Solved

encrypt laptop harddisk

Posted on 2007-04-02
21
462 Views
Last Modified: 2013-11-17
Hello

I have about 20 laptops and I need to encrypt the disk drives. Is there a total disk encryption solution that would encrypt the laptop's hard drive and make the data irrecoverable if the laptop is lost / stolen etc.?

I'd prefer activation of the laptop / data with a fingerprint scanner at boot time if at all possible but a password would be ok too.
0
Comment
Question by:eggster34
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 2
  • +6
21 Comments
 
LVL 16

Expert Comment

by:AlexNek
ID: 18839436
How about password? It is in most laptop already realzed. HDD password called.
0
 
LVL 32

Expert Comment

by:r-k
ID: 18839507
If you plan to use Windows Vista Ultimate or Enterprise, you can use Bitlocker:

 http://technet2.microsoft.com/WindowsVista/en/library/ba1a3800-ce29-4f09-89ef-65bce923cdb51033.mspx?mfr=true

No matter what, you want to have a plan for data recovery, else a lost password can mean the entire disk lost forever.

I would be also be cautious about the bios/chip lavel password protection. Apparently that can be broken - the only true protection is encryption, and then also if properly implemented.
0
 
LVL 32

Expert Comment

by:r-k
ID: 18839527
If you're not running Vista then look at Truecrypt: http://www.truecrypt.org/
It is free and effective, but I think it can only encrypt a partition, not an entire drive, which might be OK if you can arrange to put everything of value on that partition.
0
What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

 
LVL 16

Expert Comment

by:AlexNek
ID: 18839553
http://www.heise.de/ct/english/05/08/172/
Yes, it can be broken but not so easy. Any other protection can be broken too.
0
 
LVL 32

Expert Comment

by:r-k
ID: 18839621
Yes, your link confirms it, I have heard other cases also where the hardware password protection was broken, so it should not be trusted for true protection.

However, I must disagree that encryption can be always broken, at least at the present. When properly implemented, it is currently impossible to decipher encrypted data. This is not always a good thing, because this list has had many postings from people trying to recover data in vain after "forgot the password" or "system crash" etc. So I would say that implementing and testing a recovery process under all possible scenarios is probably as important, if not more so, than doing the encryption itself.
0
 
LVL 16

Expert Comment

by:AlexNek
ID: 18839711
> so it should not be trusted for true protection
Could you try to broken it?
>....I must disagree that encryption can be always broken
It is only depends how important information is. Try to ask CIA. ;)
0
 
LVL 32

Expert Comment

by:r-k
ID: 18839776
"Could you try to broken it?"

LOL - I am sure I will fail.

"... ask CIA"

We will hope the asker is not trying to protect his data from the CIA :)
0
 
LVL 16

Expert Comment

by:AlexNek
ID: 18839877
>I am sure I will fail
I was tried it and I fail too. It is possible that I can do it but I don't want to spend more time because I was only interested on hard disk using.

>We will hope the asker is not trying to protect his data from the CIA :)
That is my point of view. I suspect that asker don't want to get any easy access to data.
That means - it can be enough already implemented protection.
0
 

Author Comment

by:eggster34
ID: 18840015
simple hdd passwords would not work for me.I need a professional package that would encrypt my whole drive and make it unusable in the event of loss / theft.
0
 
LVL 16

Expert Comment

by:AlexNek
ID: 18840055
>simple hdd passwords would not work for me.
It is not as simple as you can think. ".. and make it unusable in the event of loss / theft." - for this case it works.

>I need a professional package that would encrypt my whole drive and make it unusable in the event of loss / theft.
In this case you need to know only the password too. Good package have a good price too.
0
 
LVL 16

Expert Comment

by:AlexNek
ID: 18840064
0
 
LVL 16

Expert Comment

by:AlexNek
ID: 18840084
0
 
LVL 32

Expert Comment

by:r-k
ID: 18840090
Can you please clarify if you plan to use Vista. If so, I would suggest Bitlocker, which I believe can encrypt an entire volume. Here is another overview:

 http://www.microsoft.com/technet/technetmag/issues/2006/05/FirstLook/?related=/technet/technetmag/issues/2006/05/FirstLook

0
 
LVL 5

Expert Comment

by:drtoto82
ID: 18840526
I have an advice ... Don't use bitlocker or any full hdd encryption . BECAUSE :
If I have a system , and my system fails for whatever reason and I want to reinstall and use my already existing data , I can do that if the whole systemis encrypted.
BUT
U can use EFS or so for as much folders as u like and export the key in a safe place . So that if your system fails for whatever reason , u can restore the data after reinstalling it.
It is all about your data for you . and in both scenarios , the files will be encrypted if the laptop is stolen . Got the point . !!
0
 

Expert Comment

by:vietsonvpc
ID: 18840923
drtoto82: its nice solution that use MS's solution
and use can set a recovery authorities if u dont want  to export the key or working in more than 100 laptops. but its require Domain server


----------------------------------------------------
www.ocdplaza.com 
0
 
LVL 4

Expert Comment

by:webadministrator
ID: 18841485
Kindly check this
http://www.experts-exchange.com/Security/Misc/Q_22092679.html
I discussed the same sort of software in this question.
0
 
LVL 30

Expert Comment

by:pgm554
ID: 18843819
The Bitlocker seems to be the way to go,but you need a TPM BIOS that supports it.
So if you don't have a TPM BIOS,you would need to go to a third part of some sorts.

Dell's D620 has this feature.
0
 

Author Comment

by:eggster34
ID: 18845913
I'm not going to use Vista, yet :)
I really can't use EFS, it has to encrypt the whole drive.
0
 
LVL 30

Accepted Solution

by:
pgm554 earned 500 total points
ID: 18846409
Here's a list of full encryption 3rd party vendors:

http://www.full-disc-encryption.com/Full_Disc_Encryption.html
0
 
LVL 2

Expert Comment

by:melmitts707
ID: 18854657
How about something like this --

http://sourceforge.net/projects/truecrypt/
0
 
LVL 1

Expert Comment

by:devruiz
ID: 18860776
Got to:   http://www.pgp.com/

The software gives you a pre-boot password, and encrypts the entire HD. I've used it many times, and it is excellent.

If you plan on getting new machines in the future, what I have done for a few clients, is got the Dell's (you could get any model) with the finger print reader in them. The Dells come with a very nice software package which includes Fingerprint Password Logon, PRE BOOT/BIOS passwords, and full disk encryption. VERY secure.


0

Featured Post

Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question