Link to home
Create AccountLog in
Avatar of tiras gans
tiras gansFlag for United States of America

asked on

Encryption of all personal information stored on laptops

Hello -

Client of mine has new requirements of encryption of all personal information stored on laptops or other portable devices.  They using Lenovo Thinkpads T400 with Windows XP OS.  I heard of a Bitlocker.  

How does it work?  Does it encrypt the whole entire drive before the system powers off and then de-crypts upon user's login?

What other products would you guys recommend?

Thanks in advance!
Avatar of Rory de Leur
Rory de Leur
Flag of Netherlands image

Bitlocker is only available on Vista and Windows 7..

Did you got any specification/requirements on the encryption (bits, type of encryption, costs, logon types) question?
Avatar of tiras gans

ASKER

All I know there is a new rule in MA about security protection that may go beyond what they have.  It$B!G(Js effective Mar 1.

(5) Encryption of all personal information stored on laptops or other portable devices;
I work for a government organization. All data must be completely inaccessible if an outside party were to find the laptop.

We use FortiClient and ProtectDrive to secure our laptops.

Also if you are looking into that sort of encryption, there are Kingston encrypted USB keys as well.
ASKER CERTIFIED SOLUTION
Avatar of alienvoice
alienvoice
Flag of Australia image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
WOW, Didn't know that.. witch company "promoted" that bill?

Ps. In Europe it's not forced but recommend..
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Sure is, I use it for most of my PCs now.
Yes I know new requirement in the state of MA.  Its pretty crazy.

See below:

----------------------------------------------------------------------------------------------------
Computer System Security Requirements:
Every person that owns or licenses personal information about a resident of the
Commonwealth and electronically stores or transmits such information shall include in its
written, comprehensive information security program the establishment and maintenance of a
security system covering its computers, including any wireless system, that, at a minimum, and
to the extent technically feasible, shall have the following elements:
(1) Secure user authentication protocols including:
(a) control of user IDs and other identifiers;
(b) a reasonably secure method of assigning and selecting passwords, or use of unique
identifier technologies, such as biometrics or token devices;
(c) control of data security passwords to ensure that such passwords are kept in a location
and/or format that does not compromise the security of the data they protect;
(d) restricting access to active users and active user accounts only; and
(e) blocking access to user identification after multiple unsuccessful attempts to gain access or
the limitation placed on access for the particular system;
(2) Secure access control measures that:
(a) restrict access to records and files containing personal information to those who need such
information to perform their job duties; and
(b) assign unique identifications plus passwords, which are not vendor supplied default
passwords, to each person with computer access, that are reasonably designed to maintain the
integrity of the security of the access controls;
(3)Encryption of all transmitted records and files containing personal information that will
travel across public networks, and encryption of all data containing personal information to be
transmitted wirelessly.
(4) Reasonable monitoring of systems, for unauthorized use of or access to personal
information;
(5) Encryption of all personal information stored on laptops or other portable devices;
(6) For files containing personal information on a system that is connected to the Internet,
there must be reasonably up $B!> (Jto $B!> (Jdate firewall protection and operating system security patches,
reasonably designed to maintain the integrity of the personal information.
(7) Reasonably up $B!> (Jto $B!> (Jdate versions of system security agent software which must include
malware protection and reasonably up $B!> (Jto $B!> (Jdate patches and virus definitions, or a version of
such software that can still be supported with up $B!> (Jto $B!> (Jdate patches and virus definitions, and is
set to receive the most current security updates on a regular basis.
(8) Education and training of employees on the proper use of the computer security system and
the importance of personal information security.
------------------------------------------------------------------------------------------------------
Guess they are over losing laptops/thumbdrives and worrying about the data leaks.
Also I heard Seagate has hardware encrypted hardrives available for laptops, dell sells those drives in their laptops if you ask them to.  I wonder if IBM/Lenovo doing same for their ThinkPads.
Apart from encryption that handle most tools quite well, it is important to consider also other aspects. How to recover a forgotten password, how to get access to the data if the encryption software fails.

To cover these aspects please take a look at:

DriveCrypt Plus Pack Enterprise Edition
http://www.securstar.com/products_drivecryptpp_MC.php


Enterprises continue to be challenged with threats  compromising data, and intellectual property. Laptops are lost or  stolen on a daily basis and often have little or no security to prevent  data loss or theft of valuable customer information or intellectual  property. Organizations are working to implement cost effective data  loss prevention (DLP) programs and are turning to SecurStar to meet  these needs. With 5 Million users worldwide and growing, we welcome you  to consider SecurStar to help protect and secure your organization’s  data.  


Tolomir
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
The place is very small - 11 users, all have IBM/Lenovo ThinkPads T400 Win XPs.  What would you recommend Dave?

Thank you very much for the info reviews.  Let me take a peek at this and get back to you.  
Hi guys,

So just to make sure the TrueCrypt is free?  From your experience how long does it take to install it on one XP machine?   I need to estimate a labor involved.
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Tested it on my laptop. It as a 500 Gig 7200 RPM harddrive, did a full encryption of the HDD, (OS included), took 8 hrs using Truecrypt.
Hmm, that a very long time...  They have 160GB 7200 RPM drives.  So should be slightly less than that.

So if I download, install, and configure.  Can the user still continue working on it while it's encrypting?
Yup, you sure can. Certain times it will slow the computer down, but I was working while it encrypted for about 4 out of the 8 hrs.
Perfect.  I will try that and will let you know. Thanks!!
Nps, Good luck.
Hey Alienvoice,

How did you encrypt your drive using Truecrypt?  I am trying to encrypt the entire drive and asking me to burn a CD.  Why does it do that?  I don't want to burn CD/DVD for every user I am implementing TrueCrypt.  Can you advice?  Thank you!!

SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
I just wish it could do a USB feauture.  CD is so old to carry around..
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Got it.  To much time to spend on each persons computer though.  

I got one more question for you.  What happens if the person forgets his/her password?  Recovery CD?  and,

is there a max times logins in the TrueCrypt?  Is it locks out after some number of attempts? or is there like an admin pasword?  Thanks again!
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Got it.  

One more quick question.  Say the person left the company and doesnt want to have encryption any longer.  How to remove it?  Just Add/remove programs and remove TrueCrypt?