Data security is a pretty hot topic these days, especially when it comes to portable data. In fact, recent reports put airport laptop theft in the tens of thousands a week. Most, if not all, of these laptops have sensitive data on them, whether it be sensitive to the user, or sensitive to the user’s employer. And to make matters worse, most of these laptops lack anything beyond basic security such as a Windows logon password.
But is security that much of an issue? Is it that difficult to effectively secure the data on a laptop, or any other computer for that matter? Well, it depends on the type of security we’re talking about. There are significant differences between securing data on a machine that is not powered as opposed to a machine that is powered and processing that data. In the latter case, firewalls, anti-virus software, and good programming practices will help to shield that data from nosy intruders.
If your machine is not powered, and the attacker can gain physical access, is there any way to protect the data? The answer is actually quite simple. There exists a product that can encrypt the data on your machine, either in chunks, or as a whole. In fact, with the latest version, you can even choose to have it deploy a decoy operating system, just in case you’re being tortured for your password.. What is this wondrous software, and how much is it going to cost you? It’s called TrueCrypt, and it’s FREE.
TrueCrypt is a data encryption tool that runs on Windows, Mac OS X, and Linux. In fact, if you’re a decent programmer, you can probably get it to work on most any operating system as the source is freely available. The TrueCrypt website highlights the following as main features:
- Creates a virtual encrypted disk within a file and mounts it as a real disk.
- Encrypts an entire partition or storage device such as USB flash drive or hard drive.
- Encrypts a partition or drive where Windows is installed (pre-boot authentication).
- Encryption is automatic, real-time (on-the-fly) and transparent.
- Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:
1) Hidden volume (steganography) and hidden operating system.
2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data). - Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS.
There is a small amount of overhead when using encryption, but for most business applications, that’s an acceptable sacrifice for the security gained. Even without the use of hidden volumes or decoy operating systems, TrueCrypt offers a safe, secure manner by which you can protect your data. And, if you so choose, you can mode TrueCrypt volumes between computers and even operating systems, such as on a USB flash drive, while maintaining compatibility. In fact, I use this feature on a daily basis. I have a small 1 Gig USB flash drive with a TrueCrypt partition on it where I store some personal information such as a copy of portable Thunderbird. Included on the USB drive, in an unencrypted area, is a copy of TrueCrypt for Windows, Mac, and Linux. Thus, if I ever need to mount the drive on an operating system without a copy of TrueCrypt, I’ve brought my own.
TrueCrypt 6.0 was released over the July 4th holiday. This latest release adds some great new features. Parallel encryption and decryption, meaning it will use all of the processors (or cores) on a multi-processor system, was added. This allows TrueCrypt to run substantially faster on multi-processor systems. Also added was the ability to create and run hidden, or decoy, operating systems. Hopefully I’ll never find myself in a situation where such a decoy is needed, but perhaps James Bond will find this new feature useful. A number of minor enhancements were made as well, including a number of bug fixes. The current version history can be found here, and you can download the latest version here.
TrueCrypt is a wonderful tool, even for personal data protection. I recommend looking into it, and even integrating it into your everyday life. It’s a small change, barely noticeable for most, but the security benefits are staggering. Just don’t forget your password, ok?