Avatar of Tiras25
Tiras25
Flag for United States of America asked on

Encryption of all personal information stored on laptops

Hello -

Client of mine has new requirements of encryption of all personal information stored on laptops or other portable devices.  They using Lenovo Thinkpads T400 with Windows XP OS.  I heard of a Bitlocker.  

How does it work?  Does it encrypt the whole entire drive before the system powers off and then de-crypts upon user's login?

What other products would you guys recommend?

Thanks in advance!
Laptops NotebooksSecurityWindows XP

Avatar of undefined
Last Comment
Tiras25

8/22/2022 - Mon
Rory de Leur

Bitlocker is only available on Vista and Windows 7..

Did you got any specification/requirements on the encryption (bits, type of encryption, costs, logon types) question?
Tiras25

ASKER
All I know there is a new rule in MA about security protection that may go beyond what they have.  It$B!G(Js effective Mar 1.

(5) Encryption of all personal information stored on laptops or other portable devices;
cetanu

I work for a government organization. All data must be completely inaccessible if an outside party were to find the laptop.

We use FortiClient and ProtectDrive to secure our laptops.

Also if you are looking into that sort of encryption, there are Kingston encrypted USB keys as well.
Your help has saved me hundreds of hours of internet surfing.
fblack61
ASKER CERTIFIED SOLUTION
alienvoice

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Rory de Leur

WOW, Didn't know that.. witch company "promoted" that bill?

Ps. In Europe it's not forced but recommend..
SOLUTION
cetanu

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
alienvoice

Sure is, I use it for most of my PCs now.
Tiras25

ASKER
Yes I know new requirement in the state of MA.  Its pretty crazy.

See below:

----------------------------------------------------------------------------------------------------
Computer System Security Requirements:
Every person that owns or licenses personal information about a resident of the
Commonwealth and electronically stores or transmits such information shall include in its
written, comprehensive information security program the establishment and maintenance of a
security system covering its computers, including any wireless system, that, at a minimum, and
to the extent technically feasible, shall have the following elements:
(1) Secure user authentication protocols including:
(a) control of user IDs and other identifiers;
(b) a reasonably secure method of assigning and selecting passwords, or use of unique
identifier technologies, such as biometrics or token devices;
(c) control of data security passwords to ensure that such passwords are kept in a location
and/or format that does not compromise the security of the data they protect;
(d) restricting access to active users and active user accounts only; and
(e) blocking access to user identification after multiple unsuccessful attempts to gain access or
the limitation placed on access for the particular system;
(2) Secure access control measures that:
(a) restrict access to records and files containing personal information to those who need such
information to perform their job duties; and
(b) assign unique identifications plus passwords, which are not vendor supplied default
passwords, to each person with computer access, that are reasonably designed to maintain the
integrity of the security of the access controls;
(3)Encryption of all transmitted records and files containing personal information that will
travel across public networks, and encryption of all data containing personal information to be
transmitted wirelessly.
(4) Reasonable monitoring of systems, for unauthorized use of or access to personal
information;
(5) Encryption of all personal information stored on laptops or other portable devices;
(6) For files containing personal information on a system that is connected to the Internet,
there must be reasonably up $B!> (Jto $B!> (Jdate firewall protection and operating system security patches,
reasonably designed to maintain the integrity of the personal information.
(7) Reasonably up $B!> (Jto $B!> (Jdate versions of system security agent software which must include
malware protection and reasonably up $B!> (Jto $B!> (Jdate patches and virus definitions, or a version of
such software that can still be supported with up $B!> (Jto $B!> (Jdate patches and virus definitions, and is
set to receive the most current security updates on a regular basis.
(8) Education and training of employees on the proper use of the computer security system and
the importance of personal information security.
------------------------------------------------------------------------------------------------------
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
alienvoice

Guess they are over losing laptops/thumbdrives and worrying about the data leaks.
Tiras25

ASKER
Also I heard Seagate has hardware encrypted hardrives available for laptops, dell sells those drives in their laptops if you ask them to.  I wonder if IBM/Lenovo doing same for their ThinkPads.
Tolomir

Apart from encryption that handle most tools quite well, it is important to consider also other aspects. How to recover a forgotten password, how to get access to the data if the encryption software fails.

To cover these aspects please take a look at:

DriveCrypt Plus Pack Enterprise Edition
http://www.securstar.com/products_drivecryptpp_MC.php


Enterprises continue to be challenged with threats  compromising data, and intellectual property. Laptops are lost or  stolen on a daily basis and often have little or no security to prevent  data loss or theft of valuable customer information or intellectual  property. Organizations are working to implement cost effective data  loss prevention (DLP) programs and are turning to SecurStar to meet  these needs. With 5 Million users worldwide and growing, we welcome you  to consider SecurStar to help protect and secure your organization’s  data.  


Tolomir
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
SOLUTION
Dave4125

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
alienvoice

Tiras25

ASKER
The place is very small - 11 users, all have IBM/Lenovo ThinkPads T400 Win XPs.  What would you recommend Dave?

Thank you very much for the info reviews.  Let me take a peek at this and get back to you.  
Tiras25

ASKER
Hi guys,

So just to make sure the TrueCrypt is free?  From your experience how long does it take to install it on one XP machine?   I need to estimate a labor involved.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
alienvoice

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
Tolomir

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
alienvoice

Tested it on my laptop. It as a 500 Gig 7200 RPM harddrive, did a full encryption of the HDD, (OS included), took 8 hrs using Truecrypt.
Tiras25

ASKER
Hmm, that a very long time...  They have 160GB 7200 RPM drives.  So should be slightly less than that.

So if I download, install, and configure.  Can the user still continue working on it while it's encrypting?
alienvoice

Yup, you sure can. Certain times it will slow the computer down, but I was working while it encrypted for about 4 out of the 8 hrs.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Tiras25

ASKER
Perfect.  I will try that and will let you know. Thanks!!
alienvoice

Nps, Good luck.
Tiras25

ASKER
Hey Alienvoice,

How did you encrypt your drive using Truecrypt?  I am trying to encrypt the entire drive and asking me to burn a CD.  Why does it do that?  I don't want to burn CD/DVD for every user I am implementing TrueCrypt.  Can you advice?  Thank you!!

⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
alienvoice

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
Tolomir

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Tiras25

ASKER
I just wish it could do a USB feauture.  CD is so old to carry around..
SOLUTION
Tolomir

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Tiras25

ASKER
Got it.  To much time to spend on each persons computer though.  

I got one more question for you.  What happens if the person forgets his/her password?  Recovery CD?  and,

is there a max times logins in the TrueCrypt?  Is it locks out after some number of attempts? or is there like an admin pasword?  Thanks again!
SOLUTION
Tolomir

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
alienvoice

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Tiras25

ASKER
Got it.  

One more quick question.  Say the person left the company and doesnt want to have encryption any longer.  How to remove it?  Just Add/remove programs and remove TrueCrypt?
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck