[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

FIPS Compliant Encryption Software for Windows 7 64-bit laptops

Posted on 2011-10-11
8
Medium Priority
?
1,264 Views
Last Modified: 2012-08-14
I am looking for reliable and efficient file encryption software.  I don't think encrypting the whole drive is necessary, and actually I think it may actually slow the system down.  Not exactly sure about that, but that's a guess on my part.  What I need is the abilbity to encrypt folded and files on the hard drive and maybe thumb drives individually and/or collectively.  The software must meet FIPS standards though.  
0
Comment
Question by:cmp119
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 30

Expert Comment

by:Brad Howe
ID: 36951185
Hi,

 What OS version is this? If it is Enterprise or Ultimate, You can use BitLocker.

BitLocker Drive Encryption Design Guide for Windows 7
http://technet.microsoft.com/en-us/library/ee706536(WS.10).aspx

Just configure the System cryptography options to se FIPS compliant algorithms for encryption.

cheers,
Hades666
0
 
LVL 5

Expert Comment

by:TomasP
ID: 36951346
If you don't want to encrypt the whole drive then configure the system to use FIPS as hades666 stated and use the built in file encryption already built in from Vista on
http://windows.microsoft.com/en-US/windows-vista/Encrypt-or-decrypt-a-folder-or-file
0
 

Author Comment

by:cmp119
ID: 36951492
We are dealing exclusively with Windows 7 Pro 64-bit laptops.
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 
LVL 5

Expert Comment

by:TomasP
ID: 36951542
Then you are golden. Follow the instructions to use FIPS mode exclusively on Windows and then follow the guidance on the Microsoft site to encrypt files. You will be both FIPS and SuiteB compliant.

I speak with some authority as I was the Microsoft Crypto PM for Windows before I struck out on my own.
0
 
LVL 25

Accepted Solution

by:
RobMobility earned 1000 total points
ID: 36971968
Hi,

What processors are you using - most accelerate AES encryption so the performance degradation is much less noticeable.

Most vendors supply FIPs 140-2 certified cryptography in their full disk encryption solutions - McAfee (including the HP Protect tool variants supplied with HP business laptops), Symantec, MobileIron etc. and specialists such as BeCrypt.

Full disk encryption guarantees that the data is protected on the drive - encrypted containers, where not used correctly, can allow data to be saved to an unencrypted drive.

Regards,


RobMobility.
0
 
LVL 65

Expert Comment

by:btan
ID: 36975604
0
 
LVL 25

Expert Comment

by:RobMobility
ID: 36975623
Hi,

TrueCrypt doesn't use FIPS 140-2 certified cryptographic libraries so you have no assurance of the AES implementation nor the entropy used to generate the keys.

Weak keys could be generated and even stored in the clear or poorly obfuscated.

Regards,


RobMobility.
0
 
LVL 65

Expert Comment

by:btan
ID: 36977424
@RobMobility - Noted with thanks. Yes it is not listed in CMVP
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm

Another option is exploring the use of OpenSSL FIPS Object Module which is in the list. But just like to highlight the NIST SP 800-38E which is a recommendation for the XTS-AES mode of operation, as standardized by IEEE Std 1619-2007, for cryptographic modules. Truecrypt support that.

According to SP 800-38E, "In the absence of authentication or access control, XTS-AES provides more protection than the other approved confidentiality-only modes against unauthorized manipulation of the encrypted data."
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses
Course of the Month20 days, 10 hours left to enroll

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question