I travel a lot, and have sensitive data on the laptop I take with me that I need as part of my job. But I'm in fear of losing the laptop and that this data will fall into the wrong hands. What do you suggest? I know how you feel. I, too, have sensitive information on my laptop that I would prefer not to fall into the wrong hands. I can handle losing the laptop, but the thinking about the data in the wrong hands ... well, it just gives me the willies. So, yes, I do have a solution, and it turns out to be fairly easy, secure, and free. Now, naturally, you can "encrypt" your data using a simple tool like WinZip and assigning the resulting archive a password. The problem is that it's fairly easy to crack the zip file's password, and get at the data. It has its uses, though. Much like a cheap padlock, it's mostly about keeping honest people honest. I recently started using something called TrueCrypt. TrueCrypt is free, open source, on-the-fly encryption software. It provides serious industrial-strength encryption while still being fairly easy to use. "Data encryption is an important part of an overall security strategy."
TrueCrypt can be used in several ways, the two most common are that it can encrypt an entire disk volume - such as a USB thumb drive, floppy disk, or an entire hard disk if you like - or, it can create an encrypted virtual disk. It's this later approach that I like to use. An encrypted virtual disk is simply a file that TrueCrypt "mounts" as an additional drive letter on your machine. You specify the pass phrase when the virtual drive is mounted and thereafter everything you access from there is automatically DEcrypted and anything you place there is ENcrypted. For example, you might have TrueCrypt create an encrypted drive as c:\windows\secritstuf. If someone were to look at the contents of that file directly, they would see only random gibberish - the result of encryption. When using TrueCrypt to mount that file as a virtual drive, (for example selecting the drive letter "P:") then P: would look and operate like any other disk, and would contain the contents of the encrypted drive. Encryption is as simple as moving a file to the drive. The trick, then, is to never mount the drive automatically. When your machine boots up, "P:", for example, would be nowhere to be found, and the encrypted file c:\windows\secritstuf would be present, but only visible as gibberish. If someone stole your machine that's all they would find. Only after you've used the TrueCrypt program to select the file (c:\windows\secritstuf), choose the drive to mount it as (P:) and supply the correct pass phrase, would the virtual drive be "mounted" and the encrypted data become accessible. TrueCrypt supports a number of different high-powered encryption algorithms. The documentation for TrueCrypt is clearly targeting at the seriously paranoid, including instructions on how to maintain "plausible deniability" should a thief ever force you to supply a password. Let's hope that'll only be of passing interest to any of us. Now, a couple of caveats:
Data encryption is an important part of an overall security strategy. Keeping your sensitive data secure requires a little forethought and planning. With viruses and spyware running amok, not to mention the theft scenario that we started this article with, there's no excuse not to take that time, and save yourself some serious grief later if the unthinkable happens. Related:
• Recent Comments
I found this article to be informative, even though I already take some measures to ensure the security of my data. Personally, I keep my laptop secure using software like StompSoft's Digital Vault. (http://www.stompsoft.com/digital-vault.html) This allows me to encrypt any files that I choose, additionally, I can also encrypt my emails and files that I keep on my USB drives. For me, I feel that this is all I really need to keep my data from being exploited by those who would seek to do so. Posted by: felix at August 28, 2006 06:33 PMEasy as pie Chuck the hard drive all togeather But hey no body can get your data cause you don't have a hard drive on that IDE cable inside the unit its self ...lol Posted by: Tim at September 15, 2006 11:00 PMKnoppix They all work on CD as a read only OS. Learn linux it's the ultimate in privacy. Not meant to impress just to show the configuration. Some time I used PGP disk to protect my private data, but now I am using Eterlogic SecretDrive, it supports many encryption algorithms, RAM disk, and hidden volumes. It is fully compatible with Windows Vista, so I recommend it to anyone. I wonder what about keyloggin programs for Windows XP? If a potential intruder would like to get to the encrypted volume, he could install keyloggin software considering he has the access. -----BEGIN PGP SIGNED MESSAGE----- If your system has been compromised with a keylogger, then absolutely, all bets Basically if your system has been compromised in any way, you must assume the Leo
iD8DBQFG7xaYCMEe9B/8oqERAmzhAJ46vhyOKUANsQMxKizN3H+SPof7JwCgi/DW Hey I was wondering about Lojack on my Dell. It seems like a great way to protect sensitive data. My Dell Laptop has Absolute's Computrace Module on the BIOS but I disabled it b/c I read about how the company is able to see private files on my compute, although i now don't know how much more important this is compared to tracking down my computer if it were stolen. I was wondering if i could still install the software and it work without the hardware side of the service working, and if so i have another question. Couldn't someone then just wipe the harddrive or reinstall windows or i heard it doesn't work on non-windows OS's, so then install say ubuntu or something and connect to the internet no problem. Cool, that's all for now, Hey great work, much appreciated. Thanks, Blaze Posted by: Blaze at November 4, 2007 08:36 PMI think Truecrypt has limitations - not above 100 MB. I find deslock easy to use, without any limitations and is free. Posted by: Alexandere Lancy at April 27, 2008 05:04 PM-----BEGIN PGP SIGNED MESSAGE----- It may have limitations, but that's not one of them. I have Leo
iD8DBQFIFoMYCMEe9B/8oqERAvXsAJ9vkHbfk7E6QR/bcHUddleD/TvSwQCfVCGu
Truecrypt is practically the industry standard for any pc techs in the know.. it being Open Source *to me* means it is more trustworthy as far any possible "backdoors or backdoor keys" being built in or handed over to the NSA or Big Brother, seeing as how you can check the code yourself..(or anyone else) its offers very fast on the fly encryption in various forms as well as multifactor authentication.. ie, you can set it up so it needs both a password and a keyfile (or as many keyfiles as you wish) to unlock its goodies) the keyfile can be any file you choose, anything, even an mp3..or let truecrpt randomly generate one.. -on the laptop itself or on separate media (USB key, CD etc) for added protection.. you can encrypt the whole drive or create an "opaque" file that is mounted as another drive letter, -which can easily be burned/copied to external media.. it also allows you to combine encryption algorythms if want to go crazy. although you will take a little more of performance hit doing that. Trucrypt limits the volume size to a max of 1 Petabyte. -which i'm sure is all you'll need for the time being. -so no worries there. personally, i'd just keep sensitive data on two USB keys (or smart cards such as those used in cameras and the like) and leave the rest of the laptop unencrypted. -thats your call. Trucrypt also has "Traveler Mode" for USB keys so you can carry any important data on just a the key itself. what this mode does is allow the USB key to be a become a fully self-contained, plug-in, on the fly encrypt/decrypt hardware device. -that leaves no foot prints. -you could combine this with a say, a "Live CD" Ubuntu distro on a bootable high-speed USB key for the ultimate easy "ready to boot" secure "traveling O/S" that you can plug into any USB 2.0 port.. lastly, Truecrypt volumes contain no volume headers of any kind and truly look like a bunch of random noise (gibberish).. cant prove there is anything there..for those who need a bit more discretion than the average joe.. Research it for yourself. you'll find many industry heavyweights using it. -combine it with a virtual machine for added fun.. :) btw: if you want to learn more about PC security, give steve gibson's Security Now podcasts a listen. -over at grc.com. if you cant make an informed decision after getting schooled by him, well.. -soundwash Posted by: Soundwash at June 3, 2008 10:32 PMPost a comment on "How can I keep data on my laptop secure?":
|
Archives Advertisers |