Securing a Laptop: Encrypted Virtual Disks

Posted on March 16, 2006 by

I recently rebuilt my laptop, and as I was doing this I got to thinking about
how to better secure the data I carry on it. My concern is not so much people
hacking into it at a public hotspot (although this is a risk), but rather what data may be comprimsed
if the it was stolen. Once someone has the physical disk, it’s not hard to extract the files. The implications range from trade secrets being released, to your identity being stolen.

The obvious solution is to keep sensitive data
encrypted, but doing this on a file-by-file basis is just not realistic. How am I going to manage that for a large collection of
source-code, proposals, internal documents, resumes, contract terms, and
emails?

After some Googling, I found TrueCrypt – an open-source encryption
package creates a vitrual encrypted disk within a file and then mounts it like a
real disk. This lets you work with your files as usual, except that they are
stored inside an encrypted file on virtual hard drive. Additionally, you can use
a variety of encryption algorithms – AES-256, Blowfish (448-bit key), CASTS,
Serpent, Triple DES and TwoFish. These are some world class algorithms – the
sort of thing that the NSA has problems
with.

How it works
Once you intstall TrueCrypt, you can create
a volume – which is basically a big empty file where you will store your
sensitive data. As this file is being created, it is being filled with random
data. Once you copy your data into the volume, it’s automatically encrypted.

Performance
Because the algorithm you choose effects performance,
TrueCrypt has a built in benchmarking system. This allows you to choose an
algorithm which will perform adequately on your system.

Accessing the
volume
When you log into windows, before you can access your files, you
need to mount your encrypted virtual drive. This is very simple, and only
requires that you enter your passphrase.

Once the volume is mounted, you can use it like any other disk. It shows up in Windows Explorer…

And you can double-click files to open them. No plugins etc needed.

The nice thing is that without that passphrase, the
files are totally inaccessible (at least for the many years it will take to crack the file) – so even if someone
hacks your notebook while at Starbucks, they still can’t get into your files.
And – should the notebook be stolen, again – the files are safe from prying
eyes. Best part – it’s free!

Advertisement
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s