+ Post New Thread
Results 1 to 13 of 13
Windows Server 2000/2003 Thread, Encrypting Server 2003 with Truecrypt on a CC3 network in Technical; Hi, Has anyone actually used Truecrypt to encrypt their MS Windows 2003 servers running CC3? If so: Did you have ...
  1. #1

    Join Date
    May 2010
    Location
    Northamptonish
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Post Encrypting Server 2003 with Truecrypt on a CC3 network

    Hi,

    Has anyone actually used Truecrypt to encrypt their MS Windows 2003 servers running CC3?

    If so:
    • Did you have any issues, or in hindsight - steps to be taken before encryption took place (excluding making backups)?
    • Was there any slowdowns greater than say, 5 - 10% in performance?
    • What effect (if any) has/could happen if the RAID failed ie; a single HDD failure?
    • Restoring data - if the server has to be built from ground up - any known issues?


    I appreciate your help and contributions..

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,323
    Thank Post
    903
    Thanked 1,801 Times in 1,550 Posts
    Blog Entries
    12
    Rep Power
    467
    Are you talking about encrypting the system drive? So you are asked for a boot password?
    The only problem i can see is that you can't reboot the server remotely. You will have to be physically in front of the server for it to boot.
    You will also have problems if you need to repair windows in the command line.

  3. #3

    Join Date
    May 2010
    Location
    Northamptonish
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hi & thank you for replying..

    I'd like to encrypt the system drive, the other partitions and their extended partitions etc (the whole lot) if possible.

    I agree about the remote booting/password problem any suggestions? - maybe its worth just encrypting the data drives and not the system drive?

  4. #4
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,497
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    76
    As FN-GM says, you wouldn't be able to remotely reboot the server, and we have found ours to play much nicer if it has a weekly reboot.

    Can I ask why you're thinking of encrypting the server though? Once you have booted it, it is in effect, UNencrypted, so an encrypted server won't help security on pen drives etc, it will only benefit if your server is stolen.

  5. #5

    Join Date
    May 2010
    Location
    Northamptonish
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    well, if the server is stolen then it would need that encryption/security in place - that's the idea, the question is has anyone actually used Truecrypt (version 6.3a?) with partitions and their extended partitions and if so was it successful and were there any pitfalls etc?

    But I take your point about the server being logged in and in an "un-encrypted" state, but primarily if the server is taken then the data is useless to the baddies. This goes for the Admin / MIS server too.

    I guess the next question after this is by using BackupExec 11.d, how or are the backup tapes encrypted for removal to an off site area!?

  6. #6
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,497
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    76
    Quote Originally Posted by Krunched View Post
    I guess the next question after this is by using BackupExec 11.d, how or are the backup tapes encrypted for removal to an off site area!?
    At the time of backup, the files would be unencrypted, therefore so would the backup. We use a Truecrypt-type program on our removable disk-based backup, and I know our backup program creates a password-protected zip file which should work on a tape-based backup (note it does require twice as much free space in order to do this).

  7. #7


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,646
    Thank Post
    251
    Thanked 2,914 Times in 2,145 Posts
    Rep Power
    830
    Quote Originally Posted by Krunched View Post
    Was there any slowdowns greater than say, 5 - 10% in performance?
    According to this article, the performance hit is quite big (around 30%) when using BitLocker and processors which do not support AES-NI. TrueCrypt will probably be similar if you use AES.

    Quote Originally Posted by Krunched View Post
    What effect (if any) has/could happen if the RAID failed i.e; a single HDD failure?
    This depends on the RAID level used and would be no different than if you had unencrypted disks.

  8. #8

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,323
    Thank Post
    903
    Thanked 1,801 Times in 1,550 Posts
    Blog Entries
    12
    Rep Power
    467
    Quote Originally Posted by Krunched
    I guess the next question after this is by using BackupExec 11.d, how or are the backup tapes encrypted for removal to an off site area!?
    By default tapes will not be encrypted, but you can enable it so backs are Encrypted. Here are some links to help

    Backup Exec 11d Best practices Guide: Software Encryption
    How to create, replace or delete an Encryption Key in Backup Exec 11d ?

  9. #9

    Join Date
    May 2010
    Location
    Northamptonish
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thank you for your replies, I'll look into the links and come back to this.

    So, quick recap:

    Truecrypt installed on server 2003:
    Can be installed but not necessary to encrypt server as it could be a slowdown in performance.
    Can be installed but not necessary to encrypt server if its in a locked room.
    Can be installed but could go on to server even if it has RAID (5).
    No one replied (yet!) if they have actually installed Truecrypt.

    Backup tapes (using Backupexec):
    Should be backed up and encrypted.
    Could/can double the space used on tape.

    Thank you for your guidance..

  10. #10

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,323
    Thank Post
    903
    Thanked 1,801 Times in 1,550 Posts
    Blog Entries
    12
    Rep Power
    467
    Can be installed but not necessary to encrypt server if its in a locked room.
    Hmm they can always get through that. On our Server 2008 servers we use bit locker.

  11. #11

    Join Date
    May 2010
    Location
    Northamptonish
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    No one replied (yet!) if they have actually installed Truecrypt.
    I appreciate your help, maybe we can get Server 2008 next year.

  12. #12
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,497
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    76
    Let me clarify what I said about doubling the space - I didn't mean that a 10GB backup would become 20GB, what I meant was that the backup would still be 10GB but you might need 20GB to create it. When BackupAssist does this, it creates the regular backup file, then creates an encrypted copy and then deletes the original, so the end result is the same size, but it needs double the space as a working area.

    I haven't installed TrueCrypt, but I am using a product called Cryptainer, which works in the exact same way, i.e. create a separate encrypted container folder, mount as a new drive letter and then back up to it. Only reason I paid for that was because I didn't know about TrueCrypt at the time.

  13. #13

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    4,017
    Thank Post
    1,253
    Thanked 1,099 Times in 781 Posts
    Rep Power
    337
    @Krunched:

    Have installed TrueCrypt on CC3 but only to create a container for the SLT to use via a shortcut from their program sets. It works really well for document storage but for taking stuff off site we use this:

    Free Encryption Software - Password Protect Files and Lock Folders

    The free version works very well have given it out to the staff via FTP link and networked it also and created shortcut for the staff to use with their USB pendrives, Just works a treat.



SHARE:
+ Post New Thread

Similar Threads

  1. Network drive issue on Server 2003
    By Rawns in forum Windows Server 2000/2003
    Replies: 10
    Last Post: 28th March 2011, 05:00 PM
  2. Windows 2003 RM CC3 Server Hang
    By brahma in forum Windows Server 2000/2003
    Replies: 5
    Last Post: 26th January 2010, 10:30 AM
  3. Exchange 2003 to 2007 in a CC3 network
    By LorenzosEar in forum Windows Server 2008
    Replies: 6
    Last Post: 24th March 2009, 03:47 PM
  4. CC3 Server 2003 to Server 2008
    By LorenzosEar in forum Windows Server 2008
    Replies: 2
    Last Post: 13th February 2009, 10:38 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •