Product Group Tests
Whole disk encryption (2007)January 10, 2007
Priced at the low end of the products that we tested, PGP Whole Disk Encryption was the best tool for an enterprise environment. We rate it our Best Buy for its strong enterprise capability, ease of use, value and superior performance.
While SecurStar DriveCrypt is in the middle of the pack for the cost of whole disk encryption software, the added features make it an attractive piece of software. We give it a Recommended award for its ease of use and performance.
Whole disk encryption software for single users and enterprises is maturing. With a wide range of features and prices, there's something for everyone. And it's not just about speed. By Justin Peltier.
This month we looked at seven whole disk encryption products. The solutions in this category covered a wide range of prices and features and this is typical of the rapidly evolving market. All the tools we assessed consisted of standalone software packages separate from the underlying operating system (OS).
One of the tools tested was an open-source product that has developed a large following in the industry, while all other packages were commercial products. Several of the offerings were bundled with hardware tokens for authentication. The devices were all USB, while several vendors offered other options such as SCSI (small computer system interface) and PC Memory Card International Association token devices. None of these products were combined with other desktop security packages, such as personal firewall or anti-virus software.
As a group, these tools performed well and many offered unique features. We evaluated them as both a single-user install and as enterprise products. Most of the test subjects supported dual modes of both individual and enterprise, but a few were single-user only. One of the major differences between single-user and enterprise installations was the inclusion of audit logs. While all the solutions that supported an enterprise mode also offered an audit logging feature, most of the standalone units did not include an audit log feature.
All the products in this category were expected to meet certain criteria, including the ability to encrypt the entire boot hard disk where the operating system would reside. One product, the open-source TrueCrypt, did not meet this requirement, but was included because it met the remaining criteria. In addition, all test subjects besides TrueCrypt provided pre-boot authentication.
Many products combined the pre-boot authentication with a single sign-on functionality (SSO) that also allowed the user to access the underlying operating system.
With the exception of TrueCrypt, all had a feature to protect the data on a hard drive in the event of the drive being removed from the machine. Finally, all products also included a measure that would prevent data from being lost if the system suffered a power failure.
How we tested
All products were put through their paces using an Emachines m6811 notebook computer with an AMD Athlon 64 3400+ CPU, with 1.2 GB of RAM. All tests were performed on a 60-GB hard drive that was wiped between tests. Once the drive was cleared, a core operating system of Windows XP Media Center Edition was installed from a Symantec Ghost version 8.0 image. The operating system was patched to current levels as of November 17.
Once the base OS was installed, the only other software package that was added was Performance Test version 6 software from PassMark. This was installed to create system performance baselines that could be compared with system performance after the software was installed and running on the system. Each package was evaluated using ten criteria:
1. Does the product require user authentication before the OS starts or at login - or both?
2. Does it support hard-drive encryption in the event of screensaver, suspend and hibernations modes?
3. Does the product support a user password with a recovery function?
4. Does the product support an administrator password that is separate from the user's?
5. Does the product use a master password?
6. Does installation create negative performance overall?
7. Does the product protect other OS file systems that are installed on the same disk?
8. Does it allow for another OS bootloader?
9. Does the product create audit logs?
10. Can information about the security configuration be uncovered by booting the system to a Knoppix Live CD distribution?
In addition, each product was timed to determine how long the hard drive encryption would take.
In general, we found that performance hits due to encryption averaged one per cent or less. Ease of use was quite variable, with some products simple to implement and others quite difficult. Overall, security issues, such as the safe removal of encryption without losing data, have been addressed in most products since the last time we looked at this category.
All products in this group test
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry