep your letters, databases, private information in an encrypted form on your hard disks, removable media, magneto-optical devices, CD ROMs, floppies or network disks - all within a standard operating environment. Read more about our Standard Edition and Corporate Edition.

For data erasure, Jetico also makes BCWipe which is their erasure tool.  I particularly like this tool because it has many levels of wiping (# of passes, 1's, 0's, random characters)  I also like that it will wipe the wiindows page file.  If you use the "Hibernate" feature (which stores a snapshot of RAM to a file) it will even wipe the hiberfil.sys file.

(Website marketing blurb)
BCWipe software is designed to securely delete files from disks and other media. Standard file deletion leaves the contents of the "deleted" file on your disk. Unless it has been overwritten by files saved afterwards, it can be recovered easily using standard disk utilities. BCWipe is fully integrated into the Windows Shell and efficiently shreds file data so that recovery by any means is impossible.

I am a gov. contractor and I use this product daily at work and at home.  With all the press of stolen gov. laptops lately here in the US, it only makes sense to adopt some kind of product like this.

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now