One tool I've found useful recently is something that will be known to some people, but I think deserves to be better known. It's a utility called TrueCrypt, which provides convenient industrial-strength encryption for your data. I'd been trying to maintain a policy of not putting anything "sensitive" on removable media that I might conceivably misplace at some time (e.g. USB keys and disk drives), but I was still nervous about what might inadvertently be on there if I did lose something like that.
I came across TrueCrypt (www.truecrypt.org) first on the rather interesting "Security Now" netcast (http://www.twit.tv/sn). It was first described in episode 41 (http://www.twit.tv/sn41), and episode 133 (http://www.twit.tv/sn133) brings it up to date.
TrueCrypt is a piece of freeware that allows you to create a large encrypted file that you can mount as a disk partition under control of a password and optionally one or more "key files". In the simplest case, to mount the partition, you just need to supply the password. It supports what they call "traveller mode", where you can set up a USB key for example so it has the TrueCrypt software on it, and you get prompted for the password just after you insert it. You then end up with two partitions mounted - the USB key itself with the large file visible, and the "virtual" partition with the your filesystem available.
There is a bit of a "gotcha" here - you can't mount the filesystem on a system without TrueCrypt installed if you don't have administrator access. For that reason, if I've got a 2GB USB key for example, I usually leave 10 or 20 MB free for the occasional "sneakernet" use, and dedicate the rest for the TrueCrypt partition.
I have some experience of how well it scales - I've got a 400GB SATA drive in an external enclosure, and I've got two 200GB TrueCrypt partitions on it.
The combination of TrueCrypt with an external hard drive I think is a good option for offsite backups. The level of encryption stands up to the common regulatory standards - for example, we process credit card transactions so we come under the requirements of PCI (payment card industry) standards (https://www.pcisecuritystandards.org).
TrueCrypt version 5 adds another capability - whole drive encryption. You can install it on your laptop and let it encrypt the disk drive. Losing a laptop is bad enough (and I've been through that once!), but depending on what you have on it, the thought that someone might have access to your data, and possibly your ID information (banking, PayPal etc.) might be a whole lot worse.
There are some alternatives to TrueCrypt, e.g. http://www.ce-infosys.com/english/downloads/free_compusec/index.html for whole disk encryption, but I don't feel the need to change now!
Posts
No comments:
Post a Comment