Securing your data: Full disk hardware encryption -- part 1

Securing your data: Full disk hardware encryption -- part 1

Summary: The best way to protect the data on a desktop or notebook system is to replace the existing drive with a solid-state drive featuring full disk encryption.

SHARE:

Data loss is bad enough, but having that data fall into someone else's hands -- especially if they happen to be the wrong hands -- can be disastrous. While in an ideal we shouldn't be losing data in the first place, we should always hope for the best but plan for the worst.

Integral_SSD_001_smIn this, the first in a two-part series, I'm going to start by looking at how to protect data on desktop or notebooks PCs.

The best way to protect against data loss once a piece of hardware has left your possession is through the use of encryption. While countless software solutions -- free software solutions even -- exist for protecting the data stored on a desktop or notebook computer, I prefer to take a more holistic approach and replace the entire storage drive with a drive that offers hardware-based encryption.

I firmly believe that a hardware approach to encryption is a far better bet because a good hardware solution won't allow the end user a way to bypass it.

The easiest way to add hardware-based encryption to an existing desktop or notebook system is to replace the existing drive -- whether it be a hard drive or a solid-state drive -- with a solid-state drive featuring full disk encryption.

An excellent example of a drive that features built-in hardware encryption is the Integral Crypto SSD SATA drive. This drive is available in 32GB, 64GB, 128GB and 256GB and comes complete with a caddy to allow it to be fitted into a 3.5-inch bay.

The only requirements for you to be able to use this drive is that your PC uses SATA -- most PCs made in the past few years support SATA -- and tha it runs Windows XP, Windows Vista or Windows 7. This drive features AES 256-bit hardware encryption to allow you to encrypt and protect your sensitive data while at the same time getting the performance, reliability and power benefits of a solid state drive. Once encryption is set, a valid user name and password is required to access the Crypto SSD prior to system boot.

The Integral Crypto SSD is FIPS 197 validated and is an ideal drop-in replacement for a standard hard drive in a desktop computer or laptop. The Crypto SSD also makes use of "Master" and "User" dual passwords where an admin can set-up a user password along with a master override password. If the user forgets their password, the Crypto SSD can be unlocked by an admin and the user password can be reset. The drive also enforces that a high-strength 8-16 character alphanumeric password must be used, and there's even brute-force password attack protection where the encrypted data is automatically erased after the default six failed password attempts (you can modify this to a maximum of 20 attempts).

For use in an enterprise situation, the Crypto SSD is also compatible with endpoint security solutions by using the configurable unique ID feature, which is part of the drive's on-board software.

For added peace of mind the drive features an anti-clone feature that prevents it from being clones once the encryption is set.

Replacing an existing drive with a drive like the Crypto SSD isn't difficult. In fact, it's a simple three-step process, and Intgral outlines clearly what you need to do to get your drive working:

  • Clone the existing drive -- or make an image of the operating system and data -- prior to installing the Crypto SSD. If you are not looking to keep your old Windows install you can go ahead and install a fresh copy of Windows onto the Crypto SSD after it has been fitted in your laptop or desktop PC.
  • Pop the Crypto SSD into your laptop or desktop PC. I've installed the drive into a desktop and a notebook and it takes less than 5 minutes -- with practice you should be able to do the same.
  • Finally, run the "SSDLock" application -- which is supplied on a USB -- to set the encryption and specify usernames and passwords. Then you reboot the system.

And that's it.

Your system is now protected by full disk encryption and every time it is booted up a valid username and password is required to access the system. It's also quick to do, with the whole process -- including replacing the drive and copying over the image of the operating system -- taking me less than 30 minutes.

So far, I've tested the drive itself, along with the login feature, and the admin password recovery feature and everything works as expected. The drive is fast, silent and cool during operation.

I've also imputted the password incorrectly a few times and got the drive to wipe itself -- a process that it both fast and leaves no recoverable data on the drive.

All in all, the Integral Crypto SSD is an awesome drive and comes highly recommended.

Topics: Storage, Hardware, Privacy, Security, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion
  • How much does that company pay you?

    "For added peace of mind the drive features an anti-clone feature that prevents it from being clones once the encryption is set."

    If they are going to write an article for you and you in turn put your name on it at least make it understandable.. this article has many syntax and obvious grammar errors. Oh yeah I want a drive that someone can with 6 failed password attempts wipe my data.. real smart.
    natrlight@...
    • Are you using your brain?

      Part of his job is to promote products he feels are commendable. How else is the general public to learn of them and their selling points?

      As for the password attack protection feature, that runs part and parcel with opting for full disk encryption to begin with. One assumes that if you're concerned enough about security and privacy to deploy such protections, that you're also taking the time to back up your data regularly. That way if attempts are made to get at it, the perpetrator won't have access for long -- but your back is still protected.
      klumper
  • I hope

    I hope the wipe is optional, or better yet, configurable! I might want a wipe at 20 tries, but 6 tries is so small, a visiting 8 year old might well wipe all my data!

    I think I'll leave my desktop PC unencrypted. If somebody steals it, at least I'll know to monitor my credit. For your typical home user, encryption is just another way to lose your data!
    bmgoodman
  • What about forensic software?

    "there's even brute-force password attack protection where the encrypted data is automatically erased after the default six failed password attempts."

    Just wondering if you happen to know: standard forensic software does a two-step process: (1) lock the drive against disk writes; (2) image the disk and calculate a checksum.

    Then all forensic work is performed on the image, not the physical disk.

    I understand that the password is in hardware, not software, but would it be possible to use a brute force technique on the image?
    Rick_R
    • Anti-clone feature

      I wrote this comment before reading the whole article. It mentions that there is an anti-clone feature. I assume that is intended exactly for that purpose.
      Rick_R
  • Availability ???

    Quick search for pricing only found stores in the UK and FR. How about recommending something available in the USA.
    HCastle
  • Re: Availability

    It is available thru amazon (third party) and the brute force anti hacking is configurable up to 20 password tries, though 6 is default (I set mine to 10 just in case)
    TrishaDishaWarEagle
  • I call Plagiarism!

    Go read the Integral website for this drive. Adrian has copied text work-for-word from the site. How much are they paying you to advertise their product Adrian???
    gribittmep
  • My advice: Don't store anything you're not willing to lose forever

    Encryption is shiny and good, but when things go wrong you have to accept that the information is lost for good. If the bad guys can't recover your data then neither can you.
    Other than that it looks like a good drive. I wonder, will it work with Windows 8 and UEFI?
    keebaud@...