Need encryption software recommendations.

Hi All!

I was tasked with finding some disk encryption software for the firm.  No problem, I purchased licenses of Symantec PGP Encryption which does the disk level encryption of a laptop pretty efficiently, and also of USB data sticks just as efficiently.  However, I have run into a snag....the USB sticks.

What they would LIKE to do...is to be able to take an encrypted USB stick to a client, plug it in to their system, and have the client copy data to said encrypted stick, thus keeping data security high.  However, once the USB stick is encrypted with the Symantec software, it is unreadable by any system without the PGP software installed...thus making the stick useless for the purpose we need them.

Question is...can anyone recommend encryption software that will encrypt a USB stick (and possibly laptop HDD also), but would allow access (even if just "copy to" access) to the stick from a system not installed with said software?  Perhaps using a passphrase or something other way to unlock?
J4sstromAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dipopoCommented:
I think with truecrypt you can create a passphrase to allow your client to decrypt said disk and send back to you.

http://www.truecrypt.org/
0
WyoComputersCommented:
We use TrueCrypt (which we made a little launcher), its portable, or SecureUSB (which I think is called secure folder now) by Subin Ninan.  Truecrypt is FREE, but requires administrator access.  The SecureUSB / Folder program does not require administrator access.

We use McAfee endpoint encryption for the hard disks, and ran into the same issue with encrypting portable devices.

Another option is:

http://www.apricorn.com/products/hardware-encrypted-drives.html

We have several of these in use, they just require the user to punch in a code to unlock the device and enable data access... no software required.
0
Giovanni HewardCommented:
I highly recommend IronKey.
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Emmanuel AdebayoGlobal Windows Infrastructure Engineer - ConsultantCommented:
Hi,

You can use Rohos Disk Browser

Rohos Disk Browser is a portable encryption tool that allows to create and work with encrypted partitions on a USB drive. With this tool you can password protect USB flash drive or portable HDD and work with it on any Windows computer, even if you do not have administrative rights.

Encryption features:
•Create password protected and encrypted containers on USB flash Drive. Container may be stored in AVI or any other media file (stenography).
•Create password protected and encrypted partitions on USB flash Drive.
•Opens with read/write support the following encrypted medias: USB flash drive partition, container file, AVI or media file with container data.
•Change password of encrypted partition or container.
•Encryption is on-the-fly in user mode and does not leave unencrypted data on the TEMP folders.
•Encryption algorithm is AES with 256 key length.

Advantages of Rohos Disk Browser portable encryption:

You can create an encrypted volume and work with it in a usual way - view the files, copy files and folders outside or inside, use available applications to open files. Also the unique features includes:
•Open any file from encrypted partitions by double-click and Save changes back by using “Save” command from any application.
•Browse images and videos in preview mode (thumbnail view) without decrypting them into temporary folder.
•Play music or video with on-the-fly decryption right into media player.

For more information, please check

http://www.rohos.com/products/rohos-mini-drive/
Regards
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
EirmanChief Operations ManagerCommented:
The article describes how to use truecrypt in traveller mode which does exactly what you want ..... Namely truecrypt ONLY installed on the USB device. The only limitation is that the computer you are copying files from must have administrator privilages.
http://www.makeuseof.com/tag/encrypt-your-usb-stick-with-truecrypt-60/

You can do the same thing with bestcrypt from jetico.com which is by far my favourite encryption software.

Just download the free traveller version http://www.jetico.com/products/free-security-tools/bestcrypt-traveller and store that file on your USB device.

Then create an encrypted container to fill the remainder of the space on the device. Then you plug your USB stick into any PC or MAC and you can use the traveller program to access/modify the encrypted data on the stick (which will appear as another drive letter (e.g. E:\) on the PC)
0
J4sstromAuthor Commented:
I thank everyone for the responses, truly appreciated.

I like the idea of IronKey and Apricorn, but they already purchased a ton of disks with logos on them, so not likely to invest in $300 sticks now, but I thank you.

I tried Truecrypt but wasn't able to get it to do exactly what I wanted.  Admin privileges on opening system are an issue.  Would be going to clients with no software.

At the moment, will need some more testing, but Rohos seems like the winner.  Having a hidden encrypted partition on the drive, easy to configure, drive is usable normally outside of the partition, and free.  Can't ask for much more.

Thanks again everyone.
0
EirmanChief Operations ManagerCommented:
A few more things about bestcrypt traveller ... I said any PC or MAC ..... should be PC Only.

It's free and administrator privileges are not required.

No 8 gig limit for free use. You could bring a 2gig external drive if needed.

Your typical USB stick needs only two files .....
BCTraveller.exe
CustomerData.jbc
0
McKnifeCommented:
Bitlocker to go does what you need. Encrypted sticks can be read and written to on windows 7 and 8 systems (any edition) - for xp or vista, a reader would need to be installed, and even then, writing would not be possible, only reading. Please note that for creating such a drive (=encrypting it), windows 7 ultimate or enterprise or win8 pro is needed, BUT it can be used (read+write) on any win7 or 8 system.
http://www.techrepublic.com/blog/windows-and-office/secure-your-usb-drives-with-bitlocker-to-go-for-windows-7/
0
marsiliesCommented:
FreeOTFE has a tool called FreeOTFE Explorer which allows FreeOTFE volumes to be accessed without installing software, and on computers where no administrator rights are available:
http://sourceforge.net/projects/freeotfe.mirror/


Also, on a hardware level, there's pass-through USB encrypters like CypherUSB, which could be used for any place that has a Software Restriction Policy that prevents them from running any program off a USB stick:
http://www.pcmag.com/article2/0,2817,2402611,00.asp
0
Rich RumbleSecurity SamuraiCommented:
You may want a physical answer to the problem, there are lot's of them:
http://www.apricorn.com/products/hardware-encrypted-drives/aegis-secure-key.html
http://www.corsair.com/usb-drive/flash-padlock-2-usb-drive.html
They are universal, no software to mess with.
Other than that, Bitlocker to-go would be what I'd use, even if it's probably got a back door in it.
Another alternative is Winzip, or 7zip. Windows XP includes the native ability to encrypt a zip file, right-click your file(s) or folder(s), Send to->Compressed folder. Open the compressed folder and File->Add Password...
That native zip crypto however, even in windows 7/8, is old and weak by modern winzip standards. 7zip offers aes-256 as does the newer versions of Winzip, but again the native versions in windows use old crypto and can't encrypt the file names.

One last thing, remember that Full-disk-encryption only protects your data when the OS is not running. When the os is running, there is no added benefit afforded to you by using FDE. For more detail read here: http://www.experts-exchange.com/Security/Encryption/A_12134-Choosing-the-right-encryption-for-your-needs.html
-rich
0
LeeTutorretiredCommented:
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0
Giovanni HewardCommented:
I vote to give this to giveandtake638, as the authors last update stated
Rohos seems like the winner
0
EirmanChief Operations ManagerCommented:
There were several worthy contributions which did answer the question, so I think the points should be divided proportionately.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.