|Each year, computer intruders
steal millions of pounds worth of information. As you strive to tighten the security
around your business information, don't overlook data encryption as an added layer of
protection. PC Guardian's Encryption Plus for Hard Disks (EPHD) protects a computer's hard
disks by using the Blowfish encryption algorithm. The company designed the product for
virtually any network environment.
EPHD protects disk drives by inserting itself into the system's boot sequence, protecting
entire drives rather than individual files and directories. During installation, EPHD
moves the boot sector of the computer's primary boot disk to another location, and writes
its own information in the original boot sector location. When the computer boots, EPHD
gains control over the boot sequence and requires you to enter a password to initialise
the file system on the protected drives. Without the correct password, the computer won't
boot from the hard disk. If you boot your computer from a 3.5" disk, you still can't
access the hard disk in any way without the correct password.
Passwords are the core of EPHD, and the software provides three different password types
for gaining access to a system: daily password, master password, and a local
administrative password. The daily password is for authorised users of a particular
system, and the master and administrative passwords let users perform EPHD installations
and reset daily and one-time password assignments. EPHD also uses an administrator-defined
privacy code for the master encryption key during encryption processes.
After the OS boots, EPHD handles encrypting and decrypting operations on-the-fly and
completely transparent to the user. On the network, a computer's shared resources remain
usable without any special requirements to the connecting user. However, because EPHD
requires you to manually enter a password at boot time, an NT server won't automatically
reboot if you've installed EPHD.
EPHD supports up to two hard disks and as many as ten encrypted partitions on any computer
system, but the current version 2.01 doesn't support SCSI devices or partitions that
you've created using the popular Partition Magic software. Nor does EPHD encrypt PC Card
devices or disk drives. In addition to its encryption capabilities, EPHD performs a boot
sector integrity check to ensure no boot sector virus has infected the system. If the
software discovers evidence of tampering, it repairs the damage. The software also
includes a screen saver that you activate by using an inactivity timer or by clicking a
screen-lock button. Once the screen saver is active, EPHD requires you to enter one of the
three passwords (i.e., daily, master, administrative) to unlock the system.
As I stated previously, PC Guardian designed EPHD using the Blowfish encryption algorithm
developed by Bruce Schneier. EPHD uses a 128-bit block cipher for sale inside the United
States and Canada, and provides a 64-bit version for exporting to other countries. The
software uses about 4KB of resident memory and uses about 4 percent to 6 percent of your
CPU's power, depending on your overall system configuration.
To install EPHD, I first ran the set-up program, which copied the EPHD Administrator
program onto the system. The Administrator program creates the User Install Disks, which
contain the files for installing and establishing encryption on your servers and
workstations. Unfortunately, the set-up program didn't let me select the installation path
for the Administrator program. Set-up forced me to install the Administrator program in
C:\pcguard. I'd rather choose the destination myself.
After I installed the Administrator program, I ran the program to produce the User Install
Disks. To produce the disks, I had to define a privacy code, a master password, an
administrative password, and the initial user password that users are prompted for when
first installing EPHD. I could also choose to customise a one-time password message and
configure the software so end-users can't uninstall it without authorisation. After I
chose a destination folder to copy the files into, the process was complete. Next, I had
to run the User Install Disk software on each system that I wanted to encrypt. I ran the
set-up program, which copied the software onto the system and presented the user interface
(UI) main menu where I selected which drives to protect with encryption. I had to reboot
twice - once to start the encryption process and once after the encryption was complete.
Overall, EPHD is a nice addition to a computer's security. The product prevents
unauthorised users from booting the OS and prevents access to all data on the hard disks
it protects, so neat tools such as NTFSDOS won't let users access partitions. If you're considering
protecting your information with encryption, I recommend you look closely at Encryption
Plus for Hard Disks.