Solved

Laptop Hard Drive Encryption

Posted on 2009-05-09
13
2,825 Views
Last Modified: 2013-11-14
I am looking for a straightforward encryption solution for the hard drives I use with my Dell Precision M2400 laptop (with 64-bit Vista).  I am using Intel Rapid Recover Technology (IRRT) to clone a full recovery disk, so in addition to my primary hard drive I will always have a backup clone of my entire system lying around.  Since Dell laptops are designed to make the hard drives easily removable, I have two hard drives that are easily accessible if anyone wanted to get access to my data.  I would like to protect my data, preferably in such a way that does not affect system performance too much AND also supports disaster recovery so that I am not left with a cloned recovery brick if the system fails or is stolen.  I would also like to use my recovery drive occasionally as a slave drive on other systems when I need to transfer a lot of data.  

So although my system supports TPM-based full disk encryption either through the Wave Systems software provided by Dell or through Bitlocker, if I understand how these work these do not provide any kind of disaster recovery capability or access to my data once the drive is removed from the system.  The Wave Systems method is appealing since the disk locking feature is enabled once the system is powered down, so I am guessing does not affect performance while the system is running.  

I am open to hardware-based solutions using RFID keys, smartcards or other creative ideas.  Ideally I would like to find a clever software solution that is password based where it is possible to access the disk unlocking software when slaving the drive even if the data is  encrypted.  I remember looking at the spec for a Seagate Momentus encrypted hard drive, but if I recall correctly formatting the drive removed the encryption.  Since IRRT wipes the data in order to create a recovery drive, I am not sure if these would be the answer.  

0
Comment
Question by:Kurvenal
  • 5
  • 4
  • 2
  • +1
13 Comments
 
LVL 34

Expert Comment

by:Michael-Best
ID: 24342825
Any Hard Drive Encryption will require greater CPU use & slow system performance considerably.
0
 
LVL 34

Accepted Solution

by:
Michael-Best earned 168 total points
ID: 24342855
For the best disk protection short of encrypting your drive, enable the hard disk password. If this option is supported on your system, the password settings are stored on the disk itself, preventing access even if installed in another PC. A data-recovery service could likely still access your files since they're unencrypted. So remember that it's still possiblealthough quite difficultfor someone else to access the data.
See:
http://www.pcworld.com/businesscenter/blogs/bizfeed/158292/enable_bios_passwords_for_extra_security.html
0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 24342922
How to password protect portable hard drive and other storage devices?
http://www.truecrypt.org/
http://www.magic2003.net/

0
 
LVL 5

Assisted Solution

by:DTAHARLEV
DTAHARLEV earned 166 total points
ID: 24344213
did you try safeboot? it's probably the most common one around, and it's now under the mcafee unbrella.
0
 
LVL 63

Assisted Solution

by:SysExpert
SysExpert earned 166 total points
ID: 24375447
I agree with Michael-Best

Hard drive password is probably your best option.

For more protection add truecrypt in for a partial volume, and test everything !!

   
I hope this helps !
0
 

Author Comment

by:Kurvenal
ID: 24376906
Thanks for the suggestions.  Although the BIOS hard drive password sounds interesting, one of my objectives is to be able to access the data on the protected drive (through a password, digital keys or other hardware solution, eg RFID or smartcards) when I have put it in an enclosure and use it as an external drive on another system.  If I understand correctly, a BIOS password will prevent me from doing this.  Am I right?
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 63

Expert Comment

by:SysExpert
ID: 24377384
Not sure, how this works. It should work in another laptop PC, not sure about external access SATA, USB. There may be a work around via an HDD ATA program that will allow you to enter the BIOS PW.


0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 24381835
"when I have put it in an enclosure and use it as an external drive on another system.  If I understand correctly, a BIOS password will prevent me from doing this.  Am I right?"
No
BIOS is a chip on the motherboard.
& only protects access to that system.  

enable the hard disk password. If this option is supported on your system, the password settings are stored on the disk itself, password will enable access even if installed in another PC / external drive on another system.
0
 

Author Comment

by:Kurvenal
ID: 24401478
Thanks for the suggestions regarding HDD password protection.  I have just been testing this.  After setting a HDD password in the BIOS, I tried connecting the drive to another computer in a combo eSATA/USB enclosure.  The good news is that when I connected the drive using eSATA the Intel Matrix Storage Manager Console was able to unlock it.  So this means that this method will satisfy one of my key objectives, namely to protect the data on my IRRT Recovery Drive.  Although it is not as secure as encryption, it does not consume anywhere near the same system resources as encryption and will be enough to protect my data from casual pryers, which is what I was looking for.  So thank you.

The only problem remaining is that I cannot seem to access the drive when I connect it using USB.  Since not all systems have eSATA ports this is an issue.  The drive does not show up in Computer, and when I used disk management although the drive was recognized I received a message that it needed to be initialized before I could access it.  Trying to initialize it generated a "cyclic redundancy check" data error (see attached screenshots).  

SysExpert mentions above the possibility of using a HDD ATA program that will allow me to unlock the drive.  Can anyone recommend one that can be easily downloaded onto any system in order to access a password protected drive via a USB port?
Disk-Management-Screenshot-1.JPG
Disk-Management-Screenshot-2.JPG
0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 24405719
Not sure there is one?
Will look.
You may just need to set HDD as inactive.
Use a disc tool such as "Paragon Partition Manager" http://www.paragon-software.com/business/hdm-server/ this is 30 day free trial  to set drive as "inactive primary partition".
0
 

Author Comment

by:Kurvenal
ID: 24571644
Hi there,

I agree that this question should be closed, and I am comfortable
with the points assigned.

Would it be possible for you to note the solution I listed in this
post:  http://www.experts-exchange.com/Security/Misc/Q_24415382.html?

Thanks,
0
 

Author Comment

by:Kurvenal
ID: 24617952
Please close this question and mention that I contacted the developer of Hard Disk Sentinel (http://www.hdsentinel.com/),
and he was able to write an app for me that unlocks password-
protected USB drives.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
This video teaches viewers how to encrypt an external drive that requires a password to read and edit the drive. All tasks are done in Disk Utility. Plug in the external drive you wish to encrypt: Make sure all previous data on the drive has been …
This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now