Sign in with
Sign up | Sign in
Your question

How to secure data on desktop machines Raid array??

Last response: in Windows 7
Share
January 27, 2010 10:44:51 PM

Hi,

I think I'm chasing my tail with how to lock up data on a desktop's raid array, for the purpose of covering it if the machine was stolen.

Basically I want to prevent the scenario where the array is pulled out of this machine and plugged into another machine, so the data drives can be read.

1 - Products like PGP Whole disk encrypt/Truecrypt work fine on single disks, but do not work on arrays.
2 - Having a domain server so I can use NTFS permissions is not 100%, because you can just take over the permissions with an admin account on another network
3 - Bitlocker on a desktop machine using an onboard TPM appears to be non-existant. The motherboards that have the header for an onboard TPM (eg Asus) have no-one selling the TPM module that plugs into it (used to be made by infineon). However bitlocker does work across an array - I tested this using a mobo with no TPM chip and ran bitlocker off a USB key. The USB version I discount because I would just leave the USB key in the machine = has to have onboard TPM chip.

Has anyone else found a way around these issues?

Thanks,
Herb
a b 8 Security
a b $ Windows 7
January 28, 2010 10:42:50 AM

Using Becrypt Full Disk Encryption on a laptop in raid-1, without issues or speed loss, plus you get the option to do encryption to usb devices. :D 
m
0
l
February 3, 2010 5:31:20 AM

I checked with becrypt, they were very helpful - but support is not a given. They think it maybe will work for raid5 on ICH*R setups, but are pretty sure it won't with my adaptec cards.

So yeh, basically I'm back in a loop where whole disk encryption over Raid5 doesn't seem possible without it being at the OS level (eg bitlocker), but then I can't use bitlocker cause there are no current mid-high end motherboards that have TPM chips built onto them - or TPM modules availabe for the ones that have headers!

:??: 
m
0
l
Related resources
a b 8 Security
a c 209 $ Windows 7
February 3, 2010 4:05:15 PM

My understanding is that you CAN use Bitlocker without a TPM by putting the encryption keys on a USB flash drive. Of course it would then be incumbent on the user to NOT leave the flash drive plugged into the machine all the time.
m
0
l
February 3, 2010 6:35:06 PM

Yep, that's exactly why I'm trying to find a suitable board that can handle bitlocker using TPM not USB :) 
m
0
l
!