Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

encrypt laptop harddisk

Posted on 2007-04-02
21
Medium Priority
?
466 Views
Last Modified: 2013-11-17
Hello

I have about 20 laptops and I need to encrypt the disk drives. Is there a total disk encryption solution that would encrypt the laptop's hard drive and make the data irrecoverable if the laptop is lost / stolen etc.?

I'd prefer activation of the laptop / data with a fingerprint scanner at boot time if at all possible but a password would be ok too.
0
Comment
Question by:eggster34
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 2
  • +6
21 Comments
 
LVL 16

Expert Comment

by:AlexNek
ID: 18839436
How about password? It is in most laptop already realzed. HDD password called.
0
 
LVL 32

Expert Comment

by:r-k
ID: 18839507
If you plan to use Windows Vista Ultimate or Enterprise, you can use Bitlocker:

 http://technet2.microsoft.com/WindowsVista/en/library/ba1a3800-ce29-4f09-89ef-65bce923cdb51033.mspx?mfr=true

No matter what, you want to have a plan for data recovery, else a lost password can mean the entire disk lost forever.

I would be also be cautious about the bios/chip lavel password protection. Apparently that can be broken - the only true protection is encryption, and then also if properly implemented.
0
 
LVL 32

Expert Comment

by:r-k
ID: 18839527
If you're not running Vista then look at Truecrypt: http://www.truecrypt.org/
It is free and effective, but I think it can only encrypt a partition, not an entire drive, which might be OK if you can arrange to put everything of value on that partition.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 16

Expert Comment

by:AlexNek
ID: 18839553
http://www.heise.de/ct/english/05/08/172/
Yes, it can be broken but not so easy. Any other protection can be broken too.
0
 
LVL 32

Expert Comment

by:r-k
ID: 18839621
Yes, your link confirms it, I have heard other cases also where the hardware password protection was broken, so it should not be trusted for true protection.

However, I must disagree that encryption can be always broken, at least at the present. When properly implemented, it is currently impossible to decipher encrypted data. This is not always a good thing, because this list has had many postings from people trying to recover data in vain after "forgot the password" or "system crash" etc. So I would say that implementing and testing a recovery process under all possible scenarios is probably as important, if not more so, than doing the encryption itself.
0
 
LVL 16

Expert Comment

by:AlexNek
ID: 18839711
> so it should not be trusted for true protection
Could you try to broken it?
>....I must disagree that encryption can be always broken
It is only depends how important information is. Try to ask CIA. ;)
0
 
LVL 32

Expert Comment

by:r-k
ID: 18839776
"Could you try to broken it?"

LOL - I am sure I will fail.

"... ask CIA"

We will hope the asker is not trying to protect his data from the CIA :)
0
 
LVL 16

Expert Comment

by:AlexNek
ID: 18839877
>I am sure I will fail
I was tried it and I fail too. It is possible that I can do it but I don't want to spend more time because I was only interested on hard disk using.

>We will hope the asker is not trying to protect his data from the CIA :)
That is my point of view. I suspect that asker don't want to get any easy access to data.
That means - it can be enough already implemented protection.
0
 

Author Comment

by:eggster34
ID: 18840015
simple hdd passwords would not work for me.I need a professional package that would encrypt my whole drive and make it unusable in the event of loss / theft.
0
 
LVL 16

Expert Comment

by:AlexNek
ID: 18840055
>simple hdd passwords would not work for me.
It is not as simple as you can think. ".. and make it unusable in the event of loss / theft." - for this case it works.

>I need a professional package that would encrypt my whole drive and make it unusable in the event of loss / theft.
In this case you need to know only the password too. Good package have a good price too.
0
 
LVL 16

Expert Comment

by:AlexNek
ID: 18840064
0
 
LVL 16

Expert Comment

by:AlexNek
ID: 18840084
0
 
LVL 32

Expert Comment

by:r-k
ID: 18840090
Can you please clarify if you plan to use Vista. If so, I would suggest Bitlocker, which I believe can encrypt an entire volume. Here is another overview:

 http://www.microsoft.com/technet/technetmag/issues/2006/05/FirstLook/?related=/technet/technetmag/issues/2006/05/FirstLook

0
 
LVL 5

Expert Comment

by:drtoto82
ID: 18840526
I have an advice ... Don't use bitlocker or any full hdd encryption . BECAUSE :
If I have a system , and my system fails for whatever reason and I want to reinstall and use my already existing data , I can do that if the whole systemis encrypted.
BUT
U can use EFS or so for as much folders as u like and export the key in a safe place . So that if your system fails for whatever reason , u can restore the data after reinstalling it.
It is all about your data for you . and in both scenarios , the files will be encrypted if the laptop is stolen . Got the point . !!
0
 

Expert Comment

by:vietsonvpc
ID: 18840923
drtoto82: its nice solution that use MS's solution
and use can set a recovery authorities if u dont want  to export the key or working in more than 100 laptops. but its require Domain server


----------------------------------------------------
www.ocdplaza.com 
0
 
LVL 4

Expert Comment

by:webadministrator
ID: 18841485
Kindly check this
http://www.experts-exchange.com/Security/Misc/Q_22092679.html
I discussed the same sort of software in this question.
0
 
LVL 30

Expert Comment

by:pgm554
ID: 18843819
The Bitlocker seems to be the way to go,but you need a TPM BIOS that supports it.
So if you don't have a TPM BIOS,you would need to go to a third part of some sorts.

Dell's D620 has this feature.
0
 

Author Comment

by:eggster34
ID: 18845913
I'm not going to use Vista, yet :)
I really can't use EFS, it has to encrypt the whole drive.
0
 
LVL 30

Accepted Solution

by:
pgm554 earned 2000 total points
ID: 18846409
Here's a list of full encryption 3rd party vendors:

http://www.full-disc-encryption.com/Full_Disc_Encryption.html
0
 
LVL 2

Expert Comment

by:melmitts707
ID: 18854657
How about something like this --

http://sourceforge.net/projects/truecrypt/
0
 
LVL 1

Expert Comment

by:devruiz
ID: 18860776
Got to:   http://www.pgp.com/

The software gives you a pre-boot password, and encrypts the entire HD. I've used it many times, and it is excellent.

If you plan on getting new machines in the future, what I have done for a few clients, is got the Dell's (you could get any model) with the finger print reader in them. The Dells come with a very nice software package which includes Fingerprint Password Logon, PRE BOOT/BIOS passwords, and full disk encryption. VERY secure.


0

Featured Post

Take our survey for a chance to win!

As a valued customer of Targus, we’d like to ask you a few questions about us. As thanks, you will be automatically entered for a chance to win a $500 VISA gift card. To enter, just complete the survey by September 15, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question