Whole drive encryption options
themagicone
Member Posts: 674
in Off-Topic
I've been working with a customer that is part of a financial company, more or less a outside consultant, so they don't get the support from the main company but are required to follow guidelines. One of those is to have hard drives on their computers encrypted. Does anyone have any recommendations on a good solution to this? I don't like bit-locker that comes with windows and someone recommended to me tru-crypt. But that program seemed really over complicated. Just basically need something that asks for a password before the computer boots. Thanks in advance.
Courses Completed at WGU: JIT2, LYT2, TFT2, SJT2, BFC2, TGT2, FXT2
Courses Required For Me To Graduate WGU in MS: IT Network Managment: MCT2, LZT2, MBT1, MDT2, MNT2
CU Done this term: 16 Total CU Done: 19
Currently working on: Nothing Graduation Goal: 5/2013
Courses Required For Me To Graduate WGU in MS: IT Network Managment: MCT2, LZT2, MBT1, MDT2, MNT2
CU Done this term: 16 Total CU Done: 19
Currently working on: Nothing Graduation Goal: 5/2013
Comments
-
echo465 Banned Posts: 115themagicone wrote: »I've been working with a customer that is part of a financial company, more or less a outside consultant, so they don't get the support from the main company but are required to follow guidelines. One of those is to have hard drives on their computers encrypted. Does anyone have any recommendations on a good solution to this? I don't like bit-locker that comes with windows and someone recommended to me tru-crypt. But that program seemed really over complicated. Just basically need something that asks for a password before the computer boots. Thanks in advance.
-
leefdaddy Member Posts: 405PGP Whole Disk Encryption
Recently bought out by Symantec. Truecrypt works fine as well though.Dustin Leefers -
mikemc90 Member Posts: 15 ■□□□□□□□□□I use TrueCrypt works great. I set it up on 20+ computers works great.BS Information Systems Security
Currently working on MS Information Security and Assurance -
JDMurray Admin Posts: 13,078 AdminI've used TrueCrypt for years and only lost the contents of one hard drive due to an unrepairable bad sector and no backup.
Many very large corporations have disk encryption as mandatory on all desktop and mobile devices. All BlackBerry's support password-protected AES-256 encryption on their contents. -
kriscamaro68 Member Posts: 1,186 ■■■■■■■□□□themagicone wrote: »I've been working with a customer that is part of a financial company, more or less a outside consultant, so they don't get the support from the main company but are required to follow guidelines. One of those is to have hard drives on their computers encrypted. Does anyone have any recommendations on a good solution to this? I don't like bit-locker that comes with windows and someone recommended to me tru-crypt. But that program seemed really over complicated. Just basically need something that asks for a password before the computer boots. Thanks in advance.
I know you said you dont like bitlocker but it works great for us. It also has the option to have recovery keys stored in AD incase someone changes something and you need in to the drive.it has just what you are asking for as far as a pin at startup. We have had a very good experience with it for awhile now. -
SubnetZero Member Posts: 124We are using SOPHOS which gives you the ability to have centralized management and control (great for a corporate environment).
Disk Encryption Software, Prevent Data Loss (DLP) and Breaches | Sophos
One thing we noticed recently when deploying this to Solid State's was serious performance degradation. We tested a Dell OptiPlex 790 which had disk I/O about 500 Mbps and after SOPHOS encryption it dropped down to about 100 Mbps. Applying a SOPHOS hotfix increased the disk I/O to 250 Mbps which isn't great, but it helped.
In other words, it's a give and a take but needed in certain cases.
HTH
While no trees were harmed in the transmission of this message, several electrons were severely inconvenienced :cool: -
ptilsen Member Posts: 2,835 ■■■■■■■■■■I've used TrueCrypt quite a bit and I prefer it, but I've seen successful BitLocker deployments.
-
echo465 Banned Posts: 115...Recently bought out by Symantec...
-
veritas_libertas Member Posts: 5,746 ■■■■■■■■■■Stay away from Check Point FDE. I manage it at work and I have very few good things to say about it.
-
themagicone Member Posts: 674Thanks for the advice. I might just have to play around with tru-crypt some more. But I like the idea of a centralized solution. This is the same location I asked about the best solution for running the xp box with the new one. They went from 5 pcs to 9 since we run both boxes now. They also have 4-5 laptops? If I could it would be nice to remove the current software on the old boxes and laptops and go with something that is managed via the domain. Sophos looks good, need to find pricing...Courses Completed at WGU: JIT2, LYT2, TFT2, SJT2, BFC2, TGT2, FXT2
Courses Required For Me To Graduate WGU in MS: IT Network Managment: MCT2, LZT2, MBT1, MDT2, MNT2
CU Done this term: 16 Total CU Done: 19
Currently working on: Nothing Graduation Goal: 5/2013 -
CodeBlox Member Posts: 1,363 ■■■■□□□□□□Here at work we use Guardian Edge on every computer... Creates enough problems of it's own too.Currently reading: Network Warrior, Unix Network Programming by Richard Stevens
-
J_86 Member Posts: 262 ■■□□□□□□□□We use PGP and use whole disk encryption on all of our laptops. If you are looking for something centralized I would recommend it. It syncs with domain passwords so users are using the same password. If they forget their password you can easily generate a token to access the computer. It can be a little pricey though and requires a server.
TrueCrypt is great, but not for business use. Who are you going to call for support if something goes wrong? If the user forgets the password, you will have to decrypt the drive with the CD (one for each computer you encrpyt) and depending on the drive, this could take hours even days. -
SteveLord Member Posts: 1,717We use PGP and use whole disk encryption on all of our laptops. If you are looking for something centralized I would recommend it. It syncs with domain passwords so users are using the same password. If they forget their password you can easily generate a token to access the computer. It can be a little pricey though and requires a server.
TrueCrypt is great, but not for business use. Who are you going to call for support if something goes wrong? If the user forgets the password, you will have to decrypt the drive with the CD (one for each computer you encrpyt) and depending on the drive, this could take hours even days.
Centralized Management + Support or go home.
Our state uses Winmagic SecureDoc. Not a fan of it. One of my headaches that I am responsible for. But the tech support people REALLY know their stuff.
We are going to be evaluating McAfee's solution with the hopes of switching over before Winmagic is mandated. We've pissed away too many hours of our time trying to get into an encrypted laptop or having to re-image them because something went wrong.WGU B.S.IT - 9/1/2015 >>> ???