Overclock.net › Forums › Specialty Builds › Servers › hardware based encyrption motherboards?
New Posts  All Forums:Forum Nav:

hardware based encyrption motherboards?

post #1 of 2
Thread Starter 
It seems that they are as elusive as a unicorn on the market... and will probably be taken completely off the retail market sooner or later.
However, hopefully someone here can post some recommendations for motherboards that have hardware based encryption.
I believe it is called a TPM (Trusted Platform Module) technology.
I know about true crypt, and bit locker... I would probably use these as well.. as software level security.. but hardware just sounds like it will have more bite.
Though I have heard that it is complete rubbish as well... drop the HD in another computer.. and bam! I stolen your megahurtz bro!
But for locking out a secretary, cleaning service, etc... seems like it might suit my needs.

TL;DR:
post some recommendations for motherboards that have hardware based encryption.
ones with bonus tin foil cap much appreciated.
post #2 of 2
Quote:
Originally Posted by DownTown View Post

It seems that they are as elusive as a unicorn on the market... and will probably be taken completely off the retail market sooner or later.
However, hopefully someone here can post some recommendations for motherboards that have hardware based encryption.
I believe it is called a TPM (Trusted Platform Module) technology.
I know about true crypt, and bit locker... I would probably use these as well.. as software level security.. but hardware just sounds like it will have more bite.
Though I have heard that it is complete rubbish as well... drop the HD in another computer.. and bam! I stolen your megahurtz bro!
But for locking out a secretary, cleaning service, etc... seems like it might suit my needs.

TL;DR:
post some recommendations for motherboards that have hardware based encryption.
ones with bonus tin foil cap much appreciated.

So first off, TPM is not "hardware encrpytion". TPM is a small cryptoprocessor that lives on the motherboard (via addon card) that would allow you to store secure decryption keys for whatever encryption method you would use, and can also store VIRTUAL smart cards. It can also allow for secure boot (aka, trusted boot). Many third party full disk encryption technologies support TPM, and TrueCrypt is not one of them.

BitLocker is honestly your best bet. It's free and built-in to your OS (assuming you are using Windows), and with storing the keys on the TPM chip (assuming you bought PCs with them), then the drive could not be removed as well. Even without TPM and you remove a BitLocker encrypted drive, it's not just going to boot in another computer. You will still need that decryption key.

Now I am assuming you work for a business and not just looking for a home solution, in which case I assume you also have an Active Directory domain environment. BitLocker has integration with AD to allow storing those keys in AD, safely as a backup.

I have extensive experience with GuardianEdge/Symantec Endpoint Encryption, which is a full disk encryption solution. It basically takes the partitions on the HDD and encapsulates them in a secure partiton that can't be acessed without the decryption method (two or three factor, password/pin/smart card/virtual smart card/etc). I would highly recommend SEE for a business. If you are looking for cheaper, BitLocker. In a business, you want something with some sort of centralized management, otherwise you are just waiting for a nightmare scenario.

As far as how to get PCs with TPM chips, most business class PCs from Dell, HP, and IBM have the option to buy TPM for an additional $15-30, depending on features, etc. TPM chips manufactured by Intel are the most common, at least in my experience.

Oh, and hardware-based disk encrpytion does exist, but is available from HDD manufactures such WD, Toshiba, Seagate, etc. As in, hardware based encryption is at the disk level and not the computer level.

Good luck!
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Servers
Overclock.net › Forums › Specialty Builds › Servers › hardware based encyrption motherboards?