How to secure data on desktop machines Raid array??


I think I'm chasing my tail with how to lock up data on a desktop's raid array, for the purpose of covering it if the machine was stolen.

Basically I want to prevent the scenario where the array is pulled out of this machine and plugged into another machine, so the data drives can be read.

1 - Products like PGP Whole disk encrypt/Truecrypt work fine on single disks, but do not work on arrays.
2 - Having a domain server so I can use NTFS permissions is not 100%, because you can just take over the permissions with an admin account on another network
3 - Bitlocker on a desktop machine using an onboard TPM appears to be non-existant. The motherboards that have the header for an onboard TPM (eg Asus) have no-one selling the TPM module that plugs into it (used to be made by infineon). However bitlocker does work across an array - I tested this using a mobo with no TPM chip and ran bitlocker off a USB key. The USB version I discount because I would just leave the USB key in the machine = has to have onboard TPM chip.

Has anyone else found a way around these issues?

4 answers Last reply
More about secure data desktop machines raid array
  1. Using Becrypt Full Disk Encryption on a laptop in raid-1, without issues or speed loss, plus you get the option to do encryption to usb devices. :D
  2. I checked with becrypt, they were very helpful - but support is not a given. They think it maybe will work for raid5 on ICH*R setups, but are pretty sure it won't with my adaptec cards.

    So yeh, basically I'm back in a loop where whole disk encryption over Raid5 doesn't seem possible without it being at the OS level (eg bitlocker), but then I can't use bitlocker cause there are no current mid-high end motherboards that have TPM chips built onto them - or TPM modules availabe for the ones that have headers!

  3. My understanding is that you CAN use Bitlocker without a TPM by putting the encryption keys on a USB flash drive. Of course it would then be incumbent on the user to NOT leave the flash drive plugged into the machine all the time.
  4. Yep, that's exactly why I'm trying to find a suitable board that can handle bitlocker using TPM not USB :)
Ask a new question

Read More

Security NAS / RAID Desktops Windows 7