With the ever expanding cloud services and mobility, your data is becoming more at risk to being lost or stolen. From my previous post about cloud storage locations, specifically Dropbox, even if you think your data you are storing is secure, think again. So it comes back to personal accountability and responsibility to ultimately ensure your information and files are protected to the maximum.
This is where data encryption comes in and should be a far wider practice by people, but unfortunately it’s not. So I wanted to layout how easy it is and how you can apply this to your data at home, work and in the cloud. There are many tools out there can can encrypt your data, but I am going to focus on what I think is the best and easiest tool to use called TrueCrypt.
TrueCrypt is a free, open source tool and is very, very powerful. I am going to focus on what the normal everyday individual with no deep IT experience would use and skip over some of the advanced features which are more intended for server engineers and security expert. TrueCrypt can provide you with encryption in a few ways
- You can create an encrypted container, like a folder, where you copy things in an out of. This container itself is mobile so you can move it between computers and store it in the cloud. This is primarily what I use because it’s so flexible.
- Another feature is to fully encrypt USB devices like thumb drives or hard drives. This feature only allows the drive to be read at all when you have TrueCrypt and your passphrase to access it. This is very useful for USB thumb drives, which get lost very easily. If you lose it, no worries that the data on it will be read. In fact there are advanced features to completely hide the fact that the device is encrypted. So when an unauthorized person plugs it in, Windows or whatever will say it cant be read and needs to be formatted. They do, your data is wiped and they get a free USB drive but not your data.
- The other big feature is full PC encryption. This is mainly for laptops. You can encrypt the whole laptop and they cant even boot the PC without the passphrase. Most companies, the smart ones anyway, have laptop encryption only for the lazy, irresponsible laptop owners who leave them in clear view in their backseat when they go to the mall and cry when their car is broken into and the laptop is gone.
- As a side security note, if any company allows or tolerates employees storing Personally Identifiable Information, SSNs, credit card numbers on their laptops in the first place… well, then you are asking to be front page news and not enough employees are let go because of this. I used to work for a very, very large bank, I worked with SSNs and million dollars transactions, all in apps and servers in the bank. If my laptop was audited and they found an SSN on my PC in a log file or text file, instant termination no argument. But they cared more about the integrity of the business and privacy of their customers than the convenience of the employees or contractors. My point being, in a business setting, if you have proper data security governance in place, losing a laptop should be close to a non-issue and more of an annoyance, much like losing a cell phone.
TrueCrypt it self can be downloaded and installed in a few different ways. You can download a copy to each machine you are using it on, put a mobile copy on a USB drive, or embed it in the USB itself. The steps below are doing the simple download a copy to each computer.
I will lay out how to setup an encrypted container with TrueCrypt.
After you download and install TrueCrypt you will see the main screen. This is where you mount your containers, assign drive letters, and manage your encryption keys.
|To create a new container click – Create Volume|
You will then be asked what kind of encryption you want to create, for this example we will make a standard file container.
“…The only way to recover your files is to try to “crack” the password or the key, but it could take thousands or millions of years (depending on the length and quality of the password or keyfiles, on the software/hardware performance, algorithms, and other factors). If you find this hard to believe, consider the fact that even the FBI was not able to decrypt a TrueCrypt volume after a year of trying.”
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.