Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 452
  • Last Modified:

Data Encryption on External Drives

Hello - Need to find an affordable / practical solution to encrypt data on external drives that may be plugged into a Win 2008 Server.

Symantec offers a product called 'Drive Encryption' but to run it on a SERVER it costs $2500 (as opposed to the DESKTOP version of 'Drive Encryption' which is $110 per desktop.)

So having to buy the SERVER version seems like overkill, as I do NOT want to encrypt the server Hard Drives at all - just the 2 external Hard drives that are plugged into the Server....

Since the DESKTOP version of that software seemed more like the way to go, I actually went to the extent (on my test 2008 server) to spin up a Windows 7 instance within Hyper-V on my 2008 Test Server - only to find that Hyper-V doesnt really support external hard drives (meaning they wouldn't show up when plugged in - and couldnt find a way to 'Mount' an external drive in the Virtual Instance so it showed up as the F:\ drive for instance.)

My thoughts were to install the Symantec encryption product within the Win 7 instance, then apply the encryption on the 2 externals drives that way....seemed to be a pretty slick (albeit an overly complicated) approach - but again, once I found out that external drives dont show up in the Virtual Win 7 instance - that approach came to a screeching halt.

Any thoughts on how to do this in an affordable / practical fashion?
0
teks14
Asked:
teks14
  • 4
  • 4
  • 3
3 Solutions
 
David Johnson, CD, MVPOwnerCommented:
Bitlocker and Truecrypt come immediately to mind
0
 
McKnifeCommented:
Yes, Bitlocker is even built-in.
Before you proceed, please take a minute to think about this:
Encrypted drives need someone to enter the key before they can be used - is that possible at your server or would that need to be automated? Also think of the danger of restarts (scheduled updates and BSODs) at night when no one is around - automation needed - or?
0
 
teks14Author Commented:
re: McKnife

That is exactly why I'm perplexed - because if I encrypt the external drive, and it is being used as the drive that the nightly backups are written to - is the backup going to fail every night because it could not write the backup file to the external 'encrypted' hard drive?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
David Johnson, CD, MVPOwnerCommented:
once the drive is mounted it will stay mounted until the computer is reset, you can have the drives automount (bitlocker using tpm) or truecrypt
0
 
teks14Author Commented:
re: David Johnson, CD, MVP - so encrypt the external drive, mount it - it will now act as a normal drive (albeit an encrypted one) and the backups should write to the external as normal - when the system (that the drive is connected to) reboots - I will be prompted to authenticate, or satisfy the passphrase or key for the encrypted drive (until it is rebooted again) - does that sound about right?
0
 
David Johnson, CD, MVPOwnerCommented:
Sounds right.. though you can configure the drives to auto-mount on boot
0
 
teks14Author Commented:
Yeah I do see the Auto-mount feature in the Truecrypt that you mentioned earlier - I can see that coming in handy.

So if I were to take the external drive offsite to update some of the files that resided on the encrypted external drive, what would I face when attempting to:

1.) Connect the External drive to a different PC
2.) open / update the file

I'm assuming that I would just be prompted for the encryption key in each of the above mentioned scenarios?
0
 
David Johnson, CD, MVPOwnerCommented:
correct you will need the encryption keys
0
 
McKnifeCommented:
Auto-mounting is defeating security of course. It should only be used in some use cases.
It would be better here to have a second computer that is physically secured and serves the encryption key via Network - this is what we do with our servers.
The "key server" ("KS") is in a secured room, the encrypted servers (ES) are not. The ES have encrypted data partitions that mount by reading a keyfile from a share of the KS. Afterwards, their services that use data from that partition are started by a script.
Truycrypt and disk cryptor both offer this, while Bitlocker just started to offer this with server 2012 (called "netunlock").
0
 
teks14Author Commented:
While I setup TrueCrypt and tested FIRST, ultimately I noticed that the External HD's had built-in data backup encryption - so I wound up using that
0
 
McKnifeCommented:
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now