?
Solved

Need a quick solution to hard drive encryption software please

Posted on 2011-09-19
5
Medium Priority
?
290 Views
Last Modified: 2012-06-21
Need a solution that is not an administrative burden for IT dept.

Need "whole disk encryption" for Windows Professional.
Thank you!
Sheila Venable
svenable@lsfcu.net
0
Comment
Question by:sheilavenable
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 9

Expert Comment

by:Brian
ID: 36563358
I recommend TrueCrypt. www.truecrypt.com
0
 
LVL 6

Expert Comment

by:da3ve
ID: 36563555
I agree that TrueCrypt is a decent solution.

My company uses Guardian Edge's Hard Disk Encryption (now Symantec) which has some issues. When it works, it is great. Trying to recover from a bad hard disk can be challenging. Occasionally it seems to forget that there are users registered and all the users are locked out of the machine.

You mention not wanting to burden IT administratively. Unfortunately, any system is going to cause some quantity of work for IT. Encryption can become especially challenging when it fails to function correctly.

To further assist, please provide some more information about what you are trying to accomplish with disk encryption:
Is this going to be a one-off installation or are you looking for group/branch/department solution?
Does the IT group have an existing solution that isn't meeting their needs?
Do you need to be in compliance with SOX/HIPAA/GLBA/FISMA?

Thanks.
0
 

Author Comment

by:sheilavenable
ID: 36566238

Good Morning Master,
We are a financial institution with very little IT (2 people).  This will be our first solution.
Usually we purchase products from our data processor for support but for the last 4 years they have not come up with a solution.  I actually loaded TrueCrypt yesterday on my Windows 7 PC.  We have 10 laptops that need encryption and yes we need to be in compliance with GLBA.  Any advice you have on TrueCrypt and the way it should be set up would be greatly appreciated.
Thank you!
Sheila Venable

Need a solution that is not an administrative burden for IT dept.

Need "whole disk encryption" for Windows Professional.
Thank you!
Sheila Venable
svenable@lsfcu.net
0
 
LVL 6

Accepted Solution

by:
da3ve earned 2000 total points
ID: 36568820
Thanks for the info.

http://www.randyjensenonline.com/blog/using-truecrypt-to-encrypt-your-entire-hard-drive

The above link is a pretty good step-by-step. AES is, in my mind, an acceptably secure algorithm and RIPEMD-160 hasn't any reported vulnerabilities yet.

Like any software solution, make sure that you keep your goals in mind.

Lets go into the deployment in general terms for a moment. It sounds like you need to use encryption for GLBA compliance without any undue burden on the users or the admin staff. Groovy. Some of the potential problems that you will face are going to be:
data recovery after hardware failure (motherboard/HDD)
data recovery from a disgruntled employee who has deleted all of their data
data recovery from a lost password
data recovery for a user on travel with the above problems

I would set up a testing plan to run through these scenarios (and any others I missed) before you go live. Once you have the software loaded, swap the HDD into a different machine (same model) and see if the password will work. Boot to the recovery disk and see if you can recover files to a USB or network drive without using the drive password. Try doing an undelete to recover deleted documents from an encrypted disk. Document everything so that you aren't left hanging when something bad happens.

You'll probably want to implement policy to get the users into backing up laptop data (perhaps automatically) to a server so you have a current copy in case all of the recovery methods fail.

You'll definitely want a good (and backed-up) archive of all the recovery disk .ISO images on a share for the admins.

HTH.
0
 

Author Closing Comment

by:sheilavenable
ID: 36588333
Thank you very much for your advise!
I really appreciate it!
Sheila Venable
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question