views:

879

answers:

7

I've used PointSec before. It was my previous employers default choice. Now i get to choose for my current one. While i dont have anything against PointSec, Looking for more options to choose from.

+4  A: 

http://www.truecrypt.org/

*sigh* These kinds of questions seriously aren't programming related and can be answered by a SIMPLE search on google -.-

SemiColon
Surely the point of stackoverflow is to give a community endorsed answer - so it is worth posting to get a consensus.
Martin Beckett
agreed. enough with the 'not stackoverfow worthy' group-think already.
Kolten
+1  A: 

I second TrueCrypt. It has grown to be reliable, has an rich feature set and works across all platforms.

I've used it myself, and I have no complaints what so ever. Excellent stuff.

wvdschel
+1  A: 

As indicated, TrueCrypt is a great solution for individuals, however, it doesn't have any corporate like features such key management. An example of key management is where Ms. X left the company and the company needs access to her data. Those type of corporate features need something like Microsoft's BitLocker.

Knox
A: 

I've used TrueCrypt as well, and while it isn't aimed at Enterprise users, it does have a few very nice features (such as a hidden volume - the same encrypted volume can actually store two filesystems, and figure out which one to display depending on the password given).

zigdon
A: 

Key Management capabilities for large-scale deployment are a must - even before users leave the organization, there's always someone who ends up reformatting their OS, or otherwise "losing" their keys.

PGP with a keyserver works well (or take advantage of PGP's support for X.509 v3 certs); EFS provides support (via Active Directory and Windows Certificate Services) for not only automated, secure archival of the user's encryption keys, but also a Data Recovery Agent (that can be used to recover the files with a backup asymmetric key that decrypts a second copy of the per-file symmetric key). BitLocker provides the ability to archive the per-system disk encryption key, so that the backup is stored as a special attribute of the Computer object in Active Directory.

ParanoidMike
Complex key management creates security holes unless you really know what you are doing - and you rely on Windows and all the other components getting the security right.Is it possible to fake the authentication server with Samba on a laptop? Are you sure ? Can you prove that?
Martin Beckett
+2  A: 

Truecrypt does have key management. It is possible to backup the original header and then restore it later, the key in the original header can then be used. For whole disk encryption it forces you to build a rescue disk, the key set for this disk can then be used to read the drive, even if the password is changed by the user.

To quote form their site
Q: We use TrueCrypt in a corporate/enterprise environment. Is there a way for an administrator to reset a volume password or pre-boot authentication password when a user forgets it (or loses a keyfile)?

A: Yes. Note that there is no "back door" implemented in TrueCrypt. However, there is a way to "reset" volume passwords/keyfiles and pre-boot authentication passwords. After you create a volume, back up its header to a file (select Tools -> Backup Volume Header) before you allow a non-admin user to use the volume. Note that the volume header (which is encrypted with a header key derived from a password/keyfile) contains the master key with which the volume is encrypted. Then ask the user to choose a password, and set it for him/her (Volumes -> Change Volume Password); or generate a user keyfile for him/her. Then you can allow the user to use the volume and to change the password/keyfiles without your assistance/permission. In case he/she forgets his/her password or loses his/her keyfile, you can "reset" the volume password/keyfiles to your original admin password/keyfiles by restoring the volume header from the backup file (Tools -> Restore Volume Header).

Similarly, you can reset a pre-boot authentication password. To create a backup of the master key data (that will be stored on a TrueCrypt Rescue Disk and encrypted with your administrator password), select 'System' > 'Create Rescue Disk'. To set a user pre-boot authentication password, select 'System' > 'Change Password'. To restore your administrator password, boot the TrueCrypt Rescue Disk, select 'Repair Options' > 'Restore key data' and enter your administrator password. Note: It is not required to burn each TrueCrypt Rescue Disk ISO image to a CD/DVD. You can maintain a central repository of ISO images for all workstations (rather than a repository of CDs/DVDs). For more information see the section Command Line Usage (option /noisocheck).

Martin Beckett
A: 

PointSec is horrorr! DO NOT WANT.

Kolten