Flagstone Encrypted Hard Disk
Overall, this is a very secure device and a simple one to use.
Securing data when it leaves an organisation is always a problem. Despite user education, a laptop can all too easily be left in a cab and, if not properly secure, information is left in the clear for all to see. Even when software encryption is used, there is still a chance that it can be decrypted.
That is why Stonewood Electronics offers encryption on a hard disk. It claims this is more secure than software encryption as no plain text is on the hard disk.
The encryption used is AES (FIPS197) in CBC mode. CBC mode is when the encryption of each block depends upon the encryption of the previous block. It also uses Initial Vector as part of its encryption armoury.
Moreover, the internal disk is cryptographically bound to the other electronics in the device, so removing a physical disk will uncouple it from the cryptography electronics, making it unreadable.
The 2.5" 20 GB hard disk is a shiny chrome affair, whose good looks are sadly lost when hidden from view inside a laptop.
Installing the disk meant replacing the old disk on our test laptop. This was a tricky job, which is not a criticism of the disk itself, but does highlight the fact that laptops are not made for easy upgrades.
On powering up, we found that the BIOS had some problems recognising the new hard disk. However, the disk is compliant with a wide array of interfaces from ATA-2 to ATA-5, so we changed a few settings and we were ready.
We followed the manufacturer's recommendation that suspend mode be disabled as this can be a security risk.
Once it was up and running, the hard disk asked for a "PAC" code, which is found on the packaging it came in. We then needed to enter a password. Password requirements are stringent and require upper and lower case letters as well as numbers so you need a good memory. At least the disk does not require biometrics, tokens or other types of authentication.
The disk allows five attempts to enter the correct password before reverting to unauthorised mode. This means it will not function until a valid PAC code is entered again.
After entering the password, the machine rebooted. We installed Red Hat Linux to test the disk's ability to support different operating systems (we took Windows support as a given). The disk had no problems with this OS and, after installation, we powered up again, entered the password to authenticate the hard disk and started Linux up.
We did not notice any discernible loss of speed using this disk compared with the Linux installed on our normal hard drive and, after the initial setup, there are no further settings to configure.
The documentation is reasonable, though only available on disk, and the troubleshooting guide answers most questions. We had a couple of problems with the initial setup, but telephone support managed to give us answers to our questions very quickly.