?
Solved

Laptop Hard Drive Encryption

Posted on 2009-05-09
13
Medium Priority
?
2,932 Views
Last Modified: 2013-11-14
I am looking for a straightforward encryption solution for the hard drives I use with my Dell Precision M2400 laptop (with 64-bit Vista).  I am using Intel Rapid Recover Technology (IRRT) to clone a full recovery disk, so in addition to my primary hard drive I will always have a backup clone of my entire system lying around.  Since Dell laptops are designed to make the hard drives easily removable, I have two hard drives that are easily accessible if anyone wanted to get access to my data.  I would like to protect my data, preferably in such a way that does not affect system performance too much AND also supports disaster recovery so that I am not left with a cloned recovery brick if the system fails or is stolen.  I would also like to use my recovery drive occasionally as a slave drive on other systems when I need to transfer a lot of data.  

So although my system supports TPM-based full disk encryption either through the Wave Systems software provided by Dell or through Bitlocker, if I understand how these work these do not provide any kind of disaster recovery capability or access to my data once the drive is removed from the system.  The Wave Systems method is appealing since the disk locking feature is enabled once the system is powered down, so I am guessing does not affect performance while the system is running.  

I am open to hardware-based solutions using RFID keys, smartcards or other creative ideas.  Ideally I would like to find a clever software solution that is password based where it is possible to access the disk unlocking software when slaving the drive even if the data is  encrypted.  I remember looking at the spec for a Seagate Momentus encrypted hard drive, but if I recall correctly formatting the drive removed the encryption.  Since IRRT wipes the data in order to create a recovery drive, I am not sure if these would be the answer.  

0
Comment
Question by:Kurvenal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +1
13 Comments
 
LVL 34

Expert Comment

by:Michael-Best
ID: 24342825
Any Hard Drive Encryption will require greater CPU use & slow system performance considerably.
0
 
LVL 34

Accepted Solution

by:
Michael-Best earned 672 total points
ID: 24342855
For the best disk protection short of encrypting your drive, enable the hard disk password. If this option is supported on your system, the password settings are stored on the disk itself, preventing access even if installed in another PC. A data-recovery service could likely still access your files since they're unencrypted. So remember that it's still possiblealthough quite difficultfor someone else to access the data.
See:
http://www.pcworld.com/businesscenter/blogs/bizfeed/158292/enable_bios_passwords_for_extra_security.html
0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 24342922
How to password protect portable hard drive and other storage devices?
http://www.truecrypt.org/
http://www.magic2003.net/

0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 5

Assisted Solution

by:DTAHARLEV
DTAHARLEV earned 664 total points
ID: 24344213
did you try safeboot? it's probably the most common one around, and it's now under the mcafee unbrella.
0
 
LVL 63

Assisted Solution

by:SysExpert
SysExpert earned 664 total points
ID: 24375447
I agree with Michael-Best

Hard drive password is probably your best option.

For more protection add truecrypt in for a partial volume, and test everything !!

   
I hope this helps !
0
 

Author Comment

by:Kurvenal
ID: 24376906
Thanks for the suggestions.  Although the BIOS hard drive password sounds interesting, one of my objectives is to be able to access the data on the protected drive (through a password, digital keys or other hardware solution, eg RFID or smartcards) when I have put it in an enclosure and use it as an external drive on another system.  If I understand correctly, a BIOS password will prevent me from doing this.  Am I right?
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 24377384
Not sure, how this works. It should work in another laptop PC, not sure about external access SATA, USB. There may be a work around via an HDD ATA program that will allow you to enter the BIOS PW.


0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 24381835
"when I have put it in an enclosure and use it as an external drive on another system.  If I understand correctly, a BIOS password will prevent me from doing this.  Am I right?"
No
BIOS is a chip on the motherboard.
& only protects access to that system.  

enable the hard disk password. If this option is supported on your system, the password settings are stored on the disk itself, password will enable access even if installed in another PC / external drive on another system.
0
 

Author Comment

by:Kurvenal
ID: 24401478
Thanks for the suggestions regarding HDD password protection.  I have just been testing this.  After setting a HDD password in the BIOS, I tried connecting the drive to another computer in a combo eSATA/USB enclosure.  The good news is that when I connected the drive using eSATA the Intel Matrix Storage Manager Console was able to unlock it.  So this means that this method will satisfy one of my key objectives, namely to protect the data on my IRRT Recovery Drive.  Although it is not as secure as encryption, it does not consume anywhere near the same system resources as encryption and will be enough to protect my data from casual pryers, which is what I was looking for.  So thank you.

The only problem remaining is that I cannot seem to access the drive when I connect it using USB.  Since not all systems have eSATA ports this is an issue.  The drive does not show up in Computer, and when I used disk management although the drive was recognized I received a message that it needed to be initialized before I could access it.  Trying to initialize it generated a "cyclic redundancy check" data error (see attached screenshots).  

SysExpert mentions above the possibility of using a HDD ATA program that will allow me to unlock the drive.  Can anyone recommend one that can be easily downloaded onto any system in order to access a password protected drive via a USB port?
Disk-Management-Screenshot-1.JPG
Disk-Management-Screenshot-2.JPG
0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 24405719
Not sure there is one?
Will look.
You may just need to set HDD as inactive.
Use a disc tool such as "Paragon Partition Manager" http://www.paragon-software.com/business/hdm-server/ this is 30 day free trial  to set drive as "inactive primary partition".
0
 

Author Comment

by:Kurvenal
ID: 24571644
Hi there,

I agree that this question should be closed, and I am comfortable
with the points assigned.

Would it be possible for you to note the solution I listed in this
post:  http://www.experts-exchange.com/Security/Misc/Q_24415382.html?

Thanks,
0
 

Author Comment

by:Kurvenal
ID: 24617952
Please close this question and mention that I contacted the developer of Hard Disk Sentinel (http://www.hdsentinel.com/),
and he was able to write an app for me that unlocks password-
protected USB drives.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When we purchase storage, we typically are advertised storage of 500GB, 1TB, 2TB and so on. However, when you actually install it into your computer, your 500GB HDD will actually show up as 465GB. Why? It has to do with the way people and computers…
The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
This video teaches viewers how to encrypt an external drive that requires a password to read and edit the drive. All tasks are done in Disk Utility. Plug in the external drive you wish to encrypt: Make sure all previous data on the drive has been …
This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question