1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Laptop encryption

Discussion in 'Computer Security' started by skulkerboyo, Mar 10, 2008.

  1. skulkerboyo

    skulkerboyo Megabyte Poster

    552
    19
    74
    Oweing to recent mishaps by other organisations and (apparently) pending legislation. My company wants to implement full disc encryption solutions for our 20+ laptop users.

    Not sure why I've been handed this one as we have a security guy:blink

    Looking at a few solutions and the same names keep coming up. Was wondering what you guys use and why also any pitfalls to look out for?
     
    Certifications: MCITP:SA, MCSA 03, MCSA 08, MCTS(680+648),A+,N+,ITILV3 Foundation, ITIL Intermediate: Operational Support and Analysis
    WIP: 70-417
  2. Ozzy2k7

    Ozzy2k7 Nibble Poster

    87
    0
    18
    I use whole drive encryption on my laptop, I'm not part of a business that needs it but I travel a fare bit.

    I use truecrypt, its free and the guys that do it seem to really know what they are doing. I haven't noticed any performance loss at all.

    The only thing with it is that you can't put the laptop into hibernation but I never use that anyway.

    http://www.truecrypt.org

    Cheers

    Ozzy
     
    WIP: A+ Network+
  3. skulkerboyo

    skulkerboyo Megabyte Poster

    552
    19
    74
    Truecrypt is indeed a good solution but for whole disc encryption doesnt support extended/logical partitions which we use here. I'm trying to find software that will encrypt the entire disc regardless of partition layout. We need the transistion to be seamless and to set up encrypted containers and migrate the data to them would take too much time.

    Until I found that out it was my first choice but at least I've found something I can use at home
     
    Certifications: MCITP:SA, MCSA 03, MCSA 08, MCTS(680+648),A+,N+,ITILV3 Foundation, ITIL Intermediate: Operational Support and Analysis
    WIP: 70-417
  4. GiddyG

    GiddyG Terabyte Poster Gold Member

    2,471
    42
    140
    Had a look at Becrypt?
     
  5. warrmr

    warrmr Byte Poster

    130
    4
    24
    The one we use at work for the wireless laptops in guardian Angel, and on the other contract i worked on they used, Safeguard Easy


    they both work very well. i dont know how easy it is to break the encription( thats why we have penn testers im just a support analyst)

    the easyest one to support is Guardian angel as if they forget there password you just have to ask them there username and last login date that is printed on the screen put it in a funky piece of software and it comes out wiht a 26 digit code the user needs to type in there laptop to reset the password

    where as SGE you need to tell them to press a button to get the password and leave the laptop as it is while you generate the codes

    both very simple but im 100% sure that accountants are alot stupider than the police when it comes to IT as the police "just know what to do " and get on with it and accountants winge when you tell them to press buttons and type long strings of numbers in to reset there passwords.
     
    Certifications: MCP 70-270, 70-290
    WIP: MCSA + Messaging, MCSE + Security
  6. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  7. NightWalker

    NightWalker Gigabyte Poster

    1,172
    25
    92
    We have just completed a roll out of SafeBoot to all the laptops at work, hundreds of them! For the same reasons as most organisations are implementing encryption on all mobile devices, we don’t want to end up on the nine o’clock news if a user ‘misplaces’ their laptop.
     
    Certifications: A+, Network+, MCP, MCSA:M 2003, ITIL v3 Foundation
  8. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    <Dons Mystic Meg outfit>
    This will be persued with enthusiasm until a senior director forgets his password....
    </>

    Harry (the cynic).
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  9. vlb

    vlb Byte Poster

    106
    0
    19
    hey

    i do it for a bank and they use a prog called Pointsec.

    you need to login to pointsec before the o/s loads, must be decent as they have used it for aslong as i can remember.
     
    Certifications: MCDST, MCP 70-294
    WIP: MCSE
  10. AJ

    AJ Administrator Administrator

    6,771
    102
    221
    posts merged from duplicate thread
     
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Looking at doing ..................
  11. skulkerboyo

    skulkerboyo Megabyte Poster

    552
    19
    74
    In the process of evaluating safeboot, pointsec and guardian edge. We need centralised management so these look up to it. I am veering towards safeboot though. Seems very solid

    First thing I looked at was EFS but its only file level. We want preboot authentication and total disc encryption

    Amen to the enthusiasm until a director forgets his password:biggrin

    Hey Nightwalker any feedback on safeboot. All I've heard is good stuff but wouldnt mind opening a channel of communication with someone that uses it as opposed to a salesman
     
    Certifications: MCITP:SA, MCSA 03, MCSA 08, MCTS(680+648),A+,N+,ITILV3 Foundation, ITIL Intermediate: Operational Support and Analysis
    WIP: 70-417
  12. NightWalker

    NightWalker Gigabyte Poster

    1,172
    25
    92
    Hey skulkerboyo. Safeboot is actually pretty good. It does complicate the administration a little, users have two lots of passwords to set and remember, their SafeBoot and their domain user account.

    Central administration from a server side application (not seen much of that end, the security admin chaps deal with that side of things). The client end is pretty tidy. Its written into the MBR so requires a valid user name and password before windows will boot, then again before you get the Ctrl + Alt + Del screen for windows logon. Once installed on a laptop it will work away in the background encrypting the hard drive, takes about an hour and a half to two hours we found, then they are good to go. The user can still work while its encrypting, the machine is a little sluggish but usable. Hardly any noticeable performance hit once its all installed and enabled. We run mostly HP 4200 and 4400 laptops. You have to overwrite the MBR if you re-ghost the laptop back to a default image, a small extra step.

    When they are on the network the current username/password information is synchronised with the server, this can be a bit slow. It depends how often the users are in the office and how often you make the users change the password as to whether this may pose any problems. Users forgetting passwords results in long strings of numbers having to be read out over the phone, but other than that, and considering how intrusive it is to the machine, its been pretty much set it and forget it.
     
    Certifications: A+, Network+, MCP, MCSA:M 2003, ITIL v3 Foundation
  13. skulkerboyo

    skulkerboyo Megabyte Poster

    552
    19
    74
    Sounds good. I like the fact that you can recover the passwords for the user. I have looked at some software that doesnt or that function is provided by their support-naff. Glad to hear about the lack of performance degradation.

    I might turn this thread into a rolling blog of the project. This technology is going to become more more commonplace/essential especially with so many endpoint devices being mobile these days.

    I've whittled my evaluation software down to 3: Safeboot,Guardianedge and Pointsec. Dont know a great deal about the latter and ruled out double figures worth of software prior to coming to this shortlist.

    Nothing to do now but wait for evaluation software:biggrin
     
    Certifications: MCITP:SA, MCSA 03, MCSA 08, MCTS(680+648),A+,N+,ITILV3 Foundation, ITIL Intermediate: Operational Support and Analysis
    WIP: 70-417
  14. skulkerboyo

    skulkerboyo Megabyte Poster

    552
    19
    74
    Have recieved my trials for Safeboot and Guardianedge.

    Bit surprised at the minimum requirements to run Gardianedge compared to Safeboot. S'ok though I'll get the intern (he's bloody good) to set me up a virtual server that meets the requirements (distant sound of whip cracking).

    Will start looking at them next week
     
    Certifications: MCITP:SA, MCSA 03, MCSA 08, MCTS(680+648),A+,N+,ITILV3 Foundation, ITIL Intermediate: Operational Support and Analysis
    WIP: 70-417

Share This Page

Loading...