asked on Symantec Encryption Software
Hi Experts,
I would like to know whether the Symantec encryption software can encrypt only a certain part of a HDD, for example. we don't want to encrypt the system drive
We find the Symantec Encryption software is slowing down the laptop performance.
Management now only wants the files and folders under the document settings and the temp files to be encrypted.Is this possible?
Can you refer me to a white paper or any article advising whether this can/cannot be done.
Can you please advise if this is possible and with out rebuilding a laptop and partition the drive into two disk?
I would like to know whether the Symantec encryption software can encrypt only a certain part of a HDD, for example. we don't want to encrypt the system drive
We find the Symantec Encryption software is slowing down the laptop performance.
Management now only wants the files and folders under the document settings and the temp files to be encrypted.Is this possible?
Can you refer me to a white paper or any article advising whether this can/cannot be done.
Can you please advise if this is possible and with out rebuilding a laptop and partition the drive into two disk?
Anti-Virus AppsOS SecurityEncryption
Last Comment
Rich Rumble
ASKER
anyone that could advise on this please?
Yes but for gods sake don't do it !!!
It's available from within the hard disk module in the management console
It's available from within the hard disk module in the management console
First something to make sure your aware of, Full disk encryption only protects from off-line attacks, like a laptop is stolen, or a HD is removed. If the laptop is booted up and unlocked, and I steal it from you, I can access anything I want, you've already unlocked it. This is the same for a virus or malware, once the laptop is unlocked, and boots up, it looks like any other HD to any other program.
If speed is an issue with your fully encrypted disc's then perhaps you can select another encryption format? Perhaps move "down" from AES-256 to AES-128 or something like that?
There are also other programs you can try, and even HD's that have FDE builtinto them:
http://www.google.com/search?q=Seagate++Momentus++FDE
TrueCrypt is another application you can try once the Symantec encryption is removed
-rich
If speed is an issue with your fully encrypted disc's then perhaps you can select another encryption format? Perhaps move "down" from AES-256 to AES-128 or something like that?
There are also other programs you can try, and even HD's that have FDE builtinto them:
http://www.google.com/search?q=Seagate++Momentus++FDE
TrueCrypt is another application you can try once the Symantec encryption is removed
-rich
ASKER
thanks guys,
@legalsrl -> what are the reasons for not recommeding this?
@legalsrl -> what are the reasons for not recommeding this?
We are the lead UK GuardianEdge partner (now Symantec after the acquisition)
All of the UK legislation states that the whole disk must be encrypted as users will chose the easiest place to save things.....
If you're trying to boost performance, then use SSDs, Hardware Encrypted Drives or increase the memory in the devices
The only way you will achieve this is to actually create a seperate partition and force a redirect of the My Docs folder to the new partition using GPOs
Once that's done you can encrypt the separate partition, but that is going to render the Pre Boot Authentication useless....
You can do it, but I really wouldn't do it......
If you want to go down that route, then you are looking at using Bitlocker rather than the GuardianEdge piece
Cheers
Si
All of the UK legislation states that the whole disk must be encrypted as users will chose the easiest place to save things.....
If you're trying to boost performance, then use SSDs, Hardware Encrypted Drives or increase the memory in the devices
The only way you will achieve this is to actually create a seperate partition and force a redirect of the My Docs folder to the new partition using GPOs
Once that's done you can encrypt the separate partition, but that is going to render the Pre Boot Authentication useless....
You can do it, but I really wouldn't do it......
If you want to go down that route, then you are looking at using Bitlocker rather than the GuardianEdge piece
Cheers
Si
SSD's are a bit overkill, but if you did go SSD, do not use software to encrypt them, they have to be hardware encrypted: http://www.truecrypt.org/docs/?s=wear-leveling
A hardware encrypted traditionaly drive is typically just as if not more cost effective than an SSD, especially if you break it down to MB/TB per Dollar.
If anyone suggests EFS, I will kill them :p Also EFS does not support temp files being encrypted.
-rich
A hardware encrypted traditionaly drive is typically just as if not more cost effective than an SSD, especially if you break it down to MB/TB per Dollar.
If anyone suggests EFS, I will kill them :p Also EFS does not support temp files being encrypted.
-rich
ASKER
currently using the max mem on these 32bit Win XP notebooks,
u mentioned this can be done from within the HDD disk modules management console? I will check this out tonight, any instructions?
u mentioned this can be done from within the HDD disk modules management console? I will check this out tonight, any instructions?
ASKER
@legalsrl: I can't see a place in the MM console of SEE as to where you can encrypt only part of the drive, instructions??
For symantec, check this out -mentioned to be ok for SEE 7.0.4.
@ http://www.symantec.com/connect/forums/secondary-partition-encryption-only
This table of comparison is useful
@ http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software#Layering
@ http://www.symantec.com/connect/forums/secondary-partition-encryption-only
This table of comparison is useful
@ http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software#Layering
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
it's not possible to encrypt specific files and folders only on a partition,
If you look at pgp,do yourself a favor and look at free alternatives as well True Crypt and FreeOTFE, and make sure symantec knows your looking at them :)
No objections btw.
-rich
No objections btw.
-rich