+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 23
Windows 7 Thread, Hard disk encryption software in Technical; One of the recommendations from the audit was the staff using laptops running Windows 7 use the built-in encryption to ...
  1. #1
    kaphc's Avatar
    Join Date
    Sep 2009
    Location
    Derbyshire
    Posts
    574
    Thank Post
    152
    Thanked 73 Times in 63 Posts
    Rep Power
    73

    Hard disk encryption software

    One of the recommendations from the audit was the staff using laptops running Windows 7 use the built-in encryption to secure data on their hard drives.

    I've had a look and assume that the auditors were referring to Bitlocker. Unfortunately, this only seems to be available in Windows 7 Enterprise and Windows 7 Ultimate, and we are running Windows 7 Professional.

    Can anyone recommend any free third-party software that would do similar to Bitlocker? Ease of use for the end user if a high priority!

  2. #2

    rush_tech's Avatar
    Join Date
    Jul 2006
    Location
    Nottingham
    Posts
    1,407
    Thank Post
    111
    Thanked 265 Times in 201 Posts
    Rep Power
    194

  3. Thanks to rush_tech from:

    kaphc (26th June 2013)

  4. #3
    kaphc's Avatar
    Join Date
    Sep 2009
    Location
    Derbyshire
    Posts
    574
    Thank Post
    152
    Thanked 73 Times in 63 Posts
    Rep Power
    73
    That looks great and exactly the sort of thing that the auditors were on about. However, I can't see the school agreeing to use it because of the implications if a teacher forgets their password and the hard drive becomes permanently locked! I can see this school implementing a policy of never saving to the hard drive and only using encrypted USB storage for files instead.

  5. #4
    Guest

    Join Date
    Jun 2009
    Posts
    3,754
    Thank Post
    1,458
    Thanked 489 Times in 375 Posts
    Rep Power
    0
    +1 for TrueCrypt. Awesome piece of software! We use it on all of our external drives.

  6. #5
    kaphc's Avatar
    Join Date
    Sep 2009
    Location
    Derbyshire
    Posts
    574
    Thank Post
    152
    Thanked 73 Times in 63 Posts
    Rep Power
    73
    Am curious about the size of the school where this is implemented - I'm at a small primary school this morning with 7 classes, about 25 staff and therefore about 10 laptops this would apply to. Are we using a sledgehammer to crack a nut??!

  7. #6

    rush_tech's Avatar
    Join Date
    Jul 2006
    Location
    Nottingham
    Posts
    1,407
    Thank Post
    111
    Thanked 265 Times in 201 Posts
    Rep Power
    194
    Quote Originally Posted by kaphc View Post
    That looks great and exactly the sort of thing that the auditors were on about. However, I can't see the school agreeing to use it because of the implications if a teacher forgets their password and the hard drive becomes permanently locked! I can see this school implementing a policy of never saving to the hard drive and only using encrypted USB storage for files instead.
    When you encrypt the HDD you can make a recovery CD to recover the drive if the password is forgotten

  8. #7

    Join Date
    Nov 2006
    Location
    Redcar
    Posts
    62
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    16
    Quote Originally Posted by rush_tech View Post
    When you encrypt the HDD you can make a recovery CD to recover the drive if the password is forgotten
    I was under the impression the recovery CD is only used to unlock the encrypted drive in the event of hardware failure and needing to slave the drive to recover the data, but the password is still required?

  9. #8


    Join Date
    Jan 2012
    Posts
    2,491
    Thank Post
    891
    Thanked 336 Times in 257 Posts
    Rep Power
    190
    Quote Originally Posted by kaphc View Post
    about 10 laptops this would apply to. Are we using a sledgehammer to crack a nut??!
    I wouldn't say so. The device can be taken off-site and thus the data should be encrypted by law, as far as I'm aware. (Although realistically any device can be taken off-site, reasonable measures apply. Servers are kept behind locked doors, etc. Laptops are made to be portable, so encryption is a must if they're storing any school data)

    While I've never used TrueCrypt (as we have Enterprise here) the hundreds of +1's I've seen make it sound like a good choice. Also I know there are recovery options available for if the password is lost etc.
    Realistically you could order that the staff do not use passwords similar to their logon passwords and that they give you a copy of it which you would store in a secure location i.e. part of the network only you can get to.

  10. #9

    Join Date
    Jul 2007
    Location
    Lancs
    Posts
    387
    Thank Post
    45
    Thanked 21 Times in 19 Posts
    Rep Power
    18
    +1 Truecrypt. Works very well here, we set up true crypt on the laptops before they go out and record the password somewere secure as well as keeping a copy of the rescue disk. We are also a small school we have this on around 35 staff laptops.
    Last edited by LukeC; 26th June 2013 at 11:20 AM.

  11. #10

    Join Date
    Nov 2006
    Location
    Redcar
    Posts
    62
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    16
    Quote Originally Posted by rush_tech View Post
    When you encrypt the HDD you can make a recovery CD to recover the drive if the password is forgotten
    Just to clarify, an exceprt from the TruCrypt FAQ on the rescue disk:

    "Note that even if you lose your TrueCrypt Rescue Disk and an attacker finds it, he or she will not be able to decrypt the system partition or drive without the correct password."

    The rescue disk simply provides access to the boot loader for your encrypted volume, in case it becomes corrupted on the drive itself, the password is still required to gain access

  12. #11

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,486
    Thank Post
    1,570
    Thanked 459 Times in 300 Posts
    Rep Power
    212
    Keep copies of the passwords in the safe!

  13. #12

    Join Date
    Apr 2006
    Posts
    387
    Thank Post
    23
    Thanked 95 Times in 61 Posts
    Rep Power
    44
    Quote Originally Posted by cogrady84 View Post
    I was under the impression the recovery CD is only used to unlock the encrypted drive in the event of hardware failure and needing to slave the drive to recover the data, but the password is still required?
    You should do two things:

    1) make a record of the encryption password
    2) make a copy of the recovery disk

    . . and both of these should be stored centrally and securely, not by the user.

    You can use the recovery disk in the event that the TrueCrypt password gets changed and the user forgets the new password - you still need the password associated with the initial encryption run.

    When slaving the drive the easiest option is to have TrueCrypt installed on the PC, and then mount the slaved drive through it.

    Having encrypted USB sticks just gives you a different set of problems. If they forget the password, the data is still locked away.

    Though this is all academic as your users back up all their data, don't they ;-)

  14. #13

    Join Date
    Oct 2012
    Posts
    58
    Thank Post
    7
    Thanked 21 Times in 8 Posts
    Rep Power
    21
    We use Truecrypt on about 80 or so staff laptops. Passwords are unique but formulaic, and are stored centrally by IT, as are the recovery disk ISOs.

  15. #14


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,619
    Thank Post
    275
    Thanked 777 Times in 604 Posts
    Rep Power
    223
    When you build the laptop, you create the rescue disk .iso and you keep it and the password you use in a secure place.

    As part of the end-user setup, you reset the header password from within the Truecrypt GUI to a password the end-user chooses.

    That way you have a means of accessing the encrypted device independently of the end-user, should they forget their password / leave the school.

    ====

    In short, encrypt the laptops. If your end-users have to make a conscious decision on whether a document needs encrypting or not, you're doomed to failure. By encrypting the laptop, stuff is secure by default.

  16. #15

    Join Date
    Apr 2010
    Posts
    2,009
    Thank Post
    81
    Thanked 184 Times in 153 Posts
    Rep Power
    68
    Why not use a vpn and give staff access to the data on the server from home, that way they never need to carry school data on a laptop.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Hard disk Cloning software - Over PE 3.0
    By Dan_ATR in forum O/S Deployment
    Replies: 7
    Last Post: 11th December 2013, 01:07 PM
  2. Replies: 15
    Last Post: 18th September 2009, 05:09 PM
  3. Help laptop hard disk failure!!!
    By mullet_man in forum Windows
    Replies: 21
    Last Post: 31st January 2008, 01:56 PM
  4. Linux install from hard disk
    By Ric_ in forum *nix
    Replies: 9
    Last Post: 15th December 2005, 11:10 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •