Protecting your hard-drive data - encryption?

What's generally the recommended way to protect data should your hard-drive be stolen? Encryption? Password protection? Something else? Some sensible advice would be appreciated.

 

HDD be stolen? Gimme a situation.

 

I mean from your desktop? Laptop? Just the HDD? External HDD?

 

I think he's looking for a solution if your laptop is stolen, the thief won't be able to get any information off of the hard drive.

Seems to be more and more common, particularly for business laptops.

 

Encryption is the best way, though given enough time, anything can be cracked.

 

Set a BIOS password, encrypt your HDD, even set passwords for Microsoft Office documents. Protect your notebook(s) with your life!

 

Standard scenario - some dude steals my laptop. Don't particularly want it back, but want the data to be too difficult to access for them to do anything but wipe it completely. I thought a BIOS password was easy to get around anyway by messing with the hardware?

 

I use a simple program called Cryptext to encrypt my data. It encrypts each individual files in a folder. It's a time consuming process when you have ten of thousands of files. But it's pretty secured. Now I am actually looking something that will just lock the drive without encrypting anything -- for faster access.

 

If you dont have a data that will worth more than a new HDD to the thief, the HDD password (not BIOS password, but HDD password) will suffice - and this will avoid the performance penalty of encryption. Generally HDD passwords are set in BIOS too - and its kinda confusing, but its a different thing, trust me
BIOS passwords can be easely reset by clearing a CMOS, but HDD passwords are not (they are stored right on the HDD inside the invisible firmware zone). Though on *some* older HDD models due to security holes passwords can be reset by special programs, but on many modern HDDs the only way to reset the password is to erase all data, or use *very* specialized equipment and the cleanroom to swap the platters on the running hdds - and, as I said, generally it will cost as much or more then price of the new HDD.

Be careful not to forget the HDD password when you set it though. Exactly due to high security of this scheme, if you forget it - there is a great chance that you wont get your own data anymore too.

If you use HDD password, in many BIOSes for adequate security you *must* set the BIOS password too (yes, set two passwords). Thats because many BIOSes "remember" the HDD password for quicker login, and clever hacker can use this fact for bypassing the HDD password. If you will secure BIOS with password too, to get access thief will at least need to clear CMOS - and it will wipe the stored HDD password from BIOS memory too (it will remain only on the HDD where it should be).
Also setting at least a BIOS setup password is generally a good idea because it prevents some "practical jokers" from setting their own password and cutting you from your own notebook.

Of course you still can encrypt *most* important files. Just make sure you use the encryption that is easely recoverable (as long as you remember a password, but not if you dont know the password). All Windows encryption schemes (EFS or BitLocker) use keys stored in the registry, so if registry is badly corrupted it may be hard to recover your data - if you have not used the hassle with recovery keys (that compromise your data anyway).
Best shot is to use third-party encryption tools that generate keys entirely from the text password,- so as long as you get a password data can be recovered no matter what happens to other windows files.

 

Cheers Ingvarr.

I'm going to take a look at the HDD via the BIOS suggestion and let you all know. There's nothing of monetary value on the laptop HDD, but all the same...and I'd like to avoid a performance (however small) resulting from encryption.

Can a similar approach be used for external HDD?

 

If its eSATA - yes.

If its USB or Firewire - dont think so, since HDD password is part of ATA specification.

 

My company is getting ready to deploy hard drive encryption software to all of our laptops, using software from a company called Utimaco. Anyone had any experiences with this software/utility? Supposedly, there will be 2 passwords required once this is deployed - one to allow the hard drive to start up, and another to logon to the machine/network.

Sounds good, but like was mentioned above, you hope that nobody forgets their password to access this critical data, since the cost of recovery could possibly far outweigh the cost of the loss of the data itself.

 

HDD via bios appears to work. thanks!

 

Here's an encryption program I've been meaning to try out for a while but just haven't gotten around to yet.

http://www.truecrypt.org/

And a few user reviews and comments I just quickly found.

http://bizsecurity.about.com/od/securityproductreviews/fr/TrueCryptRev.htm
http://www.snapfiles.com/opinions/TrueCrypt/TrueCrypt.html

 

Heard many good things about truecrypt and its ability to encrypt the entire file system drive on the SecurityNow podcast. Did you ever get a chance to try truecrypt?

 

For Vista best for BIOS HD protection since the HD is locked to that particular laptop.

Encrypt doesn't work with Vista but works great with XP

TrueCrypt is a bit more complicated but will work with Vista too

For me I use EncryptOnClick for Vista. Can encrypt Folders & Files and you have the option of deleting the original file but keep an encrypted image and can also restore the original if necessary.

But for really safe record keeping place all your data to an SD or Memory Stick.

 

!!! Store all your important data on an easily removable device that can also be lost easily? Not to mention that one static shock and all the data is gone.

Take a look at the truecrypt guide in my sig for info on encrypting your system disk with truecrypt.

 

Why not to store it on a removable device?! Especially if this device is a biometric flash drive!!! But if anyone doesn't like using removable devices and prefers to store data on computer's harddisk I would recommend Rohos mini (it will work for removable devices too). It's FREE. Requires no administrative rights to use it on a guest's computer. Very reliable solution. I've been using it for months now and consider it a great program. If you have a lot of sensitive data you can enlarge the encrypted disk's size.