Is Your Data My Data? USB Encryption
Monday, August 17th, 2009
As more and more folks start using Netbooks; data security becomes a vital topic. A stroll through Staples or Best Buy, and it quickly becomes apparent how popular USB thumb drives and SD cards have become. With storage up to 32GB for less than one-hundred bucks its easy to see why. The problem is these little guys are extremely vulnerable to theft and loss.
Carrying around a device smaller than a cigarette lighter with all your information on it is convenient, but also dangerous. Its just as easy for someone else to read your removable media as it is for you. All those account names, passwords, personal and business letters, contacts, etc., are red-meat to those with less than admirable intentions. Within seconds, your data is their data.
So, whats a supercharged road warrior to do? Well the solution is actually pretty simple; encryption. There are numerous solutions out there, but few that are free and work on OSX, Linux, XP, and Windows 7 seamlessly. To really be useful your data should be accessible despite the operating system. If its not, you are less likely to stick with it.
My solution is TrueCrypt, a free and Open-Source product the encrypts and decrypts on the fly.
TrueCrypt allows three different encryption options:
- Create an encrypted file container. This is a file that mounts and acts like a disk. Separate files can be written to the image as if it were a real disk drive.
- Create a non-system partition/drive. This allows users to encrypt an entire external drive such a USB stick or SD card. All files placed on the drive are automatically encrypted.
- Encrypt the system partition or entire system drive. This option is for the truly anal. It encrypts your entire Windows drive and all associated data.
For removable data, options one and two would be the logical choices. The first option “Create an encrypted file container” allows the user to mix encrypted data with non-encrypted data on the same device. An encrypted image file can be created to store critical data, while other less important files can be written to the existing file system without encryption. As long as you assure critical files are only written to the encrypted image, this solution is quite effective.
If you don’t want to think about which files are critical and which ones aren’t, then you can use option two “Create a non-system partition/drive” which encrypts the entire device. When the device is inserted in the computer, you will be asked for credentials before it can be mounted.
Using TrueCrypt is a snap. The primary requirement is that the TrueCrypt application is installed on each computer that will access the encrypted data. If you use option one, you can store the installation binary on the unencrypted portion of the removable device.
Once the application is installed, pressing the Create Volume gets things started.
Choose option one or two and follow the prompts– its that easy. You will be asked to create an encrypted password or phrase which will be used to access the image. TrueCrypt also has an easy to follow Beginner’s Guide for a little light reading.
Once the image file or device is mounted and credentials are provided; the volume acts similar to a normal drive. All the encryption and decryption is done on the fly. When protecting your data is this easy, why wouldn’t you do it?
Mark Nassal
