BeCrypt Disk Protect 5.2
Strengths: Easy to use, encryption has no discernable impact on performance, optional removable media encryption
Weaknesses: Initial full hard disk encryption a lengthy process, you must disable network access to protected systems
Verdict: Disk Protect provides a low-cost and simple means of securing and encrypting sensitive data and protecting entire PCs and laptops
The sheer scale of the loss of sensitive data never ceases to amaze. Most recently, a memory stick with the confidential passcodes for up to 12 million users of the Government Gateway was found in a pub car park. As users of this system, it worries us that our own details should be treated with contempt - and yet security issues could have been avoided if the data had been strongly encrypted.
There are plenty of choices on the market. BeCrypt's Disk Protect is designed to encrypt entire workstations and laptops, as well as external storage such as memory sticks. The idea is that even if a laptop is lost, without the appropriate codes, access can be denied to the entire system.
Disk Protect can provide authentication during the boot phase. It can also use token or smartcard authentication and supports DoD CACs (common access cards), as used by the military. Up to 26 password-protected user accounts or seven smartcard ones can be maintained.
Once installed, it can encrypt the entire hard disk, using either the 128- or 256-bit AES standard. If a protected laptop goes AWOL, its data is rendered unusable without authentication. Disk Protect securely wipes all encryption keys and pre-boot data, leaving the system unusable.
To test Disk Protect, we used an HP Compaq 6735b notebook with a 2.4GHz AMD Turion X2 plus 3GB of memory and loaded with Windows Vista Business SP1. Installation takes a few minutes. A wizard offers options for password or token authentication.
You can select the number of times failed boot-time logons will be allowed and the maximum time a password can be used. We opted for 256-bit AES encryption and left Disk Protect to encrypt all partitions, including non-Windows ones. You then add all users, along with a unique password for each.
Disk Protect can provide a single sign-on (SSO) solution by allowing selected usernames to be associated with their Windows passwords. Some users forget passwords and BeCrypt provides a recovery console. During installation, a recovery file for each user is created which should be stored on a separate system.
Bring a good book when it comes to a full disk encryption. On our 250GB test notebook, the process took eight hours.
As a test, we removed the hard disk from the notebook and connected it to the SATA controller on another system. The drive was identified correctly but we couldn't do anything with it as the three partitions on it were all labelled as raw.
The recovery console is run from the CD-ROM and after creating a database on the local system we imported recovery files for each of our users. We deliberately logged on with incorrect passwords until the limit had been reached. The boot-time screen displayed a challenge code that we entered in the recovery console. It gave us a response code that let us access the notebook.
Our last test was to uninstall the software to see if Disk Protect could return the system to its pristine state. You can ignore the manual here. We found that rerunning the installation routine from the CD-ROM offered us the option to remove Disk Protect and after an eight-hour wait, the notebook was pristine.
Disk Protect looks a good choice for businesses and government departments that need to protect data on notebooks on the move. You can never eradicate incompetence but this encryption solution will provide serious damage limitation.