Jump to content

Tablet Encryption


CryptoRAWR
 Share

Recommended Posts

I just started watching HAK 5 recently and I love it. Now for my question.

Here's my situation. My boss purchased 8 Acer Iconia Tab W500P tablets with Windows 7 installed on them. Not sure why he got these but they have decent amount of power and speed. I started off by wiping the tablets, and installing the volume licensed Windows 7 Enterprise images I typicallly use for laptops in the company. After fully configuring them I started bitlocker and realized they didn't have the TPM microchip installed on them. My boss told me they need to be encrypted find a way. Now with bitlocker I could edit the local policy and use a USB flash drive as the TPM device. The problem with that is The tablet has only two USB slots on the bottom where it connects the the keyboard attachment, and there's not much clearance. I looked into mico USB flash drives that stick out less than an inch, but those are still to big. So I started looking into third-party software that won't require an external device to be attached. I tried the trial for Symantec PGP whole disk encryption. The problem I ran into with Symantec was the pre-boot enviroment asks for credentials and the virtual keyboard is only supported with 2 Dell tablets currently. I want the tablet users to be able to start their tablets without having to connect a physical keyboard every time they turn it on. I'm going to test Sophos SafeGuard Easy next they told me they use the pre-boot enviroment feature as well, and the virual keyboard feature is generic to all computer devices. If that works it comes down to pricing.

1.) If you work at a company using tablets how do you secure them?

2.) Any other suggestions for third party software to encrypt tablets?

Link to comment
Share on other sites

That's what I use Truecrypt, make sure you read the documentation as well.

http://www.truecrypt.org/

Link to comment
Share on other sites

  • 2 weeks later...
I want the tablet users to be able to start their tablets without having to connect a physical keyboard every time they turn it on.

That's not really going to fly with Truecrypt is it guys? Do let me know if you find a solution, I had a similar situation and gave up in the end, could not find a suitable solution.

Link to comment
Share on other sites

  • 2 weeks later...

That's not really going to fly with Truecrypt is it guys? Do let me know if you find a solution, I had a similar situation and gave up in the end, could not find a suitable solution.

why not truecrypt with a yubikey in secondary mode and a fixed long password

Link to comment
Share on other sites

why not truecrypt with a yubikey in secondary mode and a fixed long password

I was just going to say, try the whole yubikey solution but not sure that works since you have issue with the whole USB key to begin with. If not, you could just use the USB solution to begin with and not need the Yubikey.

Truecrypt should work though I would think, I just don't remember how to do whole disk encryption for bootable windows drives but its definitely worth a shot.

Also a rubber ducky set to login for you, but you would need a ducky for each machine with different user logins pre-set and still requires a USB port to access the machine which it seems you want to avoid. I think for ease of use though, go with the USB solution if it gives you the encryption you need. Just means another kink in the chain though if they get lost or stolen and then you can't boot without the keys on the USB drive.

Link to comment
Share on other sites

I was just going to say, try the whole yubikey solution but not sure that works since you have issue with the whole USB key to begin with. If not, you could just use the USB solution to begin with and not need the Yubikey.

Truecrypt should work though I would think, I just don't remember how to do whole disk encryption for bootable windows drives but its definitely worth a shot.

Also a rubber ducky set to login for you, but you would need a ducky for each machine with different user logins pre-set and still requires a USB port to access the machine which it seems you want to avoid. I think for ease of use though, go with the USB solution if it gives you the encryption you need. Just means another kink in the chain though if they get lost or stolen and then you can't boot without the keys on the USB drive.

perhaps I am looking at the wrong product but it appears to me that there is only one usb port on the device and at least one usb port on the keyboard attachment http://us.acer.com/ac/en/US/content/iconia-tab-w500

Link to comment
Share on other sites

perhaps I am looking at the wrong product but it appears to me that there is only one usb port on the device and at least one usb port on the keyboard attachment http://us.acer.com/ac/en/US/content/iconia-tab-w500

The cool thing about the ducky, is you could store your encryption keys and it also types for you like a keyboard, you would just have to set a payload that sort of macro types your login details.

Link to comment
Share on other sites

Guest Deleted_Account

I was just going to say, try the whole yubikey solution but not sure that works since you have issue with the whole USB key to begin with. If not, you could just use the USB solution to begin with and not need the Yubikey.

Truecrypt should work though I would think, I just don't remember how to do whole disk encryption for bootable windows drives but its definitely worth a shot.

Also a rubber ducky set to login for you, but you would need a ducky for each machine with different user logins pre-set and still requires a USB port to access the machine which it seems you want to avoid. I think for ease of use though, go with the USB solution if it gives you the encryption you need. Just means another kink in the chain though if they get lost or stolen and then you can't boot without the keys on the USB drive.

This is exactly what I do with my W500. I have it encrypted with LUKS (Truecrypt works too) and just have a yubikey "type" in the password for me. Works like a charm. I even use the same on my normal laptop except there I know half the password and type it in and the yubikey "types" the rest give a "pseudo-twofactor" authentication.

@DigiIP would using the ducky work? I can't get it to be recognized on anything but windows (even at the preboot auth).

Link to comment
Share on other sites

This is exactly what I do with my W500. I have it encrypted with LUKS (Truecrypt works too) and just have a yubikey "type" in the password for me. Works like a charm. I even use the same on my normal laptop except there I know half the password and type it in and the yubikey "types" the rest give a "pseudo-twofactor" authentication.

@DigiIP would using the ducky work? I can't get it to be recognized on anything but windows (even at the preboot auth).

A ducky should be recognized as any keyboard, as far as I know. When you plug it in, it should be see as a HID device, by windows, mac or linux, although, I've not actually tried mine on a MAC or Linux. Thinking about it now though, storing the keys on it probably wouldn't work since you woudl need to type the data out in hex or such and convert the file to binary on the OS side once logged in. It should work for typing plain text though.

Edited by digip
Link to comment
Share on other sites

  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...