Solved

File Encryption -

Posted on 2006-11-10
10
530 Views
Last Modified: 2010-04-11
I am looking for solution that will encrypt files in Windows XP Workstation  and Windows 2003 Server environment?

There are two things that I am trying to acheive:
1.) If a laptop is lost the encrypted files could not be decoded. IE. If admin change password or the hard drive was read.
2.) Server admin could not add themselves easily to decrypt files.
3.) Recovery capablilites if OS crapped out and I need to access data legit.

I want to implement this solution for a  workgroup about 20 people.

It seem like Guardian edge would do the trick but I want to hear from the experts what tool they use. If I get good leads I will split points.

thanks
0
Comment
Question by:bengoa
  • 2
  • 2
  • 2
  • +3
10 Comments
 
LVL 3

Expert Comment

by:mahe2000
ID: 17918786
what about PGP / GPG solutions????
0
 

Author Comment

by:bengoa
ID: 17918863
Tell me more! The simpler the  better!
0
 
LVL 9

Expert Comment

by:paradoxengine
ID: 17920768
First thing in my mind is syskey and EFS, that would do the trick.

Another possibility is to use some Full Disk encryption software or even some standard Encryption Software.

My choice here is Truecrypt, since it's freeware, admins are just helpless since it's not using any underlying OS authentication methods.
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 100 total points
ID: 17924682
as already suggested:
http://www.truecrypt.org/
http://www.gnupg.org/

if this does not fit your requirements, please give more details
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17927699
TrueCrypt... syskey EFS is still possibly ineffective without the other "best practices" suggested by M$ for EFS... you shouldn't need those extra hoops. TrueCrypt, no hoops, no hope of recovery if you don't have the password. I didn't suggest it here first, and it fit's your criteria and then some.
-rich
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 3

Assisted Solution

by:InfoStranger
InfoStranger earned 50 total points
ID: 17928425
bengoa,

They are all good.  It all depends on how you treat the KEY.  The KEY is every thing.  You need a copy of the KEY as a Admin in case the user loses the KEY or like you said something went wrong with the OS.  Never keep the KEY with the machine.  If a person got hold of the HDD and the KEY is in it, they can try to figure out how to get the KEY and decrypt everything.  Have the user use a KEY off of a Key drive or something.  Train the user.

If user loses the KEY, you can retrieve the files with your copy of the KEY.  Make sure that you change the KEY afterwards.

The best is choose an encryption type that fits your budget: RSA, PGP, TrueCrypt, etc.  Keep in mind how valuable your information is.  Sometimes, it is too valuable to put a small price tag like TrueCrypt.  Since it is free, there is a higher chance a decrypter is created.  The higher the cost the less chance some one would buy to try to decrypt.

So, ask What is my budget?
0
 
LVL 9

Assisted Solution

by:paradoxengine
paradoxengine earned 50 total points
ID: 17928662
I do not agree with most of the analysis of InfoStranger.
I deny it's more likely TrueCrypt gets "cracked" than any other commercial software, besides they're probably using the same cipher.
I won't go in depth on why it's better to have a completely opensource software doing the encryption for you, but every security expert will agree on that.
What it's true is that a commercial software might (and actually will) offer you more "integration" with your infrastructure, possibly giving you enterprise consoles to control its use, policies management and such.
What it's UNtrue is that a commercial software is more secure than a well written open source (and free) software. Quite the opposite, in my not so humble opinion.
0
 
LVL 3

Assisted Solution

by:mahe2000
mahe2000 earned 50 total points
ID: 17929676
PGP/GPG are standars for encryption, no just file system... e-mail, everything. they use public/private key algorithm so you need to keep safe your private keys and the phrase to use it.
www.pgp.com
http://www.gnupg.org/
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 250 total points
ID: 17930150
Yes, commercial or  free it doesn't make a difference when it comes to crackers... they don't need to buy a legit copy there are plenty of cracks and warez sites to download any popular software for free. What PGP/GPG and TrueCrypt... and to some degree EFS, have going for them is that they all use Public-Key crypto. With EFS, you do indeed have to secure the key by copying it off the system and using syskey to help you do that. With PGP and TrueCrypt the keys are on the system, however there are keys to the key if you will. They can be passwords, and or keyfiles: http://www.truecrypt.org/docs/keyfiles.php
There are other benefits also: http://www.truecrypt.org/docs/plausible-deniability.php
PGP is also like this, and still bruteforce is likely to be as fast as anything else... a keylogger is ineffective if a keyfile is used.

You can disassemble "private" code as well as you can public code, that's why any popular program has a crack, keygen or patch... you can simply rewrite the code and reassemble, and it no longer does that check. There are no viri for Mac's, Linux, BSD etc... not because the code is proprietary or closed, it's because the code is well written and reviewed. When something is found, it's patched much quicker than M$, but they (M$)are getting better. TrueCrypt and many others will fit the criteria for this user quite well I think.
-rich
0
 

Author Comment

by:bengoa
ID: 17930845
Thanks for the input and discussion. I was think I was going to get a lot of M$ solution but the experts have opened (SOURCED) my eyes.

RichRumble I appreciate your comment a depth.

I have started another question that look at the commercial Encrytpion Program:
http://www.experts-exchange.com/Security/Q_22058656.html
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now