FIPS Compliant Encryption Software for Windows 7 64-bit laptops

I am looking for reliable and efficient file encryption software.  I don't think encrypting the whole drive is necessary, and actually I think it may actually slow the system down.  Not exactly sure about that, but that's a guess on my part.  What I need is the abilbity to encrypt folded and files on the hard drive and maybe thumb drives individually and/or collectively.  The software must meet FIPS standards though.  
cmp119IT ManagerAsked:
Who is Participating?
 
Rob KnightConnect With a Mentor ConsultantCommented:
Hi,

What processors are you using - most accelerate AES encryption so the performance degradation is much less noticeable.

Most vendors supply FIPs 140-2 certified cryptography in their full disk encryption solutions - McAfee (including the HP Protect tool variants supplied with HP business laptops), Symantec, MobileIron etc. and specialists such as BeCrypt.

Full disk encryption guarantees that the data is protected on the drive - encrypted containers, where not used correctly, can allow data to be saved to an unencrypted drive.

Regards,


RobMobility.
0
 
Brad HoweDevOps ManagerCommented:
Hi,

 What OS version is this? If it is Enterprise or Ultimate, You can use BitLocker.

BitLocker Drive Encryption Design Guide for Windows 7
http://technet.microsoft.com/en-us/library/ee706536(WS.10).aspx

Just configure the System cryptography options to se FIPS compliant algorithms for encryption.

cheers,
Hades666
0
 
TomasPCommented:
If you don't want to encrypt the whole drive then configure the system to use FIPS as hades666 stated and use the built in file encryption already built in from Vista on
http://windows.microsoft.com/en-US/windows-vista/Encrypt-or-decrypt-a-folder-or-file
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
cmp119IT ManagerAuthor Commented:
We are dealing exclusively with Windows 7 Pro 64-bit laptops.
0
 
TomasPCommented:
Then you are golden. Follow the instructions to use FIPS mode exclusively on Windows and then follow the guidance on the Microsoft site to encrypt files. You will be both FIPS and SuiteB compliant.

I speak with some authority as I was the Microsoft Crypto PM for Windows before I struck out on my own.
0
 
btanExec ConsultantCommented:
0
 
Rob KnightConsultantCommented:
Hi,

TrueCrypt doesn't use FIPS 140-2 certified cryptographic libraries so you have no assurance of the AES implementation nor the entropy used to generate the keys.

Weak keys could be generated and even stored in the clear or poorly obfuscated.

Regards,


RobMobility.
0
 
btanExec ConsultantCommented:
@RobMobility - Noted with thanks. Yes it is not listed in CMVP
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm

Another option is exploring the use of OpenSSL FIPS Object Module which is in the list. But just like to highlight the NIST SP 800-38E which is a recommendation for the XTS-AES mode of operation, as standardized by IEEE Std 1619-2007, for cryptographic modules. Truecrypt support that.

According to SP 800-38E, "In the absence of authentication or access control, XTS-AES provides more protection than the other approved confidentiality-only modes against unauthorized manipulation of the encrypted data."
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.