Someone say, "Security"?
|Bigger text (+) | Smaller text (-)
Yes, whole disk security.
Article recently found on the net: (presented in public interest.)
"After reading about several laptop thefts and losses, my boss wants me to set up whole disk encryption for her Vista travel laptop. After doing some research, it seems she has three options: Bitlocker (part of Vista Ultimate), PGP Whole Disk Encryption, and TrueCrypt. My main problem now is choosing one. Can someone help me?"
OK; I use all three, PGP Whole Disk Encryption on one machine, TrueCrypt on another, and one server has a TPM, so it, and its RAID arrays are BitLocker protected.
Each addresses slightly different security concerns. If you want to encrypt your disk with a password, and that's all you need, any of these will do the trick. If you want a hardware cryptographic token, so a thief can't obtain your encryption key by brute force, go with PGP Whole Disk Encryption, or BitLocker that supports a TPM with PIN functionality.
BitLocker is probably the easiest to implement, as you just install it, run software to check and partition the root disk. Then, save the recovery key on a USB flash drive (well away from the laptop). You can also save the recovery key on a TrueCrypt volume too. Once Bitlocker is enabled, the security of the machine will be the user passwords (especially any user with Administrator rights.) Make sure you have a decently long (16 characters, preferably more than 20) password to log on with. If you use BitLocker with a PIN and the TPM, you can get away with shorter user passwords if you hibernate or shut down.
Disadvantage of BitLocker -- Requires a TPM for decently secure functionality. TPM enabled laptops are rare, and desktops are rarer still, unless you explicitly buy a motherboard with one, or a "corporate" desktop.
Visit www.full-disc-encryption.com and Trusted Platform Module for more information.
TrueCrypt is a very good solution. It is licensed at no charge (donations are recommended), and is very secure. However, its intended for a single user machine. Using multiple passwords with it is kludgy at best. However for a single user, its very secure once enabled, and you burn a TC recovery CD.
PGP Whole Disk Encryption is the most versatile. It can use a TPM, USB flash drive, smart card, eToken, or none of the above, and use multiple ones in a list to authenticate for a hard disk to work. For example, my laptop has an eToken for hardware security, but as an emergency, I have a very long recovery passphrase if the eToken gets lost or someone locks it by too many guesses. Another example is a friend of mine who has a TPM on his laptop, but if that fails for some reason, he has two eToken keys as backup. PGP Whole Disk has a very good reputation, and is by far best solution for a business IT environment.
You can't go wrong with any of the three listed.
There's a fourth option: SafeBoot. Do not use SafeBoot on Windows Vista if you already use BitLocker.
|NOTICE: Author and presented entities are not affiliated with Freedom School.|
Freedom School is not affiliated with the links on this page - unless otherwise stated.
Freedom School information served for educational purposes only, no liability assumed for use.
The information you obtain at this site is not, nor is it intended to be, legal advice.
Freedom School does not consent to unlawful action.
Freedom School advocates and encourages one and all to adhere to, support and defend all law which is particularly applicable.
Information is intended for those men and women who are not "US CITIZENS" or "TAXPAYERS" - continued use, reference or citing indicates voluntary and informed compliance.
Freedom School is a free speech site and operation as there is no charge for things presented
this site relys on this memorandum and others in support of this philosophy and operation.
The noteworthy failure of the government or any alleged agency thereof to at any time rebut anything appearing on this website constitutes a legal admission of the fidelity and accuracy of the materials presented, which are offered in good faith and prepared as such by Freedom School and third parties affiliated or otherwise. If the government wants to assert that any of the religious and/or political statements that are not factual appearing on this website are in error, then they as the moving party have the burden of proof, and they must responsively meet that burden of proof under the Administrative Procedures Act 5 U.S.C. §556(d) and under the due process clauses found in the Fifth, Sixth, and Seventh Amendments to the national Constitution BEFORE there will be response to any summons, questions, or unsubstantiated and slanderous accusations. Attempts at calling presented claims "frivolous" without specifically rebutting the particular claim, or claims, deemed "frivolous" will be in deed be "frivolous" and prima facie evidence that shall be used accordingly. Hey guys, if anything on this site is found to be in error a good faith effort will be made to correct it in timely fashion upon notification.
the Freedom-School.com site, the DVD issue, microSDHC card issue, and/or work computers, make effort to be in compliance with 17 U.S.C. § 512 and the Digital Millennium Copyright Act ("DMCA"). It is our policy to respond to any infringement notices and take appropriate actions under the Digital Millennium Copyright Act ("DMCA") and other applicable intellectual property laws.
If your copyrighted material has been posted on the Freedom-School.com site, the DVD issue, microSDHC card issue, or work computers, in other than fair use capacity or if links to your copyrighted material are returned through our search engine and you want the material removed, you must provide a written communication that details the information listed in the following section. Please be aware that you will be liable for damages (including costs and attorneys´ fees) if you misrepresent information listed on the site that is allegedly infringing on your alleged copyrights. We suggest that you may want to first contact competent legal assistance on this matter.
The following elements must be included in your copyright infringement claim:
* Provide evidence of the authorized person to act on behalf of the fully disclosed alleged owner of an exclusive right that is allegedly infringed. Please notice that we generally do not deal with third parties.
* Provide sufficient contact information so that we may contact you. You must also include a valid email address.
* You must identify in sufficient detail the copyrighted work claimed to have been infringed and including at least one search term under which the material appears in Freedom-School.com search results.
* A statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.
* A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
* Must be signed by the authorized person to act on behalf of the owner of an exclusive right that is allegedly being infringed. (Proper ratification of commencement.)
Send the infringement notice via email to the postmaster at Freedom-School.com
Please allow 1-3 business days for an email response. Note that emailing your complaint to other parties such as our Internet Service Provider (ISP) or server host(s) will not expedite your request and may result in a delayed response due the complaint not being properly being filed.
Presentation CopyrightŠ 2007, 2023
All Rights Reserved
H O M E