Re: "Stand Alone" Hard Disk Encryption for Home/Personal PCs and Laptops

["Eric C. Lukens" <eric.lukens () UNI EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I found Bitlocker cumbersome for Windows Vista, but much better in
Windows 7.  Unfortunately, the users must have the Enterprise or
Ultimate editions, which most home users will not have.  In Windows 7
they don't have to partition the drive themselves. The difficult part is
enabling the TPM chip, which is often disabled by the computer
manufacturer in the BIOS.

If Bitlocker is not available (or even if it is), TrueCrypt certainly is
plenty good.  Just make sure the users know not to cascade multiple
ciphers for their full disk encryption--that'll slow things a little too
much.

Also, you can backup the header of a TrueCrypt volume (full disk or
otherwise) and then change the password on the TrueCrypt volume to the
user's choice.  You'll then have a backup header that can be restored
with a known password (see the "Restore Volume Header" section at
http://www.truecrypt.org/docs/?s=program-menu).  Remember to use this
knowledge for good, not evil.

- -Eric

- -------- Original Message --------
Subject: Re: [SECURITY] "Stand Alone" Hard Disk Encryption for
Home/Personal PCs and Laptops
From: Dr. Wole Akpose <wole.akpose () MORGAN EDU>
To: SECURITY () LISTSERV EDUCAUSE EDU
Date: 9/15/2010 1:05 PM

> Mac comes with whole disk encryption. It's easy to use - Available through
> "System Preference -> Security"
>
> Window's BITLOCKER is a bit cumbersome, but PGP Whole Disk works well with
> Windows PCs.
>
> But I will always advice that such efforts be done with some organization
> oversight and support. So an enterprise deployment of bit-locker or PGP
> enterprise will ensure that you can easily recovery lost keys, in the event
> users forget that paraphrase/password for the whole disk encryption tool.
> Something to think about.
>
>
> Wole Akpose. CISSP, CGEIT, D.Eng
> Planning & Information Technology
> Morgan State University
> 1700 E. Cold Spring Lane
> Baltimore, MD 21251.
> p. 443.885.1850 / 443.885.3732
> f. 443.885.8304 /443.885.8211
>
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chris Kidd
> Sent: Wednesday, September 15, 2010 1:22 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] "Stand Alone" Hard Disk Encryption for Home/Personal PCs
> and Laptops
>
> Does anyone have a list of hard disk encryption software suitable for
> end-users' personal Windows or Mac based PCs and laptops (i.e. relatively
> easy to use given no support will be provided by the organization)?
>
> Thanks in advance,
> Chris
>
> Chris Kidd
> Information Security and Privacy Office
> University of Utah
> 650 Komas Drive, Suite 102
> Salt Lake City, UT 84108
> Office: 801.587.9241
> Cell: 801.747.9028
> chris.kidd () utah edu 
>
> http://www.secureit.utah.edu

- -- 
Eric C. Lukens
IT Security Policy and Risk Assessment Analyst
ITS-Network Services
Curris Business Building 15
University of Northern Iowa
Cedar Falls, IA 50614-0121
319-273-7434
http://www.uni.edu/elukens/
http://weblogs.uni.edu/elukens/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkyRGA0ACgkQN+w4PqsMNp2/9QCfePz0DXEzVyfxKLHlJShSufoF
7OcAoIK0UyZf+6WzpomM7oAfvrghLwv7
=BHjJ
-----END PGP SIGNATURE-----