One of the recommendations from the audit was the staff using laptops running Windows 7 use the built-in encryption to secure data on their hard drives.
I've had a look and assume that the auditors were referring to Bitlocker. Unfortunately, this only seems to be available in Windows 7 Enterprise and Windows 7 Ultimate, and we are running Windows 7 Professional.
Can anyone recommend any free third-party software that would do similar to Bitlocker? Ease of use for the end user if a high priority!
kaphc (26th June 2013)
That looks great and exactly the sort of thing that the auditors were on about. However, I can't see the school agreeing to use it because of the implications if a teacher forgets their password and the hard drive becomes permanently locked! I can see this school implementing a policy of never saving to the hard drive and only using encrypted USB storage for files instead.
+1 for TrueCrypt. Awesome piece of software! We use it on all of our external drives.
Am curious about the size of the school where this is implemented - I'm at a small primary school this morning with 7 classes, about 25 staff and therefore about 10 laptops this would apply to. Are we using a sledgehammer to crack a nut??!
While I've never used TrueCrypt (as we have Enterprise here) the hundreds of +1's I've seen make it sound like a good choice. Also I know there are recovery options available for if the password is lost etc.
Realistically you could order that the staff do not use passwords similar to their logon passwords and that they give you a copy of it which you would store in a secure location i.e. part of the network only you can get to.
+1 Truecrypt. Works very well here, we set up true crypt on the laptops before they go out and record the password somewere secure as well as keeping a copy of the rescue disk. We are also a small school we have this on around 35 staff laptops.
Last edited by LukeC; 26th June 2013 at 12:20 PM.
"Note that even if you lose your TrueCrypt Rescue Disk and an attacker finds it, he or she will not be able to decrypt the system partition or drive without the correct password."
The rescue disk simply provides access to the boot loader for your encrypted volume, in case it becomes corrupted on the drive itself, the password is still required to gain access
Keep copies of the passwords in the safe!
1) make a record of the encryption password
2) make a copy of the recovery disk
. . and both of these should be stored centrally and securely, not by the user.
You can use the recovery disk in the event that the TrueCrypt password gets changed and the user forgets the new password - you still need the password associated with the initial encryption run.
When slaving the drive the easiest option is to have TrueCrypt installed on the PC, and then mount the slaved drive through it.
Having encrypted USB sticks just gives you a different set of problems. If they forget the password, the data is still locked away.
Though this is all academic as your users back up all their data, don't they ;-)
We use Truecrypt on about 80 or so staff laptops. Passwords are unique but formulaic, and are stored centrally by IT, as are the recovery disk ISOs.
When you build the laptop, you create the rescue disk .iso and you keep it and the password you use in a secure place.
As part of the end-user setup, you reset the header password from within the Truecrypt GUI to a password the end-user chooses.
That way you have a means of accessing the encrypted device independently of the end-user, should they forget their password / leave the school.
In short, encrypt the laptops. If your end-users have to make a conscious decision on whether a document needs encrypting or not, you're doomed to failure. By encrypting the laptop, stuff is secure by default.
Why not use a vpn and give staff access to the data on the server from home, that way they never need to carry school data on a laptop.
There are currently 1 users browsing this thread. (0 members and 1 guests)