Summary: Laptops are portable, convenient and easily lost. When lost all the data could easily be available to the finder. Encryption is the answer.
|
I travel a lot, and have sensitive data on the laptop I take with me that I need as part of my job. But I'm in fear of losing the laptop and that this data will fall into the wrong hands. What do you suggest? |
I know how you feel. I, too, have sensitive information on my laptop that I would prefer not to fall into the wrong hands. I can handle losing the laptop, but the thinking about the data in the wrong hands ... well, it just gives me the willies.
So, yes, I do have a solution, and it turns out to be fairly easy, secure, and free.
•
Now, naturally, you can "encrypt" your data using a simple tool like WinZip and assigning the resulting archive a password. The problem is that it's fairly easy to crack the zip file's password, and get at the data. It has its uses, though. Much like a cheap padlock, it's mostly about keeping honest people honest.
I recently started using something called TrueCrypt. TrueCrypt is free, open source, on-the-fly encryption software. It provides serious industrial-strength encryption while still being fairly easy to use.
TrueCrypt can be used in several ways, the two most common are that it can encrypt an entire disk volume - such as a USB thumb drive, floppy disk, or an entire hard disk if you like - or, it can create an encrypted virtual disk. It's this later approach that I like to use.
An encrypted virtual disk is simply a file that TrueCrypt "mounts" as an additional drive letter on your machine. You specify the pass phrase when the virtual drive is mounted and thereafter everything you access from there is automatically DEcrypted and anything you place there is ENcrypted.
For example, you might have TrueCrypt create an encrypted drive as c:\windows\secritstuf. If someone were to look at the contents of that file directly, they would see only random gibberish - the result of encryption. When using TrueCrypt to mount that file as a virtual drive, (for example selecting the drive letter "P:") then P: would look and operate like any other disk, and would contain the contents of the encrypted drive. Encryption is as simple as moving a file to the drive.
The trick, then, is to never mount the drive automatically. When your machine boots up, "P:", for example, would be nowhere to be found, and the encrypted file c:\windows\secritstuf would be present, but only visible as gibberish. If someone stole your machine that's all they would find.
Only after you've used the TrueCrypt program to select the file (c:\windows\secritstuf), choose the drive to mount it as (P:) and supply the correct pass phrase, would the virtual drive be "mounted" and the encrypted data become accessible.
TrueCrypt supports a number of different high-powered encryption algorithms. The documentation for TrueCrypt is clearly targeting at the seriously paranoid, including instructions on how to maintain "plausible deniability" should a thief ever force you to supply a password. Let's hope that'll only be of passing interest to any of us.
Now, a couple of caveats:
- Encryption does not make a bad password any more secure. If you choose an obvious password or pass phrase, a dictionary attack can certainly be mounted that could unlock your encrypted volume.
- An encrypted volume does you no good if the files you care about are also elsewhere on your machine.
- That being said, make sure you have secure backups, updated regularly. Preferably keep them UNencrypted, but secure in some other way, in case you lose your encrypted volume or forget your password. Without the password, the data is not recoverable.
- That last statement is technically inaccurate. You should always be aware that things are never 100% secure. All encryption can, theoretically, be hacked. The purpose of encryption is to make the cost of that hacking so astronomical as to be impractical. For example, spending a calendar year on a brute force hacking attempt is kinda pointless to discover next month's sales forecasts. Similarly hiring the expertise required to attempt such a recovery might also be astronomically costly.
Data encryption is an important part of an overall security strategy. Keeping your sensitive data secure requires a little forethought and planning. With viruses and spyware running amok, not to mention the theft scenario that we started this article with, there's no excuse not to take that time, and save yourself some serious grief later if the unthinkable happens.
Related:
-
TrueCrypt - Free open-source disk encryption
-
Ask Leo! - How can I keep my email safe from sniffing?
Article C2343 - April 28, 2005
Rick,
I have a need for serious data security. Is there a program that would automaticly wipe clean my hard drive if say..I dint log in every 2 hours. Is there something that will allow me to call from a cellphone and activate the program that would WIPE my hard drive. By wipe I mean NEVER be able to recover the data or for that matter use the laptop again at all.
12-Dec-2008
You can also use the BIOS option of providing a password to your hard drive - this keeps honest but nosy people out and is much more difficult to "break" than a Windows password.
Posted by: Dr. PC at January 28, 2009 8:26 AMI am working in a company which makes website for health, fitness, mini roulette, IT, shopping etc and I was in a great need of buying a laptop. So I finally bought a Dell Latitude D530, laptop last week.
Posted by: akshay at February 28, 2009 6:05 AMMost of the people adviced me that it would not be a good deal to buy a laptop, instead they advised me to buy a desktop. I don't know why people have so much misconception regarding buying a laptop.
I'm 99% ready to set up TrueCrypt. I travel and do not want anyone to steal my data - if they steal my laptop. What setting should I select? BB
Posted by: Bill at March 9, 2009 2:24 PMFile protection is great with passwords for access and editing. But it doesn't stop somone from accidently deleting the file.
How do I stop an accidental deletion?
Posted by: Larry Schumaker at March 19, 2009 7:05 AMSee the winsesame faq about the deleting of a protected file there :
Posted by: georges at April 2, 2009 2:29 PMhttp://www.aragonsoft.com/en/winsesame/faq20.php
This is a great article and discussion. One of the things I have been pleased by is services services like Alertsec which offer hard disk encryption as a fully managed service. It uses the Full Disk Encryption (former Pointsec) software but is a web based encryption service that radically simplifies deployment and management of PC encryption. It is a heck of a lot easier for an enterprise than trying to manage all those laptop encryption on your own! We put off encryption for way too long (and got burned once) and this managed approach made it possible for us to afford it from a money and more importantly staff resource perspective.
Posted by: David Lawrence at April 12, 2009 6:01 PMI run Alertsec and it sure is easy. The good thing is that they have a great telephone support which help you unlock your laptop when you forget or type your password in wrongly (Which I have done twice in the last 16 months..) so it is worth that little extra you pay - compared to installing it yourself. It is encryption we are talk about here - so if you b-gger it up you are really and truly lost.
Posted by: Martin at April 14, 2009 1:30 AMI´m using this discryptor.net software. I think that really makes ma data secure.
Posted by: Bererker at April 28, 2009 2:20 AMHi, when installing TrueCrypt what is the best option to use: Install or Extract (for travel) ... BTW I run Windows 7 and there is a message saying is not supported ... any risk on using it despite of this !?
11-Oct-2009
Posted by: Luis at October 11, 2009 9:12 AM