On Tue, 19 Aug 2014, Mark McCullough wrote:
Let me preface this by saying I'm not a Windows expert by any means.
I've been asked to research a bit on Windows laptop encryption.
The caveat is that I have to protect both cases where the laptop
does periodically join a domain, and cases where it doesn't ever
join any domain (complete standalone). I also need Windows 7 and 8
support.
I keep hearing bitlocker as a first choice, but I don't know if that
works for all cases, or if there is a commercial tool I should also
be considering. I used to use commercial tools way back when, but
as a user, not an admin.
What tools should I be looking at (besides BitLocker)? What gotchas
should I worry about?
You (and others in this thread) mention software solutions, but you
might also look at self-encrypting hard drives. You'll want to Google
for "FIPS 140-2." There are enterprise-level management solutions or
you can just use the BIOS hooks in most Dell/Lenovo business-class
laptops.
I've found them to pretty plug-and-play since the crypto happens
completely outside the OS.
The self-encrypting drives I've deployed are all spinning platters,
but I've read that a few SSDs have been certified in the meantime.
--
Paul Heinlein
[email protected]
45°38' N, 122°6' W
_______________________________________________
Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
