CryptoRAWR Posted February 24, 2012 Share Posted February 24, 2012 I just started watching HAK 5 recently and I love it. Now for my question. Here's my situation. My boss purchased 8 Acer Iconia Tab W500P tablets with Windows 7 installed on them. Not sure why he got these but they have decent amount of power and speed. I started off by wiping the tablets, and installing the volume licensed Windows 7 Enterprise images I typicallly use for laptops in the company. After fully configuring them I started bitlocker and realized they didn't have the TPM microchip installed on them. My boss told me they need to be encrypted find a way. Now with bitlocker I could edit the local policy and use a USB flash drive as the TPM device. The problem with that is The tablet has only two USB slots on the bottom where it connects the the keyboard attachment, and there's not much clearance. I looked into mico USB flash drives that stick out less than an inch, but those are still to big. So I started looking into third-party software that won't require an external device to be attached. I tried the trial for Symantec PGP whole disk encryption. The problem I ran into with Symantec was the pre-boot enviroment asks for credentials and the virtual keyboard is only supported with 2 Dell tablets currently. I want the tablet users to be able to start their tablets without having to connect a physical keyboard every time they turn it on. I'm going to test Sophos SafeGuard Easy next they told me they use the pre-boot enviroment feature as well, and the virual keyboard feature is generic to all computer devices. If that works it comes down to pricing. 1.) If you work at a company using tablets how do you secure them? 2.) Any other suggestions for third party software to encrypt tablets? Quote Link to comment Share on other sites More sharing options...
Doctor Posted February 25, 2012 Share Posted February 25, 2012 Theres always truecrypt. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted February 25, 2012 Share Posted February 25, 2012 That's what I use Truecrypt, make sure you read the documentation as well. http://www.truecrypt.org/ Quote Link to comment Share on other sites More sharing options...
BuckoA51 Posted March 6, 2012 Share Posted March 6, 2012 I want the tablet users to be able to start their tablets without having to connect a physical keyboard every time they turn it on. That's not really going to fly with Truecrypt is it guys? Do let me know if you find a solution, I had a similar situation and gave up in the end, could not find a suitable solution. Quote Link to comment Share on other sites More sharing options...
teff Posted March 16, 2012 Share Posted March 16, 2012 That's not really going to fly with Truecrypt is it guys? Do let me know if you find a solution, I had a similar situation and gave up in the end, could not find a suitable solution. why not truecrypt with a yubikey in secondary mode and a fixed long password Quote Link to comment Share on other sites More sharing options...
digip Posted March 16, 2012 Share Posted March 16, 2012 why not truecrypt with a yubikey in secondary mode and a fixed long password I was just going to say, try the whole yubikey solution but not sure that works since you have issue with the whole USB key to begin with. If not, you could just use the USB solution to begin with and not need the Yubikey. Truecrypt should work though I would think, I just don't remember how to do whole disk encryption for bootable windows drives but its definitely worth a shot. Also a rubber ducky set to login for you, but you would need a ducky for each machine with different user logins pre-set and still requires a USB port to access the machine which it seems you want to avoid. I think for ease of use though, go with the USB solution if it gives you the encryption you need. Just means another kink in the chain though if they get lost or stolen and then you can't boot without the keys on the USB drive. Quote Link to comment Share on other sites More sharing options...
teff Posted March 16, 2012 Share Posted March 16, 2012 I was just going to say, try the whole yubikey solution but not sure that works since you have issue with the whole USB key to begin with. If not, you could just use the USB solution to begin with and not need the Yubikey. Truecrypt should work though I would think, I just don't remember how to do whole disk encryption for bootable windows drives but its definitely worth a shot. Also a rubber ducky set to login for you, but you would need a ducky for each machine with different user logins pre-set and still requires a USB port to access the machine which it seems you want to avoid. I think for ease of use though, go with the USB solution if it gives you the encryption you need. Just means another kink in the chain though if they get lost or stolen and then you can't boot without the keys on the USB drive. perhaps I am looking at the wrong product but it appears to me that there is only one usb port on the device and at least one usb port on the keyboard attachment http://us.acer.com/ac/en/US/content/iconia-tab-w500 Quote Link to comment Share on other sites More sharing options...
digip Posted March 16, 2012 Share Posted March 16, 2012 perhaps I am looking at the wrong product but it appears to me that there is only one usb port on the device and at least one usb port on the keyboard attachment http://us.acer.com/ac/en/US/content/iconia-tab-w500 The cool thing about the ducky, is you could store your encryption keys and it also types for you like a keyboard, you would just have to set a payload that sort of macro types your login details. Quote Link to comment Share on other sites More sharing options...
Guest Deleted_Account Posted March 20, 2012 Share Posted March 20, 2012 I was just going to say, try the whole yubikey solution but not sure that works since you have issue with the whole USB key to begin with. If not, you could just use the USB solution to begin with and not need the Yubikey. Truecrypt should work though I would think, I just don't remember how to do whole disk encryption for bootable windows drives but its definitely worth a shot. Also a rubber ducky set to login for you, but you would need a ducky for each machine with different user logins pre-set and still requires a USB port to access the machine which it seems you want to avoid. I think for ease of use though, go with the USB solution if it gives you the encryption you need. Just means another kink in the chain though if they get lost or stolen and then you can't boot without the keys on the USB drive. This is exactly what I do with my W500. I have it encrypted with LUKS (Truecrypt works too) and just have a yubikey "type" in the password for me. Works like a charm. I even use the same on my normal laptop except there I know half the password and type it in and the yubikey "types" the rest give a "pseudo-twofactor" authentication. @DigiIP would using the ducky work? I can't get it to be recognized on anything but windows (even at the preboot auth). Quote Link to comment Share on other sites More sharing options...
digip Posted March 20, 2012 Share Posted March 20, 2012 (edited) This is exactly what I do with my W500. I have it encrypted with LUKS (Truecrypt works too) and just have a yubikey "type" in the password for me. Works like a charm. I even use the same on my normal laptop except there I know half the password and type it in and the yubikey "types" the rest give a "pseudo-twofactor" authentication. @DigiIP would using the ducky work? I can't get it to be recognized on anything but windows (even at the preboot auth). A ducky should be recognized as any keyboard, as far as I know. When you plug it in, it should be see as a HID device, by windows, mac or linux, although, I've not actually tried mine on a MAC or Linux. Thinking about it now though, storing the keys on it probably wouldn't work since you woudl need to type the data out in hex or such and convert the file to binary on the OS side once logged in. It should work for typing plain text though. Edited March 20, 2012 by digip Quote Link to comment Share on other sites More sharing options...
PaulyD Posted April 7, 2012 Share Posted April 7, 2012 If there is indeed 2 USB ports: https://www.yubico.com/yubikey-nano ? But is logging in 'dismounted' and then docking, really a problem? YubiKey looks like the solution. PD Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.