encrypt laptop harddisk

Hello

I have about 20 laptops and I need to encrypt the disk drives. Is there a total disk encryption solution that would encrypt the laptop's hard drive and make the data irrecoverable if the laptop is lost / stolen etc.?

I'd prefer activation of the laptop / data with a fingerprint scanner at boot time if at all possible but a password would be ok too.
eggster34Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AlexNekCommented:
How about password? It is in most laptop already realzed. HDD password called.
0
r-kCommented:
If you plan to use Windows Vista Ultimate or Enterprise, you can use Bitlocker:

 http://technet2.microsoft.com/WindowsVista/en/library/ba1a3800-ce29-4f09-89ef-65bce923cdb51033.mspx?mfr=true

No matter what, you want to have a plan for data recovery, else a lost password can mean the entire disk lost forever.

I would be also be cautious about the bios/chip lavel password protection. Apparently that can be broken - the only true protection is encryption, and then also if properly implemented.
0
r-kCommented:
If you're not running Vista then look at Truecrypt: http://www.truecrypt.org/
It is free and effective, but I think it can only encrypt a partition, not an entire drive, which might be OK if you can arrange to put everything of value on that partition.
0
Do You Have a Trusted Wireless Environment?

A Trusted Wireless Environment is a framework for building a complete Wi-Fi network that is fast, easy to manage, and secure.

AlexNekCommented:
http://www.heise.de/ct/english/05/08/172/
Yes, it can be broken but not so easy. Any other protection can be broken too.
0
r-kCommented:
Yes, your link confirms it, I have heard other cases also where the hardware password protection was broken, so it should not be trusted for true protection.

However, I must disagree that encryption can be always broken, at least at the present. When properly implemented, it is currently impossible to decipher encrypted data. This is not always a good thing, because this list has had many postings from people trying to recover data in vain after "forgot the password" or "system crash" etc. So I would say that implementing and testing a recovery process under all possible scenarios is probably as important, if not more so, than doing the encryption itself.
0
AlexNekCommented:
> so it should not be trusted for true protection
Could you try to broken it?
>....I must disagree that encryption can be always broken
It is only depends how important information is. Try to ask CIA. ;)
0
r-kCommented:
"Could you try to broken it?"

LOL - I am sure I will fail.

"... ask CIA"

We will hope the asker is not trying to protect his data from the CIA :)
0
AlexNekCommented:
>I am sure I will fail
I was tried it and I fail too. It is possible that I can do it but I don't want to spend more time because I was only interested on hard disk using.

>We will hope the asker is not trying to protect his data from the CIA :)
That is my point of view. I suspect that asker don't want to get any easy access to data.
That means - it can be enough already implemented protection.
0
eggster34Author Commented:
simple hdd passwords would not work for me.I need a professional package that would encrypt my whole drive and make it unusable in the event of loss / theft.
0
AlexNekCommented:
>simple hdd passwords would not work for me.
It is not as simple as you can think. ".. and make it unusable in the event of loss / theft." - for this case it works.

>I need a professional package that would encrypt my whole drive and make it unusable in the event of loss / theft.
In this case you need to know only the password too. Good package have a good price too.
0
AlexNekCommented:
0
AlexNekCommented:
0
r-kCommented:
Can you please clarify if you plan to use Vista. If so, I would suggest Bitlocker, which I believe can encrypt an entire volume. Here is another overview:

 http://www.microsoft.com/technet/technetmag/issues/2006/05/FirstLook/?related=/technet/technetmag/issues/2006/05/FirstLook

0
drtoto82Commented:
I have an advice ... Don't use bitlocker or any full hdd encryption . BECAUSE :
If I have a system , and my system fails for whatever reason and I want to reinstall and use my already existing data , I can do that if the whole systemis encrypted.
BUT
U can use EFS or so for as much folders as u like and export the key in a safe place . So that if your system fails for whatever reason , u can restore the data after reinstalling it.
It is all about your data for you . and in both scenarios , the files will be encrypted if the laptop is stolen . Got the point . !!
0
vietsonvpcCommented:
drtoto82: its nice solution that use MS's solution
and use can set a recovery authorities if u dont want  to export the key or working in more than 100 laptops. but its require Domain server


----------------------------------------------------
www.ocdplaza.com 
0
webadministratorCommented:
Kindly check this
http://www.experts-exchange.com/Security/Misc/Q_22092679.html
I discussed the same sort of software in this question.
0
pgm554Commented:
The Bitlocker seems to be the way to go,but you need a TPM BIOS that supports it.
So if you don't have a TPM BIOS,you would need to go to a third part of some sorts.

Dell's D620 has this feature.
0
eggster34Author Commented:
I'm not going to use Vista, yet :)
I really can't use EFS, it has to encrypt the whole drive.
0
pgm554Commented:
Here's a list of full encryption 3rd party vendors:

http://www.full-disc-encryption.com/Full_Disc_Encryption.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
melmitts707Commented:
How about something like this --

http://sourceforge.net/projects/truecrypt/
0
devruizCommented:
Got to:   http://www.pgp.com/

The software gives you a pre-boot password, and encrypts the entire HD. I've used it many times, and it is excellent.

If you plan on getting new machines in the future, what I have done for a few clients, is got the Dell's (you could get any model) with the finger print reader in them. The Dells come with a very nice software package which includes Fingerprint Password Logon, PRE BOOT/BIOS passwords, and full disk encryption. VERY secure.


0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Laptops Notebooks

From novice to tech pro — start learning today.