Endpoint encryption for WIN7

If I want to encrypt a win7 laptop for our travel users to increase data security of the laptop when they travel, is Bitlocker the free native feature/product I can use on WIN7?

If yes, I'd like to try out this.  We also trying other paid products such as Mcafee EEPC.

Please advise.  

Thanks.

 
nav2567Asked:
Who is Participating?
 
wantabe2Commented:
I've used bitlocker but now use truecrypt. It;s very easy to use & highly recomend it.

http://www.truecrypt.org/

It supports both 32 & 64 bit and its free
0
 
nav2567Author Commented:
What can't bitlocker do compare to the other product?
0
 
BrianCommented:
Performance wise there is no big difference. TryeCrypt offers support for more OSs and more encryption algorithms and types. I second the recommendation of TrueCrypt.
0
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

 
abbrightCommented:
I also recommend TrueCrypt. Nevertheless it misses features that might be of use in enterprises. For example there is no possibility to centrally configure it using group policies, there is no way to setup a recovery agent which allows decryption of the data in case the user forgets his password or leaves the company. And as far as I know there is no TPM-support.
All of this is part of Windows Vista / Windows 7-Bitlocker which is part of the enterprise and ultimate-versions.
0
 
brianm71Commented:
I presently use MCAfee EEPC.  The good thing thing about it is the centralized reported from ePO.  
0
 
wantabe2Commented:
The main reason I went with Truecrypt is it is supposed to have more algorythms & be more hard to crack than bitlocker. I also know of one instance with Symantec AV, they released a virus def a few years ago & if you had bitlocker on a PC it would not boot & their fix to this was telling people not to reboot their PC until a fix came out....Those are the two reasons I use truecrypt in my organization. Here is a link that outlines some of the pros & cons of both.

http://www.tomshardware.com/reviews/bitlocker-truecrypt-encryption,2587-9.html

As far as performace of the PC, I did not see any lesser  PC performance with either product.
0
 
Ivano ViolaSystem AdministratorCommented:
BitLocker will allow you store the recovery key in the computer object in Active Directory (if you're using AD). It will also store the TPM recovery key if you wish. There is no performance hit when BitLocker is applied and I've found it to be straight forward and reliable. You can suspending and resume BitLocker quickly if you need to update the BIOS or make hardware changes. Overall I've been very happy with its implementation and reliability.
0
 
Rob KnightConsultantCommented:
Hi,

Bitlocker is free on Windows 7 Ultimate and Enterprise variants - it's not free with any other version aside from some flavours of embedded.

Bitlocker is very secure and is in fact used by a number of governments to protect their data.

Configuration wise, you have a number of options but they depend on your hardware configuration:

USB key only, TPM only,  TPM and USB key, TPM, USB key and PIN, TPM and PIN.

Bitlocker in Windows 7 has the added benefit of BitLocker to go - you can encrypt removable drives such as USB HDD, USB Pendrives etc.

As previously stated, the recovery key (a multi-digit code used to unlock the device when the PIN is forgotten) can be stored in AD.

I would carefully consider the use of OpenSource solutions - they might work, but TrueCrypt, for example, has no independantly assured encryption (e.g. FIPS 140-1/2) and therefore things like the entropy used to generate the key may be less robust than other systems, making it easier to break.

Regards,


RobMobility.
0
 
Rob KnightConsultantCommented:
Hi,

Depending on your notebook manufacturer and model, you may already have a thrid party disk encryption solution available to you - HP business notebooks come with HP Protect Tools which is an OEM of McAfee and includes centralised management.

Regards,


RobMobility.
0
 
nav2567Author Commented:
Thanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.