Solved

Data secure on Window 7 /8

Posted on 2013-12-03
5
385 Views
Last Modified: 2013-12-10
Need several alternative to protect Window 7 / 8 data

1. For bitlock encrytion on Window 7 / 8,  can it support Professional or each Window need to be in Enterprise version.

2. Any other solution that even work on normal Window to protect data encryption ? Is there any product that can even support remote wiping the data ?

Tks
0
Comment
Question by:AXISHK
  • 2
  • 2
5 Comments
 
LVL 27

Assisted Solution

by:Jason Watkins
Jason Watkins earned 200 total points
ID: 39692807
Bitlocker is available only for Enterprise and Ultimate editions of Windows 7. I am not sure about Windows 8, but would guess the Pro and Enterprise versions there support Bitlocker. Symantec's PGP Desktop supports Full Disk Encryption. That what we use where I work.
0
 
LVL 14

Expert Comment

by:Giovanni Heward
ID: 39692943
Bitlocker supports encrypted volumes protected with either 128-bit or 256-bit AES and optionally diffused using an algorithm called Elephant.

BitLocker is only available in the Ultimate and Enterprise editions of Microsoft's Windows Vista and Windows 7, and with the Pro and Enterprise editions of Windows 8, as well as Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012.

TrueCrypt permits cascading of strong 256-bit encryption ciphers, such as AES-Twofish-Serpent (recommended)

truecrypt algorithms
Meaning the Serpent layer is encrypted with a Twofish layer, which is encrypted with an AES layer.

At the end of the day these are all symmetric (private key) ciphers, meaning the protection provided is dependent upon not only how strong your private key (password) is but also how well protected that key remains.

Consider a password with sufficient haystack search depth to thwart brute force attempts.

One idea to consider is selecting a file or phrase for use as the password, and then creating a SHA256 hash against it.  You would then use the SHA256 hash as your password.

For greater security, you want to implement 2-factor authentication (something you know , something you have, or something you are)

For example, using TrueCrypt in conjunction with a password (something you know) and YubiKey (something you have).  TrueCrypt supports other options, such as tokens and smart cards.

PGP Disk Encryption is another excellent product and can provide for more centralized control.
0
 

Author Comment

by:AXISHK
ID: 39695587
can the product something remote data wipe or erase all data if too many password attempt ?

Tks
0
 
LVL 14

Accepted Solution

by:
Giovanni Heward earned 300 total points
ID: 39695979
A truecrypt encrypted volume is a stand-alone file and thus cannot destroy itself when brute forced tactics are being deployed.  However, if you incorporate a device dedicated to this purpose, such as an IronKey, you can achieve both.  (e.g. use IronKey to host your Truecrypt volume (this is what I use personally.)

The device will permanently self-destruct after 10 consecutive incorrect password attempts, and a ruggedized, waterproof metal chassis resists physical break-ins and is tamper evident.

HARDWARE ENCRYPTION
Data: 256-bit AES Cipher-Block Chained mode
PKI: 2048-bit RSA
Hashing: 256-bit SHA
FIPS Validations: 140-2 Level 3
0
 

Author Closing Comment

by:AXISHK
ID: 39710631
Tks
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Organization chart add-in for office 2013 2 23
Internet Protocol Security question 3 72
stopping group policy 6 27
Exchange 2010 offline Address Book (OAB) not updating 10 42
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question