Usb security ?

dashpuppy · Apr 19, 2012

Hope this is in the right place,

is there such a piece of software for windows 7, that allows you to lock out your computer. ie not boot it unless the usb key (stick) was inserted, but also encrypted the drive, so no one can read the drive..

Initially i would use a generic usb stick, but thought about doing this.

I was told synamtec makes a drive encryption software, but not sure how it works etc etc..

Dash

mtrupi · Apr 19, 2012

Are you thinking of win7 bitlocker? It can be setup to only boot if a USB stick with the correct authentication is on it. Haven't been concerned with the ins and outs of this but search for bitlocker and TPM (Trusted Platform Module).

Snufykat · Apr 19, 2012

dashpuppy said:
Hope this is in the right place,

is there such a piece of software for windows 7, that allows you to lock out your computer. ie not boot it unless the usb key (stick) was inserted, but also encrypted the drive, so no one can read the drive..

Initially i would use a generic usb stick, but thought about doing this.

I was told synamtec makes a drive encryption software, but not sure how it works etc etc..

Dash

http://www.predator-usb.com/predator/en/index.php?n=Main.HomePage
That might work? Never used it, no experience with it, use at your own risk.

dashpuppy · Apr 19, 2012

mtrupi said:
Are you thinking of win7 bitlocker? It can be setup to only boot if a USB stick with the correct authentication is on it. Haven't been concerned with the ins and outs of this but search for bitlocker and TPM (Trusted Platform Module).

Don't you have to have windows 7 premium tho ? ( or the highest version they make )

gimp · Apr 19, 2012

dashpuppy said:
Don't you have to have windows 7 premium tho ? ( or the highest version they make )

yeah, Ultimate and I believe Pro also (unless it's only the Enterprise?).

As for Symantec Endpoint Encryption, it's a FDE. Full disk encryption with pre-boot authentication.
We were originally using GuardianEdge, which Symantec bought out and turned in to SEE.
Although I don't know much about their personal edition of encryption (if there is one)

Snufykat · Apr 20, 2012

http://windows.microsoft.com/en-US/windows7/products/compare
Bit locker, ultimate only.

PTNL · Apr 20, 2012

SnufyKat is on the right path with this. BitLocker could be used, but has some limitations that Snufy's "Predator" find doesn't seem to have.

I also had a coworker tell me that another limitation is that large files ( > 2 GB) don't perform well under BitLocker, and he was strongly urged not to use BitLocker in this scenario (this was from MS at last year's TechEd). Which is fine, as BitLocker is really designed for small file protection on removable storage. Protecting large, internal hard drives is where enterprise hard drives come into play that full drive encryption (FDE).

@dashpuppy...

If you're looking to not allow the machine to boot without the USB stick, then you'll need to look into some hardware that supports this. I believe this is tied to TPM (trusted platform module) and requires a mobo that supports this, but that's the extent that I've dug into this before. You may need to look into Dell and HP's servers to get a better idea of support and usage if you need this feature. If you got a business account with Dell or HP, then their server support teams could definitely provide more details and options.

If you do find some good information on product explanations, support, potential vendors, etc., then please post them. Thanks!

** Edit: I also found some guidance on protecting the BitLocker platform here.

nitrobass24 · Apr 20, 2012

Snufykat said:
http://windows.microsoft.com/en-US/windows7/products/compare
Bit locker, ultimate only.

Also on Windows 7 Enterprise.

mtrupi · Apr 20, 2012

PTNL said:
I also had a coworker tell me that another limitation is that large files ( > 2 GB) don't perform well under BitLocker, and he was strongly urged not to use BitLocker in this scenario (this was from MS at last year's TechEd). Which is fine, as BitLocker is really designed for small file protection on removable storage. Protecting large, internal hard drives is where enterprise hard drives come into play that full drive encryption (FDE).
here.

I haven't experienced any trouble with large files.

Snufykat · Apr 20, 2012

nitrobass24 said:
Also on Windows 7 Enterprise.

Not to many home users will be using volume licensing, you are correct though.
Enterprise has bit locker and bit locker to go.

dashpuppy · Apr 20, 2012

Snufykat said:
Not to many home users will be using volume licensing, you are correct though.
Enterprise has bit locker and bit locker to go.

Might be the way I go, id like my new laptop to be secure

nitrobass24 · Apr 20, 2012

Snufykat said:
Not to many home users will be using volume licensing, you are correct though.
Enterprise has bit locker and bit locker to go.

Yea your right, but he didn't say it was for his personal PC. I was just making sure all the information was available.

Physical Token authentication is not a very practice IMO.
Chances are the person will keep their USB key in the same backpack/briefcase/bag as their laptop. Steal the bag, guess what they have everything they need.

If you force longer passwords and use pre-boot authentication a thief is much less likely to be able to break into your computer.

dashpuppy · Apr 20, 2012

nitrobass24 said:
Yea your right, but he didn't say it was for his personal PC. I was just making sure all the information was available.

Physical Token authentication is not a very practice IMO.
Chances are the person will keep their USB key in the same backpack/briefcase/bag as their laptop. Steal the bag, guess what they have everything they need.

If you force longer passwords and use pre-boot authentication a thief is much less likely to be able to break into your computer.

the usb stick will be with my authentication card for work that i wear every day. So it won't be stored with the laptop. I basically want it so if some one got a hold of the unit they can't read the drive NOR boot the machine.

Dash.

dashpuppy · Apr 23, 2012

If you setup bitlocker on your windows 7 machine, you can make it only boot with the usb stick inserted ?

JosephObrien · May 2, 2012

I have no any idea of USB security but i like your assumption and which is delicious way to secure of our computer to coming any virus effected problems...

dashpuppy · May 2, 2012

JosephObrien said:
I have no any idea of USB security but i like your assumption and which is delicious way to secure of our computer to coming any virus effected problems...

Just downloaded windows Ultimate N, going to use bitlocker & usb startup..

RavenD · May 7, 2012

If you don't have Windows 7 Ultimate/Enterprise for BitLocker, you can implement a setup similar to the one discussed (flash drive with encryption keys on it) with Truecrypt. It's free and open source.

dashpuppy · May 7, 2012

RavenD said:
If you don't have Windows 7 Ultimate/Enterprise for BitLocker, you can implement a setup similar to the one discussed (flash drive with encryption keys on it) with Truecrypt. It's free and open source.

That exact what I'm planing! I can't use bitlocker on my laptop, there is no tpm module installed

bah!

athlon1.2 · May 7, 2012

I am using this: http://www.mcafee.com/us/products/data-protection/endpoint-encryption.aspx

I think you can use a smartcard like a USB....

Snufykat · May 8, 2012

No mcaffe for me, I would rather try truecrypt.
I have no faith in mcaffee and dislike the bloat of their programs.

Usb security ?

Supreme [H]ardness

Gawd

[H]ard|Gawd

Supreme [H]ardness

[H]F Junkie

[H]ard|Gawd

Supreme [H]ardness

[H]ard|DCer of the Month - December 2009

Gawd

[H]ard|Gawd

Supreme [H]ardness

[H]ard|DCer of the Month - December 2009

Supreme [H]ardness

Supreme [H]ardness

n00b

Supreme [H]ardness

[H]ard|Gawd

Supreme [H]ardness

Supreme [H]ardness

[H]ard|Gawd