|
Summary: Laptops are portable, convenient and easily lost. When lost all the data could easily be available to the finder. Encryption is the answer.
I know how you feel. I, too, have sensitive information on my laptop that I would prefer not to fall into the wrong hands. I can handle losing the laptop, but the thinking about the data in the wrong hands ... well, it just gives me the willies. So, yes, I do have a solution, and it turns out to be fairly easy, secure, and free. • Now, naturally, you can "encrypt" your data using a simple tool like WinZip and assigning the resulting archive a password. The problem is that it's fairly easy to crack the zip file's password, and get at the data. It has its uses, though. Much like a cheap padlock, it's mostly about keeping honest people honest. I recently started using something called TrueCrypt. TrueCrypt is free, open source, on-the-fly encryption software. It provides serious industrial-strength encryption while still being fairly easy to use. "Data encryption is an important part of an overall security strategy."
TrueCrypt can be used in several ways, the two most common are that it can encrypt an entire disk volume - such as a USB thumb drive, floppy disk, or an entire hard disk if you like - or, it can create an encrypted virtual disk. It's this later approach that I like to use. An encrypted virtual disk is simply a file that TrueCrypt "mounts" as an additional drive letter on your machine. You specify the pass phrase when the virtual drive is mounted and thereafter everything you access from there is automatically DEcrypted and anything you place there is ENcrypted. For example, you might have TrueCrypt create an encrypted drive as c:\windows\secritstuf. If someone were to look at the contents of that file directly, they would see only random gibberish - the result of encryption. When using TrueCrypt to mount that file as a virtual drive, (for example selecting the drive letter "P:") then P: would look and operate like any other disk, and would contain the contents of the encrypted drive. Encryption is as simple as moving a file to the drive. The trick, then, is to never mount the drive automatically. When your machine boots up, "P:", for example, would be nowhere to be found, and the encrypted file c:\windows\secritstuf would be present, but only visible as gibberish. If someone stole your machine that's all they would find. Only after you've used the TrueCrypt program to select the file (c:\windows\secritstuf), choose the drive to mount it as (P:) and supply the correct pass phrase, would the virtual drive be "mounted" and the encrypted data become accessible. TrueCrypt supports a number of different high-powered encryption algorithms. The documentation for TrueCrypt is clearly targeting at the seriously paranoid, including instructions on how to maintain "plausible deniability" should a thief ever force you to supply a password. Let's hope that'll only be of passing interest to any of us. Now, a couple of caveats:
Data encryption is an important part of an overall security strategy. Keeping your sensitive data secure requires a little forethought and planning. With viruses and spyware running amok, not to mention the theft scenario that we started this article with, there's no excuse not to take that time, and save yourself some serious grief later if the unthinkable happens. Related:
Article 6540 | Posted April 28, 2005 |
askleo: Photo: Keyboard Filth http://bit.ly/sSgx (5-Jan 1:46pm PT) askleo: RT @JeffWalker: Awesome blog post - "How To Become Wealthy RIGHT NOW"... (5-Jan 12:46pm PT) askleo: LOL! RT @IAC_Heather: You know how we have TGIF, maybe we should have... (5-Jan 12:41pm PT) Popular & Hot How do I change my MSN Hotmail password? How do I delete history items from my Google tool bar? I accidentally deleted my Recycle Bin in Vista - how do I get it back? My desktop Recycle Bin has disappeared - why, and how do I get it back? New & Important How can I get the old Windows Live Hotmail back? Internet Safety: How do I keep my computer safe on the internet?
Stay Informed Archives Advertisers |
|
•
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
If your system has been compromised with a keylogger, then absolutely, all bets
are off as they could easily sniff anything you type including your TrueCrypt
password.
Basically if your system has been compromised in any way, you must assume the
worse.
Leo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFG7xaYCMEe9B/8oqERAmzhAJ46vhyOKUANsQMxKizN3H+SPof7JwCgi/DW
Posted by: Leo A. Notenboom at September 17, 2007 5:06 PMegxssENxomLOCleB5seo3NM=
=Dal0
-----END PGP SIGNATURE-----
Hey I was wondering about Lojack on my Dell. It seems like a great way to protect sensitive data. My Dell Laptop has Absolute's Computrace Module on the BIOS but I disabled it b/c I read about how the company is able to see private files on my compute, although i now don't know how much more important this is compared to tracking down my computer if it were stolen. I was wondering if i could still install the software and it work without the hardware side of the service working, and if so i have another question. Couldn't someone then just wipe the harddrive or reinstall windows or i heard it doesn't work on non-windows OS's, so then install say ubuntu or something and connect to the internet no problem. Cool, that's all for now, Hey great work, much appreciated. Thanks, Blaze
Posted by: Blaze at November 4, 2007 8:36 PMI think Truecrypt has limitations - not above 100 MB. I find deslock easy to use, without any limitations and is free.
Posted by: Alexandere Lancy at April 27, 2008 5:04 PM-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It may have limitations, but that's not one of them. I have
a 16 gigabyte TryeCrypt volume on my 32gig thumbdrive.
Leo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFIFoMYCMEe9B/8oqERAvXsAJ9vkHbfk7E6QR/bcHUddleD/TvSwQCfVCGu
Posted by: Leo at April 28, 2008 7:08 PMFdP4MOj5s8DALpFilaeC71I=
=7ZJV
-----END PGP SIGNATURE-----
while the suggestions others made are good ones (using "live CD's" etc) I have to go with Leo on this one..
Truecrypt is practically the industry standard for any pc techs in the know.. it being Open Source *to me* means it is more trustworthy as far any possible "backdoors or backdoor keys" being built in or handed over to the NSA or Big Brother, seeing as how you can check the code yourself..(or anyone else) its offers very fast on the fly encryption in various forms as well as multifactor authentication.. ie, you can set it up so it needs both a password and a keyfile (or as many keyfiles as you wish) to unlock its goodies)
the keyfile can be any file you choose, anything, even an mp3..or let truecrpt randomly generate one.. -on the laptop itself or on separate media (USB key, CD etc) for added protection..
you can encrypt the whole drive or create an "opaque" file that is mounted as another drive letter, -which can easily be burned/copied to external media.. it also allows you to combine encryption algorythms if want to go crazy. although you will take a little more of performance hit doing that.
Trucrypt limits the volume size to a max of 1 Petabyte. -which i'm sure is all you'll need for the time being. -so no worries there.
personally, i'd just keep sensitive data on two USB keys (or smart cards such as those used in cameras and the like) and leave the rest of the laptop unencrypted. -thats your call.
Trucrypt also has "Traveler Mode" for USB keys so you can carry any important data on just a the key itself.
what this mode does is allow the USB key to be a become a fully self-contained, plug-in, on the fly encrypt/decrypt hardware device. -that leaves no foot prints. -you could combine this with a say, a "Live CD" Ubuntu distro on a bootable high-speed USB key for the ultimate easy "ready to boot" secure "traveling O/S" that you can plug into any USB 2.0 port..
lastly, Truecrypt volumes contain no volume headers of any kind and truly look like a bunch of random noise (gibberish).. cant prove there is anything there..for those who need a bit more discretion than the average joe..
Research it for yourself. you'll find many industry heavyweights using it. -combine it with a virtual machine for added fun.. :)
btw: if you want to learn more about PC security, give steve gibson's Security Now podcasts a listen. -over at grc.com.
if you cant make an informed decision after getting schooled by him, well..
-soundwash
Posted by: Soundwash at June 3, 2008 10:32 PMTrueCrypt doesn't work from a usb drive unless you have admin access to the PC. This rules it out for me as most corporate PCs I use (and public ones) don't allow admin access.
Any decent alternatives?
Yes, the device driver either requires administrator privileges or an administrator must have already installed TrueCrypt making it accessible to all users.
But are you really saying you want to open your sensitive encrypted data on a system where you don't know who the administrator is? A system that might have been compromised with spyware or what not before you even got to it?
It just doesn't seem like a good thing do to, in my opinion.
All that being said, perhaps http://sourceforge.net/projects/tcexplorer/ might be an option.
-Leo
Posted by: Steve at July 24, 2008 9:51 AM
>> But are you really saying you want to open your sensitive encrypted data on a system where you don't know who the administrator is? A system that might have been compromised with spyware or what not before you even got to it?
Fair comment, but I work in a variety of universities & companies, I need access to my data while there and very few allow admin access!
Posted by: Steve at July 26, 2008 4:56 AMI'll look at tcexplorer - thanks
S
you can keep it secure by installing a security software.
Posted by: mitch at August 26, 2008 12:00 AMyou can get it from http://www.inspice.com
The best way is to install winsesame :
Posted by: Aillen at December 4, 2008 9:43 AMthe address is http://www.winsesame.com
It is very safe and easy to use.
Rick,
I have a need for serious data security. Is there a program that would automaticly wipe clean my hard drive if say..I dint log in every 2 hours. Is there something that will allow me to call from a cellphone and activate the program that would WIPE my hard drive. By wipe I mean NEVER be able to recover the data or for that matter use the laptop again at all.
12-Dec-2008
Posted by: Rick at December 11, 2008 9:14 AM