Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Data Encryption on External Drives

Posted on 2014-01-13
11
Medium Priority
?
451 Views
Last Modified: 2014-03-15
Hello - Need to find an affordable / practical solution to encrypt data on external drives that may be plugged into a Win 2008 Server.

Symantec offers a product called 'Drive Encryption' but to run it on a SERVER it costs $2500 (as opposed to the DESKTOP version of 'Drive Encryption' which is $110 per desktop.)

So having to buy the SERVER version seems like overkill, as I do NOT want to encrypt the server Hard Drives at all - just the 2 external Hard drives that are plugged into the Server....

Since the DESKTOP version of that software seemed more like the way to go, I actually went to the extent (on my test 2008 server) to spin up a Windows 7 instance within Hyper-V on my 2008 Test Server - only to find that Hyper-V doesnt really support external hard drives (meaning they wouldn't show up when plugged in - and couldnt find a way to 'Mount' an external drive in the Virtual Instance so it showed up as the F:\ drive for instance.)

My thoughts were to install the Symantec encryption product within the Win 7 instance, then apply the encryption on the 2 externals drives that way....seemed to be a pretty slick (albeit an overly complicated) approach - but again, once I found out that external drives dont show up in the Virtual Win 7 instance - that approach came to a screeching halt.

Any thoughts on how to do this in an affordable / practical fashion?
0
Comment
Question by:teks14
  • 4
  • 4
  • 3
11 Comments
 
LVL 84

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 664 total points
ID: 39778182
Bitlocker and Truecrypt come immediately to mind
0
 
LVL 57

Assisted Solution

by:McKnife
McKnife earned 1336 total points
ID: 39780272
Yes, Bitlocker is even built-in.
Before you proceed, please take a minute to think about this:
Encrypted drives need someone to enter the key before they can be used - is that possible at your server or would that need to be automated? Also think of the danger of restarts (scheduled updates and BSODs) at night when no one is around - automation needed - or?
0
 

Author Comment

by:teks14
ID: 39787341
re: McKnife

That is exactly why I'm perplexed - because if I encrypt the external drive, and it is being used as the drive that the nightly backups are written to - is the backup going to fail every night because it could not write the backup file to the external 'encrypted' hard drive?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 39787489
once the drive is mounted it will stay mounted until the computer is reset, you can have the drives automount (bitlocker using tpm) or truecrypt
0
 

Author Comment

by:teks14
ID: 39787536
re: David Johnson, CD, MVP - so encrypt the external drive, mount it - it will now act as a normal drive (albeit an encrypted one) and the backups should write to the external as normal - when the system (that the drive is connected to) reboots - I will be prompted to authenticate, or satisfy the passphrase or key for the encrypted drive (until it is rebooted again) - does that sound about right?
0
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 39787547
Sounds right.. though you can configure the drives to auto-mount on boot
0
 

Author Comment

by:teks14
ID: 39787556
Yeah I do see the Auto-mount feature in the Truecrypt that you mentioned earlier - I can see that coming in handy.

So if I were to take the external drive offsite to update some of the files that resided on the encrypted external drive, what would I face when attempting to:

1.) Connect the External drive to a different PC
2.) open / update the file

I'm assuming that I would just be prompted for the encryption key in each of the above mentioned scenarios?
0
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 39787584
correct you will need the encryption keys
0
 
LVL 57

Accepted Solution

by:
McKnife earned 1336 total points
ID: 39787738
Auto-mounting is defeating security of course. It should only be used in some use cases.
It would be better here to have a second computer that is physically secured and serves the encryption key via Network - this is what we do with our servers.
The "key server" ("KS") is in a secured room, the encrypted servers (ES) are not. The ES have encrypted data partitions that mount by reading a keyfile from a share of the KS. Afterwards, their services that use data from that partition are started by a script.
Truycrypt and disk cryptor both offer this, while Bitlocker just started to offer this with server 2012 (called "netunlock").
0
 

Author Closing Comment

by:teks14
ID: 39931407
While I setup TrueCrypt and tested FIRST, ultimately I noticed that the External HD's had built-in data backup encryption - so I wound up using that
0
 
LVL 57

Expert Comment

by:McKnife
ID: 39931421
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The question appears often enough, how do I transfer my data from my old server to the new server while preserving file shares, share permissions, and NTFS permisions.  Here are my tips for handling such a transfer.
Is your phone running out of space to hold pictures?  This article will show you quick tips on how to solve this problem.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question