Helping people with computers... one answer at a time.
Whole disk encryption, or encryption in general, is an important tool in the security arsenal, but it shouldn't be the only tool.
I was told that hard disc encryption prevents people who have physical access to my laptop from reading my files, does that work against online hackers who hacked into my network? Would a complete hard disc encryption make any difference?
Yes and no.
While encryption is a powerful tool in your security tool box, it's not a replacement for good network security, or any number of other important security measures for that matter.
We need to look at exactly what is, and is not, protected when you have, and when you use, encrypted data.
The rule is actually quite simple: encryption prevents access to the encrypted data unless you have the key.
Let's say you have an encrypted file on your hard disk. Assuming you've used appropriately strong encryption, then if someone steals the computer they would not be able to see the contents of that file.
The same applies if your network or machine were compromised ... if all the intruders gain access to is the encrypted file, then they still have access to nothing since they can't see what's inside.
Encrypted data must be decrypted in order to be used. So what if you were using the data at the time the network breach occurred? Or while you had some kind of malware infection on your machine?
Then, to put it bluntly, all bets are off.
I'll use a TrueCrypt volume as an example. When not in use the volume is just a file full of encrypted data that no one but you, using the corresponding passphrase, can access. In order to use a TrueCrypt volume, you must supply the correct passphrase when you mount it. Once mounted its contents are then visible to you as unencrypted data.
And therein lies the problem: if you can see it, then a successful attacker could see it. If there were a network breach while you had your encrypted data mounted and visible, that data could be accessible to a remote attacker.
And, in my opinion, it actually gets worse if you rely on whole-disk encryption of your system drive.
With whole-disk encryption, the hard disk is completely encrypted including not only your data, but all your programs and even Windows itself. Before you can even boot your machine you must provide the proper passphrase to decrypt the drive.
That's actually pretty cool protection if the machine is off. Someone can walk away with your laptop and the entire hard disk is simply so much encrypted noise to them.
The problem, as I see it, is that if you're using your machine then everything is being decrypted and is fully accessible. A malicious network based attack could once again have access to everything.
That's why, personally, I don't use full-drive encryption. My approach is actually to encrypt what should be encrypted, and thus only have that data accessible while I need it. When not in use the encrypted volume is not mounted, and hence inaccessible to not only myself, but any possible intruder as well.
And that's truly the bottom line: if you can access the unencrypted data, then a security breach in the form of a network attack, spyware or other malware, could also allow an attacker to have access.
The lesson is simple: encryption has an important role in security, but it's no substitute for the rest of the package: having a firewall, using anti-malware scans, staying up to date, and being security conscious as you go about your day.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.