Solved

encrypt laptop harddisk

Posted on 2007-04-02
21
452 Views
Last Modified: 2013-11-17
Hello

I have about 20 laptops and I need to encrypt the disk drives. Is there a total disk encryption solution that would encrypt the laptop's hard drive and make the data irrecoverable if the laptop is lost / stolen etc.?

I'd prefer activation of the laptop / data with a fingerprint scanner at boot time if at all possible but a password would be ok too.
0
Comment
Question by:eggster34
  • 7
  • 5
  • 2
  • +6
21 Comments
 
LVL 16

Expert Comment

by:AlexNek
ID: 18839436
How about password? It is in most laptop already realzed. HDD password called.
0
 
LVL 32

Expert Comment

by:r-k
ID: 18839507
If you plan to use Windows Vista Ultimate or Enterprise, you can use Bitlocker:

 http://technet2.microsoft.com/WindowsVista/en/library/ba1a3800-ce29-4f09-89ef-65bce923cdb51033.mspx?mfr=true

No matter what, you want to have a plan for data recovery, else a lost password can mean the entire disk lost forever.

I would be also be cautious about the bios/chip lavel password protection. Apparently that can be broken - the only true protection is encryption, and then also if properly implemented.
0
 
LVL 32

Expert Comment

by:r-k
ID: 18839527
If you're not running Vista then look at Truecrypt: http://www.truecrypt.org/
It is free and effective, but I think it can only encrypt a partition, not an entire drive, which might be OK if you can arrange to put everything of value on that partition.
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 16

Expert Comment

by:AlexNek
ID: 18839553
http://www.heise.de/ct/english/05/08/172/
Yes, it can be broken but not so easy. Any other protection can be broken too.
0
 
LVL 32

Expert Comment

by:r-k
ID: 18839621
Yes, your link confirms it, I have heard other cases also where the hardware password protection was broken, so it should not be trusted for true protection.

However, I must disagree that encryption can be always broken, at least at the present. When properly implemented, it is currently impossible to decipher encrypted data. This is not always a good thing, because this list has had many postings from people trying to recover data in vain after "forgot the password" or "system crash" etc. So I would say that implementing and testing a recovery process under all possible scenarios is probably as important, if not more so, than doing the encryption itself.
0
 
LVL 16

Expert Comment

by:AlexNek
ID: 18839711
> so it should not be trusted for true protection
Could you try to broken it?
>....I must disagree that encryption can be always broken
It is only depends how important information is. Try to ask CIA. ;)
0
 
LVL 32

Expert Comment

by:r-k
ID: 18839776
"Could you try to broken it?"

LOL - I am sure I will fail.

"... ask CIA"

We will hope the asker is not trying to protect his data from the CIA :)
0
 
LVL 16

Expert Comment

by:AlexNek
ID: 18839877
>I am sure I will fail
I was tried it and I fail too. It is possible that I can do it but I don't want to spend more time because I was only interested on hard disk using.

>We will hope the asker is not trying to protect his data from the CIA :)
That is my point of view. I suspect that asker don't want to get any easy access to data.
That means - it can be enough already implemented protection.
0
 

Author Comment

by:eggster34
ID: 18840015
simple hdd passwords would not work for me.I need a professional package that would encrypt my whole drive and make it unusable in the event of loss / theft.
0
 
LVL 16

Expert Comment

by:AlexNek
ID: 18840055
>simple hdd passwords would not work for me.
It is not as simple as you can think. ".. and make it unusable in the event of loss / theft." - for this case it works.

>I need a professional package that would encrypt my whole drive and make it unusable in the event of loss / theft.
In this case you need to know only the password too. Good package have a good price too.
0
 
LVL 16

Expert Comment

by:AlexNek
ID: 18840064
0
 
LVL 16

Expert Comment

by:AlexNek
ID: 18840084
0
 
LVL 32

Expert Comment

by:r-k
ID: 18840090
Can you please clarify if you plan to use Vista. If so, I would suggest Bitlocker, which I believe can encrypt an entire volume. Here is another overview:

 http://www.microsoft.com/technet/technetmag/issues/2006/05/FirstLook/?related=/technet/technetmag/issues/2006/05/FirstLook

0
 
LVL 5

Expert Comment

by:drtoto82
ID: 18840526
I have an advice ... Don't use bitlocker or any full hdd encryption . BECAUSE :
If I have a system , and my system fails for whatever reason and I want to reinstall and use my already existing data , I can do that if the whole systemis encrypted.
BUT
U can use EFS or so for as much folders as u like and export the key in a safe place . So that if your system fails for whatever reason , u can restore the data after reinstalling it.
It is all about your data for you . and in both scenarios , the files will be encrypted if the laptop is stolen . Got the point . !!
0
 

Expert Comment

by:vietsonvpc
ID: 18840923
drtoto82: its nice solution that use MS's solution
and use can set a recovery authorities if u dont want  to export the key or working in more than 100 laptops. but its require Domain server


----------------------------------------------------
www.ocdplaza.com 
0
 
LVL 4

Expert Comment

by:webadministrator
ID: 18841485
Kindly check this
http://www.experts-exchange.com/Security/Misc/Q_22092679.html
I discussed the same sort of software in this question.
0
 
LVL 30

Expert Comment

by:pgm554
ID: 18843819
The Bitlocker seems to be the way to go,but you need a TPM BIOS that supports it.
So if you don't have a TPM BIOS,you would need to go to a third part of some sorts.

Dell's D620 has this feature.
0
 

Author Comment

by:eggster34
ID: 18845913
I'm not going to use Vista, yet :)
I really can't use EFS, it has to encrypt the whole drive.
0
 
LVL 30

Accepted Solution

by:
pgm554 earned 500 total points
ID: 18846409
Here's a list of full encryption 3rd party vendors:

http://www.full-disc-encryption.com/Full_Disc_Encryption.html
0
 
LVL 2

Expert Comment

by:melmitts707
ID: 18854657
How about something like this --

http://sourceforge.net/projects/truecrypt/
0
 
LVL 1

Expert Comment

by:devruiz
ID: 18860776
Got to:   http://www.pgp.com/

The software gives you a pre-boot password, and encrypts the entire HD. I've used it many times, and it is excellent.

If you plan on getting new machines in the future, what I have done for a few clients, is got the Dell's (you could get any model) with the finger print reader in them. The Dells come with a very nice software package which includes Fingerprint Password Logon, PRE BOOT/BIOS passwords, and full disk encryption. VERY secure.


0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise Password Manager Suites as well as Local Password managers are covered in this article.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question