• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 706
  • Last Modified:

Truecrypt boots to black screen on server 2008 r2

I'd thought i would take a chance by asking this question here as well as the truecrypt forum.

I have a medical business customer that wants the entire hdd drive on their server encrypted.  Easy enough right?  well so i encrypt using truecrypt.  everything works great.  about 3 weeks later though the server when it boots up stops at the truecrypt boot up screen wanting the password.  and once you put the password in, it begins booting up.  i see the windows logo with the scrolling from left to right at the bottom of the screen.  that logo then dissapears and a black screen shows up.  and it sits there never coming to the blue ctrl-alt-del screen.  
        so i decrypted the system and it boots fine now.  but this hdd needs to be encrypted so i went through the motions of re-encrypting the hdd and i reburned the rescue disc and truecrypt wants to do the pretest of rebooting.  when i reboot, again it stop at a black screen.  at the black screen the server hdd light is blinking to show activity, but i let it sit for 3 hrs and nothing.  I then reset the computer and let it reboot and press esc instead of typing the password and the server boots up to windows only to tell me that truecrypt failed the pretest.  Any suggestions?
0
Barnett Computers
Asked:
Barnett Computers
2 Solutions
 
Rich RumbleSecurity SamuraiCommented:
Server HDD's are not typically encrypted in this way. you have to understand that Full Disk Encryption only protects data at rest, when the OS is not running. When it's booted, the HDD looks no different to a networked attacker or a trojan than any other running windows OS.
Have a look at my article here:
http://www.experts-exchange.com/Security/Encryption/A_12134-Choosing-the-right-encryption-for-your-needs.html

If the encryption is to protect against physical theft, then you want full disk encryption. If it's to comply with HIPAA, then you've not encrypted anything at all when the OS is running.
-rich
0
 
McKnifeCommented:
You can of course use truecrypt for servers if you want to protect against theft. If it does not work out, uninstall truecrypt, reboot and try disk cryptor, a truecrypt spin-off.
If that does not work, take the built-in bitlocker.
0
 
Barnett ComputersIT Services CompanyAuthor Commented:
After reviewing the replies, we researched the built-in bitlocker and decided to install this option.  This was completed this weekend and will be delivered to the customer today.  

Thanks for the replies.
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 
McKnifeCommented:
Ok.

Make your customer aware that with a fully encrypted system, any reboot will require the passphrase, so any automatic bluescreen-reboot, too! Unless you used a TPM without PIN.
0
 
Rich RumbleSecurity SamuraiCommented:
And the encryption is only protecting the drives from theft :) The data is not safer when the OS is running.
-rich
0
 
petevitiCommented:
I installed true crypt. I did not activate any encryption. But I rebooted and I now I have a black screen on all users. How do I turn off black screen? Please help pete.viti@gmail.com
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now