+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 23
Windows Thread, USB Encryption in Technical; We are looking into the possibility of providing staff with encrypted USB sticks as its been a long term concern ...
  1. #1
    AngryITGuy's Avatar
    Join Date
    Oct 2007
    Location
    County Durham
    Posts
    312
    Thank Post
    54
    Thanked 73 Times in 44 Posts
    Rep Power
    30

    USB Encryption

    We are looking into the possibility of providing staff with encrypted USB sticks as its been a long term concern of mine and it looks like I have managed to convince the SLT to back the idea.

    I have tested and currently use TrueCrypt myself, althought it will be a pain to setup initially its free which is a bonus.

    I'm also looking at the posibility of just providing staff with ready encrypted drives such as the Integral Crypto Drive. I got one to test and I can't get the bloody thing to work on any domain workstation or laptop.

    No such issue with non domain machines, error meessage tells me I'm not a privileged user on the machine even though I log with domain admin privileges.

    Anyone else had this issue or know what could be causing this?
    Attached Images Attached Images

  2. #2

    Join Date
    Jun 2010
    Posts
    198
    Thank Post
    9
    Thanked 25 Times in 24 Posts
    Rep Power
    21
    I can guarantee your teachers will just pull the USB sticks out without dismounting the file first lol....

  3. #3
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,488
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    75
    My view was that hardware encrypted drives take too long to access - the quickest I got was 9 seconds, more than that on older machines - and I just don't think teachers would tolerate that.

    We've gone for TrueCrypt containers on their pen drives, as this is free, allows them to use their chosen drive and means they only need to have any faffing around if they actually want to store something securely (which 9 times out of 10, they don't anyway). This isn't technically the best solution, but I think it is the one most likely to work, and is therefore the most secure in my view.

  4. #4
    AngryITGuy's Avatar
    Join Date
    Oct 2007
    Location
    County Durham
    Posts
    312
    Thank Post
    54
    Thanked 73 Times in 44 Posts
    Rep Power
    30
    Quote Originally Posted by enjay View Post
    My view was that hardware encrypted drives take too long to access - the quickest I got was 9 seconds, more than that on older machines - and I just don't think teachers would tolerate that.

    We've gone for TrueCrypt containers on their pen drives, as this is free, allows them to use their chosen drive and means they only need to have any faffing around if they actually want to store something securely (which 9 times out of 10, they don't anyway). This isn't technically the best solution, but I think it is the one most likely to work, and is therefore the most secure in my view.
    Can't say I've noticed much difference in performance when using the pre encrypted pen but then again it wasn't like I was saving huge files to it.

    I'm more interested in tryning to find out why I can't get the bloody thing to work on a domain machine!!

    TrueCrypt in Traveller Mode with encrypted USB pens does seem like the best way forward, can't say I am looking forward to setting up all those USB pens though!

  5. #5
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,488
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    75
    I didn't mean a delay when saving stuff, I meant a delay in between plugging it in and actually being able to open a file off it.

  6. #6
    robk's Avatar
    Join Date
    Nov 2005
    Location
    Ashbourne
    Posts
    753
    Thank Post
    173
    Thanked 130 Times in 109 Posts
    Blog Entries
    1
    Rep Power
    48
    Quote Originally Posted by AngryITGuy View Post
    We are looking into the possibility of providing staff with encrypted USB sticks as its been a long term concern of mine and it looks like I have managed to convince the SLT to back the idea.

    I have tested and currently use TrueCrypt myself, althought it will be a pain to setup initially its free which is a bonus.

    I'm also looking at the posibility of just providing staff with ready encrypted drives such as the Integral Crypto Drive. I got one to test and I can't get the bloody thing to work on any domain workstation or laptop.

    No such issue with non domain machines, error meessage tells me I'm not a privileged user on the machine even though I log with domain admin privileges.

    Anyone else had this issue or know what could be causing this?
    I contacted Intergral Support over this, they tell me its down to an old version of their software. Replaced the stick with a new one, problem disappeared.

    Is it a old stick you are testing with?

  7. #7
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,488
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    75
    Quote Originally Posted by AngryITGuy View Post
    TrueCrypt in Traveller Mode with encrypted USB pens does seem like the best way forward, can't say I am looking forward to setting up all those USB pens though!
    How about creating a 500MB container with a default password, then copying that onto all the pen drives? It would obviously be less secure than having individual passwords, but not massively so, since the main "threat" we're trying to protect against is outsiders who find the drive lying around, not other teachers anyway.

  8. #8
    joe90bass's Avatar
    Join Date
    Oct 2007
    Location
    S Wales
    Posts
    1,349
    Thank Post
    322
    Thanked 107 Times in 96 Posts
    Rep Power
    50
    Quote Originally Posted by enjay View Post

    We've gone for TrueCrypt containers on their pen drives, as this is free, allows them to use their chosen drive and means they only need to have any faffing around if they actually want to store something securely (which 9 times out of 10, they don't anyway). This isn't technically the best solution, but I think it is the one most likely to work, and is therefore the most secure in my view.
    This is the route I'm planning on going. Backed up with a good policy in the staff handbook, and some INSET training from me! The key message being if staff lose a memory stick/USB drive and the personal data is in the encrypted part they're in teh clear. If they lose it, and personal data is not encrypted they face the consequences!

  9. #9
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,488
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    75
    @joe90bass - Exactly. Let's be honest, we can't actually stop staff connecting personally-owned non-encrypted drives anyway, so at the end of the day, it all comes down to trusting the staff to adhere to the policy which has been explained to them (and publicly roasting those who don't!)

  10. #10
    AngryITGuy's Avatar
    Join Date
    Oct 2007
    Location
    County Durham
    Posts
    312
    Thank Post
    54
    Thanked 73 Times in 44 Posts
    Rep Power
    30
    Quote Originally Posted by enjay View Post
    I didn't mean a delay when saving stuff, I meant a delay in between plugging it in and actually being able to open a file off it.
    I see, just tried it now and your right there is a delay on the hardware based drives, can't believe I didn't notice that before!

    Quote Originally Posted by robk View Post
    I contacted Intergral Support over this, they tell me its down to an old version of their software. Replaced the stick with a new one, problem disappeared.

    Is it a old stick you are testing with?
    The stick is probably between 4 and 6 months old I think. Did Integral replace the stick for you?

    Quote Originally Posted by enjay View Post
    How about creating a 500MB container with a default password, then copying that onto all the pen drives? It would obviously be less secure than having individual passwords, but not massively so, since the main "threat" we're trying to protect against is outsiders who find the drive lying around, not other teachers anyway.
    I was thinking along the lines of encrypting most of the drive and leaving just enough space to install TrueCrypt in Traveler Mode.

    Having individual passwords is an issue and will be a PITA to setup a common password although less secure as you said might be the best way forward.

    Would be interesting to hear how others have tackled this issue.

    Quote Originally Posted by joe90bass View Post
    This is the route I'm planning on going. Backed up with a good policy in the staff handbook, and some INSET training from me! The key message being if staff lose a memory stick/USB drive and the personal data is in the encrypted part they're in teh clear. If they lose it, and personal data is not encrypted they face the consequences!
    Training and explanation for the action is definitely a priority here too, shudder to think how many members of staff will just unplug the drive before dismounting it!

  11. #11
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,488
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    75
    Quote Originally Posted by AngryITGuy View Post
    I was thinking along the lines of encrypting most of the drive and leaving just enough space to install TrueCrypt in Traveler Mode.
    Our reasoning against that was to make it as hassle-free as possible. If say half the drive is encrypted, then they can encrypt sensitive stuff when needed, but when they just want to stick a PowerPoint on it or whatever, they don't have to do anything extra. Minimum impact was the name of the game, but this does come at the expense of an increased risk - we deemed this acceptable, you might not.

    Whatever exact permutation you settle on, the key thing is to get the buy-in of all staff, so they understand why it should be done and therefore make the effort to do it; also the buy-in of SLT to roast those people who don't.

  12. Thanks to enjay from:

    AngryITGuy (2nd July 2010)

  13. #12
    robk's Avatar
    Join Date
    Nov 2005
    Location
    Ashbourne
    Posts
    753
    Thank Post
    173
    Thanked 130 Times in 109 Posts
    Blog Entries
    1
    Rep Power
    48
    Quote Originally Posted by AngryITGuy View Post
    The stick is probably between 4 and 6 months old I think. Did Integral replace the stick for you?
    I beleve they did, I told them I was planning a mass roll out so they were very helpful.

  14. Thanks to robk from:

    AngryITGuy (2nd July 2010)

  15. #13

    LeMarchand's Avatar
    Join Date
    Jan 2008
    Location
    The deepest pits of hell
    Posts
    2,178
    Thank Post
    303
    Thanked 332 Times in 236 Posts
    Rep Power
    141
    The way I did it was to copy the TrueCrypt portable mode files to an empty key. I also created a folder named SecureData at the root of the key. Then I edited the autorun to label the drive *Name's*Drive (and set a pretty icon which I put in the TrueCrypt folder) and mount an encrypted file named School in the SecureData file. Then I hid both the folders, wrote a batch file to open TC and mount School (in case the "What do you want to do?" box didn't appear). For some reason that I forget I converted the bat to an exe and set a suitable icon. Then I wrote instructions and stuck a copy on the drive. Also if you actually create the file (just do a small one and subsequently delete it) it seems to cache the path details, making the next step easier.

    I saved the lot in a folder named TrueCrypt on a spare drive. Each time I need a new key, I just copy the folder's contents (2 hidden folders, autorun, exe + instructions) to it and use TC (from the "new" key) to create the encrypted file named School in the SecureData folder, using as much free space as I dare. If you have identical keys it makes the job much easier.

    Not that quick, but it saves a bit of time.

  16. Thanks to LeMarchand from:

    AngryITGuy (2nd July 2010)

  17. #14
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,488
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    75
    Quote Originally Posted by LeMarchand View Post
    For some reason that I forget I converted the bat to an exe
    Perhaps because you've blocked the Command Prompt, meaning users can't run bat files?

  18. #15

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,174
    Thank Post
    868
    Thanked 2,703 Times in 2,289 Posts
    Blog Entries
    11
    Rep Power
    773
    Quote Originally Posted by enjay View Post
    @joe90bass - Exactly. Let's be honest, we can't actually stop staff connecting personally-owned non-encrypted drives anyway, so at the end of the day, it all comes down to trusting the staff to adhere to the policy which has been explained to them (and publicly roasting those who don't!)
    You can is using Windows Vista or 7, there are also tools that IBM put out (pay for) that let you enforce encryption on an removable data drive using GPO. We have not gone this far but have got full encrytion onall the laptop hard drives and tell them to use only those with offline file sync for sensitive stuff. If they put it on a USB key and access it on a home machine all bets are off anyway as there home machine could be compromised.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. USB Encryption Software
    By marvin in forum Windows
    Replies: 14
    Last Post: 20th May 2010, 12:15 PM
  2. USB Drive Encryption
    By danrhodes in forum Windows
    Replies: 17
    Last Post: 20th April 2010, 02:50 PM
  3. USB Drive Encryption on Macs
    By enjay in forum Mac
    Replies: 13
    Last Post: 2nd March 2010, 02:44 PM
  4. USB Stick Encryption?
    By TechSupp in forum Windows
    Replies: 0
    Last Post: 1st December 2009, 10:25 AM
  5. USB flash drives with encryption
    By Jobos in forum Hardware
    Replies: 5
    Last Post: 2nd May 2008, 09:46 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •