Data Encryption

I'm looking for a product that can safely and reliably encrypt the hard drives on our laptops.  I've read that Symantec's Disk Encryption is a good product but can be a bit pricey.  Dows anyone have an opinion on Microsoft's Bit Locker?  How soes this product compare to Symantec?  What other encryption tools are worth looking into?  Will Bit Locker encrypt the entire drive or does it do file encryption?
NytroZAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PJL2Commented:
One option would be to use Truecrypt to create an encrypted volume on her computer to store data in. Very reliable.
0
PJL2Commented:
Truecrypt is free. Search "truecrypt" on google for download.
0
Dave HoweSoftware and Hardware EngineerCommented:
Depends on if you need an enterprise class product or not.

Bitlocker is whole drive encryption, but there are now suggestions that bitlocker has been "backdoored" - and of course you need to be running a central ad domain and so forth. Probably still safe enough unless you need to hide stuff from the US Government.

Truecrypt is the category killer for disk crypto, but has no central control mechanism, so is "clunky" to administer (basically, you need to build a recovery iso for each machine, store them securely, and use them to recover the machine if you get locked out) - hence, is not considered enterprise class. However, it is very, very effective, and free.
0
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

arunykandCommented:
I have been using Trend Micro Drive Armor for the last few years.

http://www.trendmicro.com/us/enterprise/product-security/endpoint-encryption/index.html
0
Rich RumbleSecurity SamuraiCommented:
Before you say "I need encryption" understand what encryption will and will not do:
http://www.experts-exchange.com/Security/Encryption/A_12134-Choosing-the-right-encryption-for-your-needs.html
TLDR; Full disk encryption only protects your data when the OS is powered off completely. It protects from physical theft of a HDD. There are caveats and best practices to each encryption technology, if you do not follow them or address them, you may as well have not used encryption at all.
-rich
0
McKnifeCommented:
Hi.

In order to focus on only a few products: does your win7 edition entitle you to use bitlocker? Ultimate or enterprise are needed, win7 pro does not offer bitlocker (while win8 pro does).
--
If you should talk numbers, what may your choice cost?
How many laptops? If more than 10, I would definitely choose a managable product like symantecs encryption desktop 10.
0
NytroZAuthor Commented:
We do run Windows 7 Ultimate.  I am mostly interested in full disk encryption in the event the device is lost or stolen.  If Bit Locker is used, how can the encryption be managed?  There will only be about 10 laptops.
0
Rich RumbleSecurity SamuraiCommented:
Bitlocker is perfect, free and reasonably secure until further proof is made.
http://www.microsoft.com/en-us/download/details.aspx?id=26796 management pack for BL.
Go through these check-lists
http://technet.microsoft.com/en-us/windows/hh826072.aspx

It's mostly done via AD, you can even have the recovery information backed up into AD:
http://technet.microsoft.com/en-us/library/dd875529%28v=ws.10%29.aspx

BTW TPM is not required, but is often present, it does have to be enabled in some bios's first to be utilized. http://www.intel.com/support/motherboards/server/sb/CS-029689.htm
-rich
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
McKnifeCommented:
In no Bitlocker discussion this advice should be missing: don't use TPM alone, combine it with a PIN or else you will be a possible target for cold boot attacks other attack vectors any encryption faces that does not rely on preboot authentication (which is what the PIN offers).
0
NytroZAuthor Commented:
I installed the Bit Locker.  I used the TPM method. I don't recall being asked to provide a PIN.   So now when I boot the laptop everything appears normal.  After I provide the AS username and password the data on the drive is available.  does this mean the encryption is only as strong as the password?  If someone were to use a hacking tool to reset the password would this deny that?  How can I implement the PIN now?
0
McKnifeCommented:
Allow me to point out: encryption is a hype. How many people have I read of that don't know the technical background but are so eager to encrypt each and everything :)
--
You need to add a PIN or your only protection is the password - correct. Also I mentioned cold boot attacks, which don't even need that password.
About "hacking tools": the commonly used tools reset the password of the builtin administrator account. BUT: they don't work with encrypted drives, no matter if a PIN is used or not.
0
NytroZAuthor Commented:
Understood, so how do I add  PIN to Bit Locker now.  I am currently only using TPM.
0
McKnifeCommented:
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.