HDD password + SSD Encryption

[westpat]

成日都好想換左notebook個hdd做ssd
但係policy問題,一定要encrypt + password protected
因為跟機既係普通hdd,所以用trucrypt完全fit
不過,trucrypt講明唔好裝落有wear leveling既hard drive,aka SSD
個問題就黎啦,想換ssd,但係唔用得trucrypt
聽說bitlocker都係唔得

知道而家ssd會有hardware encryption(AES 256bit)
咁加埋HDD password (through BIOS)
好似行得通
但係有part唔係幾明,個hardware encryption即係代表D乜?
-我係notebook A裝左hardware encrypted SSD
-將個SSD拆出黎,用external方式係notebook B,會睇唔到入面既野?

另,HDD password通常只有notebook既bios先有
除左將個ssd插入部有hdd password既bios,咁仲有冇方法可以入hdd password?

暫時心水係plextor m5p 500G,貪佢有clone software

[( ﾟωﾟ)?]

http://www.storagereview.com/securin..._manageability

Securing Data on a Moving Target: Self-Encrypting Drives Deliver Top Security, Performance and Manageability

Today’s increasingly mobile work force has moved more and more end-users, devices, computing applications and highly sensitive data beyond the safety of the enterprise firewall. As the number of laptops multiplies across the enterprise, the prospect of a security breach through a lost or stolen device shifts from a speculative risk to a virtual inevitability. Such breaches can now be measured in dollar signs, as underscored by a 2009 study by the Ponemon Institute, which estimated a lost or stolen laptop can cost an enterprise $200 for every customer record stored on the device. Much of these costs derive from penalties imposed by “Notice of Breach” laws adopted by 46 states, the District of Columbia and throughout Europe with the European Union Data Protection Directive and the Data Protection Act in the U.K. Such laws often require a company to publicly report security breaches unless it can guarantee the data is safe and unable to be misused by unauthorized persons.
Consequently, most corporate IT managers now agree that full-disk encryption (FDE) isn’t merely critical to securing sensitive data, it is pivotal to their organizations’ financial well-being. This has fueled a host of third-party FDE software solutions that encrypt all data stored on a disk drive, including bootable operating system partitions. Yet, while software FDE solutions are a step in the right direction, they have their shortcomings. They do not, for example, encrypt the master boot record, and thus leave data to attacks targeting a laptop’s operating system. Also, like any add-on application, software FDE draws on a PC’s memory and processing resources, leading to degradation of overall system performance.

The limitations of software solutions have led more and more IT managers to favor the superior FDE provided by self-encrypting drives (SEDs). An SED is like any standard hard drive, with one key difference: It embeds encryption into the drive itself. Thus, data is protected the moment it is written to the drive.
Seagate introduced the first laptop hard drive with built-in encryption in 2007. Since then, the Trusted Computing Group (TCG) has defined an SED standard called Opal that has since paved the way for a wide-range of Opal-based SEDs from leading hard drive manufactures like Seagate and Hitachi, flash vendors like Micron and Samsung and external drive providers like CMS. PC vendors like Dell, HP and Lenovo offer these SEDs on a variety of systems, for little to no additional cost. Gartner estimates that in five years all drives will be hardware encrypted.
How Do SEDs Work?
How SEDs work is simple: Comprising a closed and independent architecture, they include their own processor, memory and RAM, and impose very strict limits on the code that can run within their architecture. Encryption and decryption of data occurs in the drive controller itself, rather than relying on the PC’s host CPU.
Every SED reserves a small block of internal memory isolated from the rest of the drive. These “protected partitions” securely house encryption keys and user access credentials. Once the drive is unlocked, data will flow normally in and out of the drive. If you are an authorized user, you can access the data. If you are not, the drive will not grant access and the data cannot be obtained by any other means, such as traditional software-based attacks via malware and rootkits. All data on the drive is encrypted, all the time.
Since the encryption key is created onboard the drive during manufacture and never leaves the drive’s protected hardware boundary, it is impossible to steal and it is immune to traditional software attacks. No software – malicious or otherwise – can run on the machine until the drive is unlocked and the OS is booted.
The “baked in” encryption of data also provides logistical and cost of ownership benefits over software solutions. Because encryption keys never leave the hard drive, there is no need for IT staff to spend time or money managing keys, or building key escrow and backup programs. Plus, SEDs do not draw on a machine’s memory or processing resources, thus avoiding the marked degradation that software solutions often impose on system performance. A study by Trusted Strategies LLC showed a commercially available SED performed as well as a standard drive and handled large-file operations nearly twice as fast as three drives equipped with active software-based encryption tools.
SED Deployment
SEDs are also supremely easy to deploy. In the study cited earlier by Trusted Strategies, software encryption tools took anywhere from 3½ to 24 hours to fully encrypt a hard drive. In contrast, a corporate IT department can phase SEDs in with the purchase of each new machine. Since the drive comes built-in and with encryption on, there is virtually no IT overhead or machine downtime required to turn on data protection.
The emergence of Cloud platforms has only facilitated the deployment and management of SEDs. Today, small- to medium-size businesses can now tap management tools once available only to large organizations with the resources to maintain on-premise solutions. Such Cloud-based solutions enable drive initialization, user management, drive locking and user recovery for all SEDs. More importantly, they provide IT with a centralized platform with which to institute SED-driven security policies, thereby ensuring stronger data security and compliance with data breach laws even if a laptop goes missing.
Although today’s workforce continues to expand beyond the corporate firewall, the fundamental goal of IT administrators remains the same: To ensure the security of all data, users, devices and applications – from the network’s central servers all the way out to every scattered end-point. Achieving this task in full compliance with Notice of Breach regulations demands a best-in-class option for centrally managed data encryption.
SEDs are the only physically self-contained FDE solution that avoids degradation of system performance, and enables remote centralized management via captive server or the Cloud. These qualities alone identify them as the best-in-class FDE solution commercially available today.
Also see - Top 10 Reasons to Buy SEDs

[westpat]

點都做左白老鼠

插去第二部機到用external,果然係完全睇唔到個ssd,當係corrupt左,正

用係business度ssd果然繼續超爽
sql外加related application service一boot入windows,已經ready,唔駛delay start
virtual box都反應好左好多(已經係win8 image)
outlook唔駛再load十年啦

不過呢,用domain login都係要等,唔知點樣可以快D(除左開機唔插lan線同唔用wifi auto connect)