[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1076
  • Last Modified:

Endpoint encryption for WIN7

If I want to encrypt a win7 laptop for our travel users to increase data security of the laptop when they travel, is Bitlocker the free native feature/product I can use on WIN7?

If yes, I'd like to try out this.  We also trying other paid products such as Mcafee EEPC.

Please advise.  

Thanks.

 
0
nav2567
Asked:
nav2567
  • 2
  • 2
  • 2
  • +4
7 Solutions
 
wantabe2Commented:
I've used bitlocker but now use truecrypt. It;s very easy to use & highly recomend it.

http://www.truecrypt.org/

It supports both 32 & 64 bit and its free
0
 
nav2567Author Commented:
What can't bitlocker do compare to the other product?
0
 
BrianCommented:
Performance wise there is no big difference. TryeCrypt offers support for more OSs and more encryption algorithms and types. I second the recommendation of TrueCrypt.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
abbrightCommented:
I also recommend TrueCrypt. Nevertheless it misses features that might be of use in enterprises. For example there is no possibility to centrally configure it using group policies, there is no way to setup a recovery agent which allows decryption of the data in case the user forgets his password or leaves the company. And as far as I know there is no TPM-support.
All of this is part of Windows Vista / Windows 7-Bitlocker which is part of the enterprise and ultimate-versions.
0
 
brianm71Commented:
I presently use MCAfee EEPC.  The good thing thing about it is the centralized reported from ePO.  
0
 
wantabe2Commented:
The main reason I went with Truecrypt is it is supposed to have more algorythms & be more hard to crack than bitlocker. I also know of one instance with Symantec AV, they released a virus def a few years ago & if you had bitlocker on a PC it would not boot & their fix to this was telling people not to reboot their PC until a fix came out....Those are the two reasons I use truecrypt in my organization. Here is a link that outlines some of the pros & cons of both.

http://www.tomshardware.com/reviews/bitlocker-truecrypt-encryption,2587-9.html

As far as performace of the PC, I did not see any lesser  PC performance with either product.
0
 
Ivano ViolaSystem AdministratorCommented:
BitLocker will allow you store the recovery key in the computer object in Active Directory (if you're using AD). It will also store the TPM recovery key if you wish. There is no performance hit when BitLocker is applied and I've found it to be straight forward and reliable. You can suspending and resume BitLocker quickly if you need to update the BIOS or make hardware changes. Overall I've been very happy with its implementation and reliability.
0
 
RobMobilityCommented:
Hi,

Bitlocker is free on Windows 7 Ultimate and Enterprise variants - it's not free with any other version aside from some flavours of embedded.

Bitlocker is very secure and is in fact used by a number of governments to protect their data.

Configuration wise, you have a number of options but they depend on your hardware configuration:

USB key only, TPM only,  TPM and USB key, TPM, USB key and PIN, TPM and PIN.

Bitlocker in Windows 7 has the added benefit of BitLocker to go - you can encrypt removable drives such as USB HDD, USB Pendrives etc.

As previously stated, the recovery key (a multi-digit code used to unlock the device when the PIN is forgotten) can be stored in AD.

I would carefully consider the use of OpenSource solutions - they might work, but TrueCrypt, for example, has no independantly assured encryption (e.g. FIPS 140-1/2) and therefore things like the entropy used to generate the key may be less robust than other systems, making it easier to break.

Regards,


RobMobility.
0
 
RobMobilityCommented:
Hi,

Depending on your notebook manufacturer and model, you may already have a thrid party disk encryption solution available to you - HP business notebooks come with HP Protect Tools which is an OEM of McAfee and includes centralised management.

Regards,


RobMobility.
0
 
nav2567Author Commented:
Thanks.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

  • 2
  • 2
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now