Hard Drive Password and Data Encryption

[arch0nmyc0n]

Ok, I'm not asking how it's done... I just want to get an idea of what other people think...

At work they are discussing third party encryption software to ensure the data is safe on a laptop hard drive.

What about simply having a hard drive password? There would be a BIOS password. Wouldn't this basically offer the same kind of protection? Nobody could affect the data without having the hard drive password correct?

What about if they used regular windows ntfs encryption? Would this offer siginificantly improved protection over a third party program?

I'm certainly no expert, I'm just trying to understand the security behind this. We are a petro chemical plant so I understand there is some pretty secret stuff on some laptops. But I figure short of having a hard drive platter reader, a hard drive password will suffice.

Thoughts?

[Draggar]

Anything can be hacked. At work we also have an encryption and it makes my job (IT) a real pain in the rear at times - I always need the users login and password, even though that is against policy. The encryption sometimes also gets locked to a different code so they cannot access some files (seems to be mostly PST files affected by this!).

FAT32 doesn't support the encryption, luckily, so I make sure I have my encryption killer drive with me.

[CeeBee]

Many people pulled their hair and cried when they encountered corruption on an encrypted drive... If data is that important than it shouldn't be stored on a laptop. NTFS encryption can be broken too (trust me on this one ), though not directly.

[Niclo Iste]

If they insist they have to be mobile with their data I'd suggest https://www.ironkey.com as a likely solution. I've always told people encryption only slows down the lazy thieves. If they really are determined they'll get the data one way or another. It's just a matter of how much time they have and how much money they want to put into getting what they want.

[slgrieb]

The most frequently overlooked concept in computer security is physical access. If you can get your hands on the machine, you can sooner or later (generally sooner) do about anything you want with it, including cracking or bypassing encryption.

[arch0nmyc0n]

While is this getting to be a borderline bad subject to discuss. I;ve always heard whispers that hard drive passwords can be hacked, but never actually met someone who can do it. While I'm not by any means asking for specifics, does anyone know someone who actually has done it?

Regardless, thanks for the ironkey idea, I'll run it by the bosses and see if it helps them come up with a better solution. Have you used their enterprise equipment/software before?

[Niclo Iste]

While is this getting to be a borderline bad subject to discuss. I;ve always heard whispers that hard drive passwords can be hacked, but never actually met someone who can do it. While I'm not by any means asking for specifics, does anyone know someone who actually has done it?

Regardless, thanks for the ironkey idea, I'll run it by the bosses and see if it helps them come up with a better solution. Have you used their enterprise equipment/software before?

As far as hacked drives I don't know anyone directly but for sake of arguement if the FBI can do it so can an adept computer technician. I myself have decryption cracking tools I downloaded for the novel sake of recovering old data caches I forgot the passwords to but don't have the patience to wait the 3 years it would take for my typical length keys to be cracked. This of course is just one way they can do it from what I understand.

The Iron Key usage was a project being tested on at the firm I used to work at. They recieved them right after I left. However I keep in touch with the people there and from what they told me it's pretty interesting to use. They bought an extra one for their office for the testing purposes of seeing what it really does after you fail your limited amounts of entry attempts. I can double check and see if they got the enterprise or not but I do know that they were happy with what they had.

[arch0nmyc0n]

I'd appreciate it if you could. I wouldn't mind getting a "first" hand review by someone other than someone employed by them... problems, compatibility, etc would be great to know before going ahead... no rush of course. This will probably take months to go through....