Whole drive encryption options

themagicone

I've been working with a customer that is part of a financial company, more or less a outside consultant, so they don't get the support from the main company but are required to follow guidelines. One of those is to have hard drives on their computers encrypted. Does anyone have any recommendations on a good solution to this? I don't like bit-locker that comes with windows and someone recommended to me tru-crypt. But that program seemed really over complicated. Just basically need something that asks for a password before the computer boots. Thanks in advance.

echo465

themagicone wrote: »

I've been working with a customer that is part of a financial company, more or less a outside consultant, so they don't get the support from the main company but are required to follow guidelines. One of those is to have hard drives on their computers encrypted. Does anyone have any recommendations on a good solution to this? I don't like bit-locker that comes with windows and someone recommended to me tru-crypt. But that program seemed really over complicated. Just basically need something that asks for a password before the computer boots. Thanks in advance.

I use truecrypt on my work laptop. It's not really that complex to set up the basics. Or if you only need an encrypted data partition, you can do that too. TrueCrypt - Free Open-Source Disk Encryption - Documentation - Tutorial

leefdaddy

PGP Whole Disk Encryption

Recently bought out by Symantec. Truecrypt works fine as well though.

mikemc90

I use TrueCrypt works great. I set it up on 20+ computers works great.

JDMurray

I've used TrueCrypt for years and only lost the contents of one hard drive due to an unrepairable bad sector and no backup.

Many very large corporations have disk encryption as mandatory on all desktop and mobile devices. All BlackBerry's support password-protected AES-256 encryption on their contents.

kriscamaro68

themagicone wrote: »

I've been working with a customer that is part of a financial company, more or less a outside consultant, so they don't get the support from the main company but are required to follow guidelines. One of those is to have hard drives on their computers encrypted. Does anyone have any recommendations on a good solution to this? I don't like bit-locker that comes with windows and someone recommended to me tru-crypt. But that program seemed really over complicated. Just basically need something that asks for a password before the computer boots. Thanks in advance.

I know you said you dont like bitlocker but it works great for us. It also has the option to have recovery keys stored in AD incase someone changes something and you need in to the drive.it has just what you are asking for as far as a pin at startup. We have had a very good experience with it for awhile now.

SubnetZero

We are using SOPHOS which gives you the ability to have centralized management and control (great for a corporate environment).

Disk Encryption Software, Prevent Data Loss (DLP) and Breaches | Sophos

One thing we noticed recently when deploying this to Solid State's was serious performance degradation. We tested a Dell OptiPlex 790 which had disk I/O about 500 Mbps and after SOPHOS encryption it dropped down to about 100 Mbps. Applying a SOPHOS hotfix increased the disk I/O to 250 Mbps which isn't great, but it helped.

In other words, it's a give and a take but needed in certain cases.

HTH

ptilsen

I've used TrueCrypt quite a bit and I prefer it, but I've seen successful BitLocker deployments.

echo465

leefdaddy wrote: »

...Recently bought out by Symantec...

Have they had time to **** it up yet, or are they still working on that?

veritas_libertas

Stay away from Check Point FDE. I manage it at work and I have very few good things to say about it.

themagicone

Thanks for the advice. I might just have to play around with tru-crypt some more. But I like the idea of a centralized solution. This is the same location I asked about the best solution for running the xp box with the new one. They went from 5 pcs to 9 since we run both boxes now. They also have 4-5 laptops? If I could it would be nice to remove the current software on the old boxes and laptops and go with something that is managed via the domain. Sophos looks good, need to find pricing...

CodeBlox

Here at work we use Guardian Edge on every computer... Creates enough problems of it's own too.

J_86

We use PGP and use whole disk encryption on all of our laptops. If you are looking for something centralized I would recommend it. It syncs with domain passwords so users are using the same password. If they forget their password you can easily generate a token to access the computer. It can be a little pricey though and requires a server.
TrueCrypt is great, but not for business use. Who are you going to call for support if something goes wrong? If the user forgets the password, you will have to decrypt the drive with the CD (one for each computer you encrpyt) and depending on the drive, this could take hours even days.

SteveLord

J_86 wrote: »

We use PGP and use whole disk encryption on all of our laptops. If you are looking for something centralized I would recommend it. It syncs with domain passwords so users are using the same password. If they forget their password you can easily generate a token to access the computer. It can be a little pricey though and requires a server.
TrueCrypt is great, but not for business use. Who are you going to call for support if something goes wrong? If the user forgets the password, you will have to decrypt the drive with the CD (one for each computer you encrpyt) and depending on the drive, this could take hours even days.

Centralized Management + Support or go home.

Our state uses Winmagic SecureDoc. Not a fan of it. One of my headaches that I am responsible for. But the tech support people REALLY know their stuff.

We are going to be evaluating McAfee's solution with the hopes of switching over before Winmagic is mandated. We've pissed away too many hours of our time trying to get into an encrypted laptop or having to re-image them because something went wrong.