Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 454
  • Last Modified:

Data Encryption on External Drives

Hello - Need to find an affordable / practical solution to encrypt data on external drives that may be plugged into a Win 2008 Server.

Symantec offers a product called 'Drive Encryption' but to run it on a SERVER it costs $2500 (as opposed to the DESKTOP version of 'Drive Encryption' which is $110 per desktop.)

So having to buy the SERVER version seems like overkill, as I do NOT want to encrypt the server Hard Drives at all - just the 2 external Hard drives that are plugged into the Server....

Since the DESKTOP version of that software seemed more like the way to go, I actually went to the extent (on my test 2008 server) to spin up a Windows 7 instance within Hyper-V on my 2008 Test Server - only to find that Hyper-V doesnt really support external hard drives (meaning they wouldn't show up when plugged in - and couldnt find a way to 'Mount' an external drive in the Virtual Instance so it showed up as the F:\ drive for instance.)

My thoughts were to install the Symantec encryption product within the Win 7 instance, then apply the encryption on the 2 externals drives that way....seemed to be a pretty slick (albeit an overly complicated) approach - but again, once I found out that external drives dont show up in the Virtual Win 7 instance - that approach came to a screeching halt.

Any thoughts on how to do this in an affordable / practical fashion?
0
teks14
Asked:
teks14
  • 4
  • 4
  • 3
3 Solutions
 
David Johnson, CD, MVPOwnerCommented:
Bitlocker and Truecrypt come immediately to mind
0
 
McKnifeCommented:
Yes, Bitlocker is even built-in.
Before you proceed, please take a minute to think about this:
Encrypted drives need someone to enter the key before they can be used - is that possible at your server or would that need to be automated? Also think of the danger of restarts (scheduled updates and BSODs) at night when no one is around - automation needed - or?
0
 
teks14Author Commented:
re: McKnife

That is exactly why I'm perplexed - because if I encrypt the external drive, and it is being used as the drive that the nightly backups are written to - is the backup going to fail every night because it could not write the backup file to the external 'encrypted' hard drive?
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
David Johnson, CD, MVPOwnerCommented:
once the drive is mounted it will stay mounted until the computer is reset, you can have the drives automount (bitlocker using tpm) or truecrypt
0
 
teks14Author Commented:
re: David Johnson, CD, MVP - so encrypt the external drive, mount it - it will now act as a normal drive (albeit an encrypted one) and the backups should write to the external as normal - when the system (that the drive is connected to) reboots - I will be prompted to authenticate, or satisfy the passphrase or key for the encrypted drive (until it is rebooted again) - does that sound about right?
0
 
David Johnson, CD, MVPOwnerCommented:
Sounds right.. though you can configure the drives to auto-mount on boot
0
 
teks14Author Commented:
Yeah I do see the Auto-mount feature in the Truecrypt that you mentioned earlier - I can see that coming in handy.

So if I were to take the external drive offsite to update some of the files that resided on the encrypted external drive, what would I face when attempting to:

1.) Connect the External drive to a different PC
2.) open / update the file

I'm assuming that I would just be prompted for the encryption key in each of the above mentioned scenarios?
0
 
David Johnson, CD, MVPOwnerCommented:
correct you will need the encryption keys
0
 
McKnifeCommented:
Auto-mounting is defeating security of course. It should only be used in some use cases.
It would be better here to have a second computer that is physically secured and serves the encryption key via Network - this is what we do with our servers.
The "key server" ("KS") is in a secured room, the encrypted servers (ES) are not. The ES have encrypted data partitions that mount by reading a keyfile from a share of the KS. Afterwards, their services that use data from that partition are started by a script.
Truycrypt and disk cryptor both offer this, while Bitlocker just started to offer this with server 2012 (called "netunlock").
0
 
teks14Author Commented:
While I setup TrueCrypt and tested FIRST, ultimately I noticed that the External HD's had built-in data backup encryption - so I wound up using that
0
 
McKnifeCommented:
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

  • 4
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now