How Encrypted Volumes Can Protect Your Data in the Case of Mobile Data Security (and Out of the News)
Most of us know of recent, high-profile instances when lax laptop security allowed sensitive material to leak into the public sphere. These incidents brought about severe public humiliation for the organizations (or governments) concerned and raised concerns about a lack of internal controls for maintaining a secure environment.
Anyone who travels with a personal laptop or netbook will be subject to the same risks. This security issue (particularly on laptops and removable media) is not limited to business.
Can you afford for an unidentified third party to obtain your personal information? What are your potential risks if private information is made public on an ID theft website?
Most people should find the potential outcomes of such a scenario terrifying, but the good news is that you can take steps to prevent it, just in case your data ends up in the wrong hands.
There are three basic methods you can use to protect your data:
Do not store private information on your laptop .
Encrypt the entire hard disk .
To protect your data, use “encrypted volumes” (see ).
Let’s examine these choices in more detail and weigh their advantages and disadvantages.
Option 1: Don’t store any private data on your laptop.
So, while this is a very safe choice, I’m hoping most readers have realized that it is also somewhat constrained. You might be able to use this method with smaller portions of your sensitive information. Still, most of us require access to specific pieces of information that we consider confidential daily.
Encrypt your entire hard disk as a second option.
This has been a lot simpler in recent years, especially with the advancement of operating systems. You could not have done this ten years ago without specialized (read: pricy) third-party software.
Fortunately, the ability to encrypt a volume is widely available on most modern systems, significantly boosting system security.
Encrypting your entire hard drive restricts access to your machine to those who know the correct passphrase or password. When data is encrypted, your operating system will remove it from your hard drive, authenticate it, and then perform “on-the-fly” decryption. For the most part, you won’t have to deal with the unpleasant details of how that process operates. (once the system has been set up).
Whole drive encryption can, unfortunately, be difficult for a few important reasons, so you should give them some serious thought before you begin the setup procedure.
Modern computers are well-specified, but the cost and performance hit associated with encryption and decryption make them less efficient. Because of the significant computational tasks involved in decrypting everything (including your applications and data) before you can use it and then re-encrypting it after you are done, you might notice that your computer runs a little slower.
Because of the way, the hard disk is cryptographically “tied” to your system, full drive encryption offers a great deal of security. It might use your passphrase or password to confirm your identity on the network, but it might also add a check to see if the hardware “footprint” of the computer has not changed, implying that the hard drive has been taken out and installed in another machine.
This procedure makes you consider what you’ll do if your laptop is irreparably destroyed.
For illustration’s sake, imagine you drop your laptop, and the screen cracks. Due to the model’s discontinuation and the exorbitant expense of a replacement screen (together with all the accompanying repair fees), you decide against having it repaired and instead opt to utilize the money to purchase a new computer.
You remove your hard drive and put it into an external USB drive since you know from using the broken machine that it still functions. You can still retrieve your data from the drive in this manner. This strategy sounds reasonable until you try to retrieve the data and discover that the industry is unavailable.
The security built into an encrypted drive was activated when you removed the hard drive from your laptop because you destroyed the cryptographic connection that connected the drive to the computer it was first installed on. Encrypting your hard drive was done precisely to keep your private data safe if it was stolen, with or without the linked laptop.
Therefore, employing complete hard drive encryption to secure your data is a brilliant idea, but it has a cost and some significant cons.
I suggest utilizing an encrypted volume that is entirely portable and can be installed as an additional hard drive. (meaning it can be carried on a hard drive or external media – such as USB sticks).
Several software programs provide this functionality, but I always like to emphasize cross-platform, bloatware-free options. The program I’ve chosen is called “Truecrypt” and is available at www.truecrypt.org.
Use “encrypted volumes” to protect your data as a third option.
The program of choice is Truecrypt
Truecrypt is a fantastic encryption method that meets all requirements.
Since Truecrypt is cross-platform, it can be used on a PC, a Mac, or a Linux distribution. It provides the complete capability of any volume encryption solution I have used, and as it is an “Open Source” product, it is free to use. Since the application is portable and compatible with all standard operating systems, it can be produced on one system and then moved to another without any issues while maintaining the security of your data.
Here is a very brief explanation of how Truecrypt functions.
Creating the encrypted container is the first step in creating a secure volume. Once mounted, this one file will serve as the volume. (all the parts needed to work this puzzle are included in the Truecrypt application).
It’s crucial to consider the password you’ll use each time you need to access your data before creating the encrypted container. In order to prevent your data from being lost forever, your password must be complicated (i.e., a combination of alpha and numeric characters, including wildcard symbols). Above all else, make sure you can remember your password.
The required size of your container is the other issue that needs to be decided beforehand. If it’s too huge, you’ll have to wait a long time to be copied from one location to another; if it’s too small, you’ll continue running out of room. In my opinion, how frequently I anticipate moving the container and the kind of media I will use will be the most important determining factors in the “How big?” inquiry.
Like many other individuals, I frequently move data around on a USB stick, and this determines my container’s overall size.
After determining the container’s size, you give it a name and then select the “Encryption Algorithm,” which means “choose how secure you want it to be.” I cannot advise you regarding your encryption algorithm choice in this article because it may be governed by local legal laws where you live. If in doubt, leave it on “AES,” the default setting.
Before entering your complicated password, you will specify your container’s size based on your prior decision. Remember to input this password whenever you want to access an encrypted volume. You can always choose the “Display Password” option to ensure you have the password correctly before continuing if you are concerned about forgetting it.
Your new container needs to be formatted so the operating system can recognize it before you can utilize it. You won’t be able to write to or copy data from the container if you don’t format it. If you want to guarantee cross-platform operability, you must be cautious while selecting your format option. If you’re unsure which format option to use, leave the setting at “FAT,” which is the default.
The “Random Pool” assures that you use a vital encryption key in the final format screen (Volume Format), which displays a screen with a sequence of random integers. Before formatting your volume, move your mouse around this screen for a bit. The more time you spend doing this, the better your encryption keys will be.
One thing to remember about this creative process is that after it is over, the creation screens will attempt to repeat the entire procedure. This may be a little perplexing if you only require one container. However, exiting the creation screen will return you to the main Truecrypt screen. Your new container is prepared for its initial mounting.
Select a free drive letter from the screen above after using the “Select File” option to find your new file. Your new volume will be mounted here. Your new book will appear in the file browser (Windows Explorer, Macintosh Finder, or the Linux equivalent) as a new local drive once you provide your password and click “Mount” to complete the procedure. (look for the drive letter you selected earlier).
Truecrypt is an excellent application, thanks to a few additional features. One of these that I find particularly useful is having your file browser show the newly mounted disk, saving you the hassle of having to seek it. I also like that Truecrypt may be set to shut down automatically after no encrypted volumes are mounted. This is significant because it addresses visibility, another crucial component of protecting private data.
“Out of sight, out of mind.”
David Lynch’s adaptation of Frank Herbert’s science fiction book “Dune” appeared in 1984. “Knowing there is a trap is the first step in evading it” was one of the quotes that stuck with me the most.
If you flip this around, you obtain a fundamental security tenet: “If you are unaware that something exists, you do not know to look for it.”
If you label something as “private,” “important files,” or possibly “bank details,” you raise a red signal to anyone searching your computer for valuable items if you make it clear that it is essential (or applicable).
Since TrueCrypt encrypted containers lack a file extension, no default application is associated with them. If you double-click on it, your system will become confused while trying to decide how to open the file. No casual check of your system will turn up your valuable data if you match this by giving the file an ambiguous name.
This post, I hope, has shown how security need not be complicated and can be pretty adaptable to different operating systems. Applying the same guidelines to CDROM, DVD, and USB stick data will further expand this.
IT professional Brian McClure is particularly interested in cross-platform capabilities and has a strong distaste for bloatware. (software that takes up enormous computer resources for minimal tangible benefit).