Hard Drive encryption

Discussion in 'other security issues & news' started by Long View, Sep 19, 2008.

Thread Status:
Not open for further replies.
  1. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    I have just been asked by my Regulator to confirm that "all hard diskson pc's and laptops" are encrypted.

    At the moment I can see how to use windows Xp to encrypt folders. Then if I try to open those folders on another machine they won't open.

    But can not see how to encrypt whole drives with Xp. Is this possible ? or would I have to buy a program ? if so any suggestions ? does this sort of encryption create an performance hit ?
     
  2. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    I would like to add three questions (if that´s o.k. Long View :)):

    1. If I encrypt a folder using Win XP´s own tool, does new files/subfolders which I put there inherit the encryption? It change the colors to green, but do they encrypt automagically?

    2. If I move those subfolders/files from the encrypted folder to another place, does it automagically being decrypted?

    3. If I encrypt the program files- and windows folder using Win XP´s own tool, does it reduce the access/write speed considerably?

    Sorry for these add-on L.V. ;)

    /C.
     
  3. kC_

    kC_ Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    452
    truecrypt, is a good start, can encrypt your whole system drive easily, and best of all FREE & Open Source

    http://www.truecrypt.org/
     
  4. kC_

    kC_ Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    452
    yes if you encrypt a folder, encryption will happen on all new files automatically..

    from M$
    "When you rename, move, or copy an encrypted file, the file will remain encrypted, even if you move or copy it to an unencrypted folder or a network share. Encrypted files stored on backup media will remain encrypted, but will have to be restored to an NTFS volume to be decrypted and accessed."

    all depends on your PC's specification HD/RAM/CPU as to how much it will affect overall Perfomance
     
    Last edited: Sep 19, 2008
  5. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    Isn´t TC´s reputation regarding stability questioned? At least by some knowledgeable members here at Wilders, it is. Some even recommending going back to the 4.x versions of TC. But I don´t know the details about this issue so it could be an ill-meaning rumor.

    /C.
     
  6. kC_

    kC_ Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    452
    v4 wouldnt support system drive encryption.

    if theyve ran into problems with the new version, then yeh going back to older version would be a good idea..

    i run v6.0a quite happily on 3 laptops with full system encryption, and on a server 2003 box (encrypted slave drives), and on 4 XP pro desktops.. never ran into any stability problems myself
     
  7. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    O.k. thanks kC_ for your answers :)

    /C.
     
  8. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    No problem - I no nothing about this topic and will soon have to - with UK Government officials losing memory sticks and drives my people are going to require changes.

    I will be trying out trueCrypt in the next few days but 2 things concern me already: will I be able to use Shadow Protect to make images of C: win Xp + Programs and D: data and I wonder how Shadow defender will interact. when one line I tend to protect all drives with Shadow Defender.

    I took a quick look at PGP and could live with the initial cost but don't like the idea of paying annual charges.

    Have now installed TrueCrypt and completely encrypted C: or so the prgram says. Put Shadow Defender into shadow mode and had no compliants.
    Now a really dumb question : how do I check that C: is encrypted ? Yes I have to enter a password at boot but once I've booted I can copy files to other machines and they can be opened. do I still need to use Xp to encrypt each file ? or am I doing something wrong ?
     
    Last edited: Sep 19, 2008
  9. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    Which TC version did you use? Have decided myself just to use Windows own encryption tool and only encrypt the My Documents folder, since encrypting the outcome/work is the most important data to secure. The other stuff (windows, program files) doesn´t matter anyway if my laptop gets stolen.

    /C.
     
  10. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    I use 6.0A

    Using TC for whole of drive encryption is not going to work. I started to use Shadow Protect to make an image of C: and SP reported that it would take 1 hour 25 mins. Normally it would take less than 2 minutes. Looks like Shadow Protect sees the whole drive and has to image everything. The good news is that I was able to use the SP CD to restore my image in 1 min 35 sec and TC was no more.

    Perhaps I will be allowed to only encrypt my Docs but there may be a concern that clues to what is in my docs might remain on C:
     
  11. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    looks like imaging has to be done from within windows. I managed to get Shadow Protect to make an image of encrypted C: took just over 2 mins.

    BUT when I restored I had to use the CD - does anyone know why SP can not restore from within windows ? - and although it did restore the drive was no longer encypted.

    will try with Acronis next. shame about SP
     
  12. kC_

    kC_ Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    452
    if you run image from within windows, the imaging program will see it as Un-encrypted data.. so yes, would be quick & when restored, it would restore non-encrypted data
    to make a complete encrypted backup, it would have to be done before booting, and would have to be done sector-by-sector (means a complete image, takes much more space & much longer)
     
  13. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Thanks KC - I had pretty much come to this conclusion after my tests.
    As I have a a50gb C: and 1 TB D: sector by sector could take a while. I suppose I could make a 10 gb partion on C: for Xp and programs and another small partition on D: but can't help thinking that if then encryption people and the imaging people got togther this could be solved very quickly. As it is TrueCRypt and PGP are not viable oprions for me.
     
  14. yankinNcrankin

    yankinNcrankin Registered Member

    Joined:
    May 6, 2006
    Posts:
    406
    You could do a 10GB system partition with encryption then partition the remainder and use the remainder with encrypted containers to whatever size you need. Should'nt take longer than 10-15 min to back up the system partition.
     
Loading...
Thread Status:
Not open for further replies.