Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Laptop Hard Drive Encryption

Posted on 2009-05-09
13
Medium Priority
?
2,948 Views
Last Modified: 2013-11-14
I am looking for a straightforward encryption solution for the hard drives I use with my Dell Precision M2400 laptop (with 64-bit Vista).  I am using Intel Rapid Recover Technology (IRRT) to clone a full recovery disk, so in addition to my primary hard drive I will always have a backup clone of my entire system lying around.  Since Dell laptops are designed to make the hard drives easily removable, I have two hard drives that are easily accessible if anyone wanted to get access to my data.  I would like to protect my data, preferably in such a way that does not affect system performance too much AND also supports disaster recovery so that I am not left with a cloned recovery brick if the system fails or is stolen.  I would also like to use my recovery drive occasionally as a slave drive on other systems when I need to transfer a lot of data.  

So although my system supports TPM-based full disk encryption either through the Wave Systems software provided by Dell or through Bitlocker, if I understand how these work these do not provide any kind of disaster recovery capability or access to my data once the drive is removed from the system.  The Wave Systems method is appealing since the disk locking feature is enabled once the system is powered down, so I am guessing does not affect performance while the system is running.  

I am open to hardware-based solutions using RFID keys, smartcards or other creative ideas.  Ideally I would like to find a clever software solution that is password based where it is possible to access the disk unlocking software when slaving the drive even if the data is  encrypted.  I remember looking at the spec for a Seagate Momentus encrypted hard drive, but if I recall correctly formatting the drive removed the encryption.  Since IRRT wipes the data in order to create a recovery drive, I am not sure if these would be the answer.  

0
Comment
Question by:Kurvenal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +1
13 Comments
 
LVL 34

Expert Comment

by:Michael-Best
ID: 24342825
Any Hard Drive Encryption will require greater CPU use & slow system performance considerably.
0
 
LVL 34

Accepted Solution

by:
Michael-Best earned 672 total points
ID: 24342855
For the best disk protection short of encrypting your drive, enable the hard disk password. If this option is supported on your system, the password settings are stored on the disk itself, preventing access even if installed in another PC. A data-recovery service could likely still access your files since they're unencrypted. So remember that it's still possiblealthough quite difficultfor someone else to access the data.
See:
http://www.pcworld.com/businesscenter/blogs/bizfeed/158292/enable_bios_passwords_for_extra_security.html
0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 24342922
How to password protect portable hard drive and other storage devices?
http://www.truecrypt.org/
http://www.magic2003.net/

0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 5

Assisted Solution

by:DTAHARLEV
DTAHARLEV earned 664 total points
ID: 24344213
did you try safeboot? it's probably the most common one around, and it's now under the mcafee unbrella.
0
 
LVL 63

Assisted Solution

by:SysExpert
SysExpert earned 664 total points
ID: 24375447
I agree with Michael-Best

Hard drive password is probably your best option.

For more protection add truecrypt in for a partial volume, and test everything !!

   
I hope this helps !
0
 

Author Comment

by:Kurvenal
ID: 24376906
Thanks for the suggestions.  Although the BIOS hard drive password sounds interesting, one of my objectives is to be able to access the data on the protected drive (through a password, digital keys or other hardware solution, eg RFID or smartcards) when I have put it in an enclosure and use it as an external drive on another system.  If I understand correctly, a BIOS password will prevent me from doing this.  Am I right?
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 24377384
Not sure, how this works. It should work in another laptop PC, not sure about external access SATA, USB. There may be a work around via an HDD ATA program that will allow you to enter the BIOS PW.


0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 24381835
"when I have put it in an enclosure and use it as an external drive on another system.  If I understand correctly, a BIOS password will prevent me from doing this.  Am I right?"
No
BIOS is a chip on the motherboard.
& only protects access to that system.  

enable the hard disk password. If this option is supported on your system, the password settings are stored on the disk itself, password will enable access even if installed in another PC / external drive on another system.
0
 

Author Comment

by:Kurvenal
ID: 24401478
Thanks for the suggestions regarding HDD password protection.  I have just been testing this.  After setting a HDD password in the BIOS, I tried connecting the drive to another computer in a combo eSATA/USB enclosure.  The good news is that when I connected the drive using eSATA the Intel Matrix Storage Manager Console was able to unlock it.  So this means that this method will satisfy one of my key objectives, namely to protect the data on my IRRT Recovery Drive.  Although it is not as secure as encryption, it does not consume anywhere near the same system resources as encryption and will be enough to protect my data from casual pryers, which is what I was looking for.  So thank you.

The only problem remaining is that I cannot seem to access the drive when I connect it using USB.  Since not all systems have eSATA ports this is an issue.  The drive does not show up in Computer, and when I used disk management although the drive was recognized I received a message that it needed to be initialized before I could access it.  Trying to initialize it generated a "cyclic redundancy check" data error (see attached screenshots).  

SysExpert mentions above the possibility of using a HDD ATA program that will allow me to unlock the drive.  Can anyone recommend one that can be easily downloaded onto any system in order to access a password protected drive via a USB port?
Disk-Management-Screenshot-1.JPG
Disk-Management-Screenshot-2.JPG
0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 24405719
Not sure there is one?
Will look.
You may just need to set HDD as inactive.
Use a disc tool such as "Paragon Partition Manager" http://www.paragon-software.com/business/hdm-server/ this is 30 day free trial  to set drive as "inactive primary partition".
0
 

Author Comment

by:Kurvenal
ID: 24571644
Hi there,

I agree that this question should be closed, and I am comfortable
with the points assigned.

Would it be possible for you to note the solution I listed in this
post:  http://www.experts-exchange.com/Security/Misc/Q_24415382.html?

Thanks,
0
 

Author Comment

by:Kurvenal
ID: 24617952
Please close this question and mention that I contacted the developer of Hard Disk Sentinel (http://www.hdsentinel.com/),
and he was able to write an app for me that unlocks password-
protected USB drives.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
Backups and Disaster RecoveryIn this post, we’ll look at strategies for backups and disaster recovery.
This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question