Solved

Want to encrypt all data on a laptop drive

Posted on 2006-06-22
5
583 Views
Last Modified: 2012-05-05
I have very very sensitive data sitting on a laptop that I must occasionally travel with.  I need to find out what software is the absolute best at encrypting data against theft.  Military grade is great, and cost is of little concern, though two or three suggestions with diff. price would be welcome.  Also it is important that it be fairly easy to implelemt.
Also, I wanted to be sure that if something is deleted from the harddrive, it is truly deleted.  I know there are a number of programs to do this.  What do you guys think is the best one?
Thanks so much for your suggestions!
0
Comment
Question by:thomasrmurray
5 Comments
 
LVL 32

Accepted Solution

by:
r-k earned 43 total points
ID: 16962994
The following is often recommended by Rich, the top expert on this list:

 http://www.truecrypt.org/

I haven't used it personally but it does seem very good.

For erasing a disk, I would suggest the following:

 http://dban.sourceforge.net/

If you work for the Military they may have specific requirements that you should check.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 41 total points
ID: 16963332
:) I will indeed say truecrypt, as it's free, and has added security in certain situations. From a recent top 100 list

TrueCrypt is an excellent open source disk encryption system. Users can encrypt entire filesystems, which are then on-the-fly encrypted/decrypted as needed without user intervention beyond entering their passphrase intially. A clever hidden volume feature allows you to hide a 2nd layer of particularly sensitive content with plausible deniability about whether it exists. Then if you are forced to give up your passphrase, you give them the first-level secret. Even with that, attackers cannot prove that a second level key even exists.

Data erasure takes time, and the new standard seems to be the "Guttman method" http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
With encryption, even if the data store is found, they must then bruteforce their way in, adding in even more time/effort.
I recommend TrueCrypt because a leading cryptographer does, I've used it even before I saw the article on it http://www.schneier.com/blog/archives/2006/05/truecrypt.html

There are others, such as PGP that cost money and are also considered de facto standard software for such tasks. PGP is considerably harder to setup, but the use afterwards is easy as anything else. http://www.pgp.com/products/index.html

Expanding on that, I'd probably recommend the Seagate FDE drives, made for laptops. They are whole-disk encryption hardware devices, so nothing on your HD is ever plain-text. PGP/TrueCrypt/EFS and many others can do full disk encryption, but not of the bootable (commonly the "C:") partition or primary harddrive. However, they have not released them for sale yet...
http://www.xbitlabs.com/news/storage/display/20060607235730.html
http://www.anandtech.com/tradeshows/showdoc.aspx?i=2507&p=9

So until they are for sale, TrueCrypt get my vote, it's been out for 3+ years with no considerable falw found.
-rich
0
 
LVL 4

Assisted Solution

by:MalleusMaleficarum
MalleusMaleficarum earned 41 total points
ID: 16963584
On the commercial side, I've used a product called BestCrypt from Jetico Software.  They use standard 256-bit encryption algorithms and I like it because I can create a "container" and dump stuff into it and mount it and dismount it as I see fit.

(Website marketing blurb)
BestCrypt software keeps your confidential data in a strongly encrypted form on your disk and provides you with transparent access to it from any application. Keep your letters, databases, private information in an encrypted form on your hard disks, removable media, magneto-optical devices, CD ROMs, floppies or network disks - all within a standard operating environment. Read more about our Standard Edition and Corporate Edition.

For data erasure, Jetico also makes BCWipe which is their erasure tool.  I particularly like this tool because it has many levels of wiping (# of passes, 1's, 0's, random characters)  I also like that it will wipe the wiindows page file.  If you use the "Hibernate" feature (which stores a snapshot of RAM to a file) it will even wipe the hiberfil.sys file.

(Website marketing blurb)
BCWipe software is designed to securely delete files from disks and other media. Standard file deletion leaves the contents of the "deleted" file on your disk. Unless it has been overwritten by files saved afterwards, it can be recovered easily using standard disk utilities. BCWipe is fully integrated into the Windows Shell and efficiently shreds file data so that recovery by any means is impossible.

I am a gov. contractor and I use this product daily at work and at home.  With all the press of stolen gov. laptops lately here in the US, it only makes sense to adopt some kind of product like this.

0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now