Hi,
I think I'm chasing my tail with how to lock up data on a desktop's raid array, for the purpose of covering it if the machine was stolen.
Basically I want to prevent the scenario where the array is pulled out of this machine and plugged into another machine, so the data drives can be read.
1 - Products like PGP Whole disk encrypt/Truecrypt work fine on single disks, but do not work on arrays.
2 - Having a domain server so I can use NTFS permissions is not 100%, because you can just take over the permissions with an admin account on another network
3 - Bitlocker on a desktop machine using an onboard TPM appears to be non-existant. The motherboards that have the header for an onboard TPM (eg Asus) have no-one selling the TPM module that plugs into it (used to be made by infineon). However bitlocker does work across an array - I tested this using a mobo with no TPM chip and ran bitlocker off a USB key. The USB version I discount because I would just leave the USB key in the machine = has to have onboard TPM chip.
Has anyone else found a way around these issues?
Thanks,
Herb
I think I'm chasing my tail with how to lock up data on a desktop's raid array, for the purpose of covering it if the machine was stolen.
Basically I want to prevent the scenario where the array is pulled out of this machine and plugged into another machine, so the data drives can be read.
1 - Products like PGP Whole disk encrypt/Truecrypt work fine on single disks, but do not work on arrays.
2 - Having a domain server so I can use NTFS permissions is not 100%, because you can just take over the permissions with an admin account on another network
3 - Bitlocker on a desktop machine using an onboard TPM appears to be non-existant. The motherboards that have the header for an onboard TPM (eg Asus) have no-one selling the TPM module that plugs into it (used to be made by infineon). However bitlocker does work across an array - I tested this using a mobo with no TPM chip and ran bitlocker off a USB key. The USB version I discount because I would just leave the USB key in the machine = has to have onboard TPM chip.
Has anyone else found a way around these issues?
Thanks,
Herb