Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 610
  • Last Modified:

Server Hard Drive Encryption Advice

I'm setting up a server, which will host confidential information at a third party location. For security reasons I would like to have some sort of encryption for the data stored on it (3 external HDs worth of data). The server is running WHS2011. No confidential data is stored on the system drive, only the external HDs.

Could you tell me what the best way would be to encrypt those external drives, so that they would be unusable when plugged up to a different system.

Thanks Guys!
0
mpaert
Asked:
mpaert
8 Solutions
 
Tony JLead Technical ArchitectCommented:
You have a couple of options - WHS 2011 supports bitlocker (but you might want to confirm it can also use Bitlocker to go on external USB storage).

Otherwise, I've extensively used truecrypt (www.truecrypt.org) to do full disk encryption (including OS in the past).

It's free, open source, reliable and quick.
0
 
Amitabh SinghAWS Certified Solution Architect | L3 IT Specialist for CloudCommented:
Yes their is many PAID and open source software is up to you to choose want to want , i prefer to do not use open source and freeware to encrypt highly confidential  data .

Open source/free wear software

truecrypt (www.truecrypt.org)
FreeOTFE (http://www.freeotfe.org/)

PAID

Check Point Full Disk Encryption (http://www.checkpoint.com/products/full-disk-encryption/index.html)
Symantec PGP Encryption (http://www.symantec.com/business/whole-disk-encryption)
0
 
Rob KnightConsultantCommented:
Hi,

There may be regulatory or other restrictions which impose the need for FIPS 140-2 certified solutions - this will ensure that AES encryption is correctly implemented and therefore much more difficult to crack, if at all. The key strength is also dependant on the Crypt API used to generate the key and the entropy used during kek generation.

BitLocker uses FIPS certified libraries and CheckPoint and Symantec have FIPS certified offerings. Since you already have BitLocker, I'd be inclined to use that:

I believe this will help with BitLocker:

http://onlinehelp.microsoft.com/en-us/windowshomeserver2011/hh228214.aspx

Regards,


RobM.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Tony JLead Technical ArchitectCommented:
Trucrypt doesn't explicity say anywhere that it is FIPS compliant. But...my understanding of this compliance is that any device loses FIPS compliancy if it is connected to a system not fully compliant to the same standard? Weakest link in the chain, etc.

That said, who would be using Windows Home Server in a FIPS environment??

Truecrypt cannot be centrally managed as yet (no GPO's etc): that might be a more relevant to you.

In my first response, I gave both BitLocker AND Truecrypt as answers as they both fulfill the request on the information given.
0
 
Rob KnightConsultantCommented:
Hi,

I am not disputing your first post (i.e. recommending BitLocker) and my reference to the FIPS side is that the cryptographic libraries used are FIPS 140-2 certified - in other words the implementation of AES is in accordance with the FIPS standards.

Truecrypt does not have such a certification which is an independant assurance of the cryptography used and as such MAY NOT implement AES as rigourously as products that are.

This is why FIPS 140-2 is recognised throughout the world and certified products are used widely by Governments who want extra re-assurance about their encryption.

Regards,


RobMobility.
0
 
Tony JLead Technical ArchitectCommented:
I'm not arguing any of that.

But - the moment it's connected to a WHS2011 server where the system disk(s) are not encrypted via a FIPS-compliant mechanism, the whole stops being FIPS-compliant.

My point here being, that I don't think it's a problem that the OP will encounter and we are perhaps getting off on a tangent and overcomplicating what they had oringally asked for :-)
0
 
Rob KnightConsultantCommented:
Hi,

No worries - as you originally suggested, BitLocker would be my choice and the guide I referenced shows mpaert how to do it.

As it's integrated into the OS and not a third-party bolt-on, I would suggest it's the best approach and least likely to cause additional challenges moving forward?

Regards,


RobMobility.
0
 
Tony JLead Technical ArchitectCommented:
Totally agree - it'll certainly give the most seamless integration. I just mentioned TC as it's a free alternative and not everyone trusts MS to do their encryption (I'm not in that court, by the way) :-)
0
 
coredatarecoveryCommented:
If you go with truecrypt, use a long password and double encrypt, for extra security.

The extra long password will make it nearly impossible to crack thru brute force.

Also, don't pass up looking at maxtor Black armour drives, they're hardware encrypted but use a keyword and there's less processing power required as the drive encrypts itself on the fly.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now