Solved

Data Encryption on External Drives

Posted on 2014-01-13
11
445 Views
Last Modified: 2014-03-15
Hello - Need to find an affordable / practical solution to encrypt data on external drives that may be plugged into a Win 2008 Server.

Symantec offers a product called 'Drive Encryption' but to run it on a SERVER it costs $2500 (as opposed to the DESKTOP version of 'Drive Encryption' which is $110 per desktop.)

So having to buy the SERVER version seems like overkill, as I do NOT want to encrypt the server Hard Drives at all - just the 2 external Hard drives that are plugged into the Server....

Since the DESKTOP version of that software seemed more like the way to go, I actually went to the extent (on my test 2008 server) to spin up a Windows 7 instance within Hyper-V on my 2008 Test Server - only to find that Hyper-V doesnt really support external hard drives (meaning they wouldn't show up when plugged in - and couldnt find a way to 'Mount' an external drive in the Virtual Instance so it showed up as the F:\ drive for instance.)

My thoughts were to install the Symantec encryption product within the Win 7 instance, then apply the encryption on the 2 externals drives that way....seemed to be a pretty slick (albeit an overly complicated) approach - but again, once I found out that external drives dont show up in the Virtual Win 7 instance - that approach came to a screeching halt.

Any thoughts on how to do this in an affordable / practical fashion?
0
Comment
Question by:teks14
  • 4
  • 4
  • 3
11 Comments
 
LVL 79

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 166 total points
ID: 39778182
Bitlocker and Truecrypt come immediately to mind
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 334 total points
ID: 39780272
Yes, Bitlocker is even built-in.
Before you proceed, please take a minute to think about this:
Encrypted drives need someone to enter the key before they can be used - is that possible at your server or would that need to be automated? Also think of the danger of restarts (scheduled updates and BSODs) at night when no one is around - automation needed - or?
0
 

Author Comment

by:teks14
ID: 39787341
re: McKnife

That is exactly why I'm perplexed - because if I encrypt the external drive, and it is being used as the drive that the nightly backups are written to - is the backup going to fail every night because it could not write the backup file to the external 'encrypted' hard drive?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 39787489
once the drive is mounted it will stay mounted until the computer is reset, you can have the drives automount (bitlocker using tpm) or truecrypt
0
 

Author Comment

by:teks14
ID: 39787536
re: David Johnson, CD, MVP - so encrypt the external drive, mount it - it will now act as a normal drive (albeit an encrypted one) and the backups should write to the external as normal - when the system (that the drive is connected to) reboots - I will be prompted to authenticate, or satisfy the passphrase or key for the encrypted drive (until it is rebooted again) - does that sound about right?
0
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 39787547
Sounds right.. though you can configure the drives to auto-mount on boot
0
 

Author Comment

by:teks14
ID: 39787556
Yeah I do see the Auto-mount feature in the Truecrypt that you mentioned earlier - I can see that coming in handy.

So if I were to take the external drive offsite to update some of the files that resided on the encrypted external drive, what would I face when attempting to:

1.) Connect the External drive to a different PC
2.) open / update the file

I'm assuming that I would just be prompted for the encryption key in each of the above mentioned scenarios?
0
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 39787584
correct you will need the encryption keys
0
 
LVL 54

Accepted Solution

by:
McKnife earned 334 total points
ID: 39787738
Auto-mounting is defeating security of course. It should only be used in some use cases.
It would be better here to have a second computer that is physically secured and serves the encryption key via Network - this is what we do with our servers.
The "key server" ("KS") is in a secured room, the encrypted servers (ES) are not. The ES have encrypted data partitions that mount by reading a keyfile from a share of the KS. Afterwards, their services that use data from that partition are started by a script.
Truycrypt and disk cryptor both offer this, while Bitlocker just started to offer this with server 2012 (called "netunlock").
0
 

Author Closing Comment

by:teks14
ID: 39931407
While I setup TrueCrypt and tested FIRST, ultimately I noticed that the External HD's had built-in data backup encryption - so I wound up using that
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39931421
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article you will get to know about pros and cons of storage drives HDD, SSD and SSHD.
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now