Kurvenal
asked on
Laptop Hard Drive Encryption Questions
I am using a Dell laptop that comes supplied with a Broadcom Unified Security Hub/TPM and Wave Embassy Security Center softwared. Embassy Security Center includes the Wave Trusted Drive Manager application for encrypting data on the internal hard drive. Details follow:
TDM manages the hardware-based security functions of Trusted Drives. Trusted Drives have data encryption embedded in the drive hardware. This ensures that all data stored on the drive is encrypted all the time. TDM ensures that only authorized users can access encrypted data when drive locking is enabled.
The Trusted Drive security must be initialized to activate drive locking. An uninitialized Trusted Drive functions as a standard ATA drive. When Trusted Drive security is initialized,drive locking can be enabled or disabled. The default state of initialization is drive locking enabled.
Questions:
1) Can someone who has used this advise whether if I remove the hard drive I can access the data as an external drive on another computer as long as I have the encryption password.
2) Will I be able to take an image of an encrypted hard drive using Acronis True Image Home 2009? Will I be able to restore the image to another hard drive in case of failure of the original encrypted hard drive?
If the answer to the above two questions is No, can someone recommend an alternative for hard drive encryption that will allow me to have full access to the data, ie allow me to access the data when using the hard drive as an external drive and will allow me to backup/restore using Acronis.
TDM manages the hardware-based security functions of Trusted Drives. Trusted Drives have data encryption embedded in the drive hardware. This ensures that all data stored on the drive is encrypted all the time. TDM ensures that only authorized users can access encrypted data when drive locking is enabled.
The Trusted Drive security must be initialized to activate drive locking. An uninitialized Trusted Drive functions as a standard ATA drive. When Trusted Drive security is initialized,drive locking can be enabled or disabled. The default state of initialization is drive locking enabled.
Questions:
1) Can someone who has used this advise whether if I remove the hard drive I can access the data as an external drive on another computer as long as I have the encryption password.
2) Will I be able to take an image of an encrypted hard drive using Acronis True Image Home 2009? Will I be able to restore the image to another hard drive in case of failure of the original encrypted hard drive?
If the answer to the above two questions is No, can someone recommend an alternative for hard drive encryption that will allow me to have full access to the data, ie allow me to access the data when using the hard drive as an external drive and will allow me to backup/restore using Acronis.
ASKER
Did you have the encryption password and were still unable to access the data?
When drive was connected as external it was impossible to read from it. It was shown as empty drive.
Yes, we had the password.
Another thing, we also tried to fdisk it and erase partition. (gprted, acronis, windows fdisk) No luck.
Yes, we had the password.
Another thing, we also tried to fdisk it and erase partition. (gprted, acronis, windows fdisk) No luck.
Wait up guys, ABC of any encryption method is access to data when you have password.
So if you encrypt HD using some software Acronis for instance and you want to see data from another PC then this is very possible, of course you have to install software on the other computer as well.
And extraction of an image from encrypted HD is also possible.
Otherwise this software would be a joke.
I am talking in general of course, but this should apply to any software for encryption.
And another thing, this kind of software uses an algorithm similar to DES which is platform independent, so there is no way that any hardware is a part of the encryption process.
Any way you can try encrypting a single folder and copying it to another pc and try opening it from there using the same software of encryption.
So if you encrypt HD using some software Acronis for instance and you want to see data from another PC then this is very possible, of course you have to install software on the other computer as well.
And extraction of an image from encrypted HD is also possible.
Otherwise this software would be a joke.
I am talking in general of course, but this should apply to any software for encryption.
And another thing, this kind of software uses an algorithm similar to DES which is platform independent, so there is no way that any hardware is a part of the encryption process.
Any way you can try encrypting a single folder and copying it to another pc and try opening it from there using the same software of encryption.
Question was about hardware encryption, built in laptop. Not encryption in image creating process.
if encryption is built in a chip then this is a whole other story!
We need the author to confirm that before we proceed!
We need the author to confirm that before we proceed!
ASKER
Confirm that I am talking about encryption built-in the laptop (see description in original question) using Wave Trusted Drive Manager. I am considering uninstalling Wave security packages and using an alternative that would give me full functionality with my fingerprint reader (the Wave 64-bit application is a cut down version of their 32-bit version, with very limited functionality for fingerprint reader compared to the 32-bit version), so would be interested in a recommendation that would allow me to access the data using the encrypted drive as an external drive from another computer as long as I had the password.
If you don't use built in HW for encryption but only Installed software it won't be a problem accessing HDD from another PC. The encryption software should be installed there also.
Another option is to simply password protect the Hard drive ( no Encryption ) Via the BIOS.
This means that you can not access the drive until you put in the password, and even if removed, it will still require a password if put in a different machine.
May be sufficient for your needs.
I hope this helps !
This means that you can not access the drive until you put in the password, and even if removed, it will still require a password if put in a different machine.
May be sufficient for your needs.
I hope this helps !
ASKER
The BIOS password setting is interesting. What would happen if I put the hard drive in an enclosure and tried to access it from another computer as an external drive?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am beginning to wonder if a software-based solution might give me the most flexibility as long as it did not sacrifice data security. Can anyone recommend an application that would secure my data from someone who removed the hard drive from the laptop but would still allow me to access the data using a password if I put the drive in an enclosure and accessed it as an external drive from another system?
Questions:
1) Can someone who has used this advise whether if I remove the hard drive I can access the data as an external drive on another computer as long as I have the encryption password.
- Yes, you can.
2) Will I be able to take an image of an encrypted hard drive using Acronis True Image Home 2009? Will I be able to restore the image to another hard drive in case of failure of the original encrypted hard drive?
- Yes, you can. Acronis Universal Restore
My suggestion:
Live OS ran from optical drive
Connects to remote server via SSH
Uses terminal services / VNC to operate remote environment that contains encrypted data.
There are other ways, brother.
1) Can someone who has used this advise whether if I remove the hard drive I can access the data as an external drive on another computer as long as I have the encryption password.
- Yes, you can.
2) Will I be able to take an image of an encrypted hard drive using Acronis True Image Home 2009? Will I be able to restore the image to another hard drive in case of failure of the original encrypted hard drive?
- Yes, you can. Acronis Universal Restore
My suggestion:
Live OS ran from optical drive
Connects to remote server via SSH
Uses terminal services / VNC to operate remote environment that contains encrypted data.
There are other ways, brother.
There are many solutions.
http://www.steganos.com/us/products/data-security/privacy-suite/overview/ - leader on my opinion
http://www.ezlockdown.com/Home.aspx
www.dekart.com/products/encryption/private_disk/
All of them allow trial downloads. Just choose the right one for you.
http://www.steganos.com/us/products/data-security/privacy-suite/overview/ - leader on my opinion
http://www.ezlockdown.com/Home.aspx
www.dekart.com/products/encryption/private_disk/
All of them allow trial downloads. Just choose the right one for you.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You could try truecryt. You could use Volume or file/container based encryption with it. Truecrypt is freeware. Alternatively, if you use Linux, you could set up your system with encryption and on boot, you will be asked to enter a password. For Windows systems, Truecrypt should work just fine. By the way, truecrypt is a cross-platform tool.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks to everyone for their suggestions, which I will review in detail. I am already using TrueCrypt, which I think is a great application, but I was hoping for a more automated solution. Out of curiosity, does anyone have experience with the Windows Vista BitLocker Drive Encryption feature? If so, I would be interested in hearing of advantages and disadvantages with this.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes you can....
I think encryption is also depended on HDD controller or some other laptop hardware...
If you use Acronis while HDD still inside laptop and you have access to its data, you can create an image and move it to a different machine.