Swift
asked on
Securing Windows Xp - 7 laptops data against theft / loss
Hi
Am in search of a comprehensive solution to protect company's laptops against accidental loss or deliberate theft. As most of the laptops have Windows 7 Ultimate / Enterprise version on them, Bitlocker and EFS deployment comes to mind but doesn't cut a very clean manageable picture. Queries are:
1. Most of the laptops have HDD protection built in these days which can be controlled via BIOS level password. Is this password mechanism subject to hacking via rainbow tables?
2. If I do not have HDD protection password configured, Bitlocker is not AD domain integrated. If the AD or local admin password is compromised, Bitlocker becomes a moot point.
3. Windows 7 EFS seems a bit promising. But is this adequate protection against loss especially is emails are lying in a pst file outside of the EFS protected folder?
Tracking of the lost / stolen laptop is not so much of an issue as to guard against pilferge of information on the disk.
Thanks.
Am in search of a comprehensive solution to protect company's laptops against accidental loss or deliberate theft. As most of the laptops have Windows 7 Ultimate / Enterprise version on them, Bitlocker and EFS deployment comes to mind but doesn't cut a very clean manageable picture. Queries are:
1. Most of the laptops have HDD protection built in these days which can be controlled via BIOS level password. Is this password mechanism subject to hacking via rainbow tables?
2. If I do not have HDD protection password configured, Bitlocker is not AD domain integrated. If the AD or local admin password is compromised, Bitlocker becomes a moot point.
3. Windows 7 EFS seems a bit promising. But is this adequate protection against loss especially is emails are lying in a pst file outside of the EFS protected folder?
Tracking of the lost / stolen laptop is not so much of an issue as to guard against pilferge of information on the disk.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
To keep administration cost low, hello support, I lost my password... you need some kind of managed service.
apart from pgp you can give drivecypt plus enterprise edition a try.
http://www.securstar.com/products_drivecryptpp_MC.php
This solution gives you a centralized management console you can use to reset passwords or log access attempts.
--
truecrypt is for free but you have to perform more manual tasks like saving the first 1 MB of the harddisk to recover passwords from each laptop.
http://www.cgsecurity.org/wiki/Recover_a_TrueCrypt_Volume
Tolomir
apart from pgp you can give drivecypt plus enterprise edition a try.
http://www.securstar.com/products_drivecryptpp_MC.php
This solution gives you a centralized management console you can use to reset passwords or log access attempts.
--
truecrypt is for free but you have to perform more manual tasks like saving the first 1 MB of the harddisk to recover passwords from each laptop.
http://www.cgsecurity.org/wiki/Recover_a_TrueCrypt_Volume
Tolomir
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you really DO NOT WANT unauthorized access and are very serious about it.
You can TRY what ever is thrown your way.
Or you can cut the chase and just get it done using PGP.
I give you my recommendation from actual experience as do some others.
Here is actual 11 month Forensic attempt on a CLOSED case to penetrate a certain unnamed owners hard-rive by an official GOV
agency.
PGP Does it well and has no real noticeable system resource issues.
I have used it for a decade and it is the first thing I install after the OS.
Selvol
You can TRY what ever is thrown your way.
Or you can cut the chase and just get it done using PGP.
I give you my recommendation from actual experience as do some others.
Here is actual 11 month Forensic attempt on a CLOSED case to penetrate a certain unnamed owners hard-rive by an official GOV
agency.
PGP Does it well and has no real noticeable system resource issues.
I have used it for a decade and it is the first thing I install after the OS.
Selvol
Fahim, any feedback?
ASKER
In terms of manageability, I believe Bitlocker's dependency on local TPM chip for creating keys makes it a bit unmanageable in scenarios where establishments do not have SCCM otherwise there is a cool MMC snapin out there.
PGP is a bit costly over the other contenders within MDM gartner's leaders quadrant.
Though closing this question, but will relate to users on the way, I have chosen.
Regards
PGP is a bit costly over the other contenders within MDM gartner's leaders quadrant.
Though closing this question, but will relate to users on the way, I have chosen.
Regards
Bitlocker can be scripted and is not dependent on a TPM, you can also use startup keys from usb sticks or diskettes. But anyway, that's not applicable to xp.
.... Thinkpads_User