I'm bored, time to write shit.
This is mainly for people who travel a lot or work with laptops or other portable media, although it still applies if your computer never leaves your home.
For the last couple of months I have been slowly migrating my data to the cloud so that it makes traveling easier. I have reduced the terabytes of data I once had down to a bare minimum. It's amazing how much of the data is just junk (movies & TV shows that will never be watched again etc.) when you actually minimise it to the data you actually need, but I digress.
The one problem I still faced was what to do with the data that remained on my laptop.
Initially I thought of partial disk encryption using TrueCrypt. I looked at this initially because I was concerned about speed issues of full disk encryption that TrueCrypt offers. But partial disk encryption has problems from a security stand point.
Only the data contained in the encrypted partition is secure and anything outside of it is accessible by anyone. Windows, like all other OS, stores massive amounts of sensitive data with and without your knowledge, a lot of which cannot be easily secured with partial disk encryption.
As I mentioned, I was initially concerned that speed would be an issue with full disk encryption since the whole hard drive is encrypted and the data is being decrypted on the fly. But it turns out its barely noticeable.
The specs for my laptop and the encryption are the following;
The laptop is hardly impressive by any standard but I have been impressed by the fact I can't notice any speed degradation. The laptop doesn't feel slow, sluggish or unresponsive. I normally use a mix of Photoshop CS6, Visual Studio 2010 (IIS and SQL Server), Firefox, Iron, IE in my day to day and watching movies with VLC and playing games (LFD2, CSS, etc.) hasn't been a problem either.
I don't have any hard data on how much slower the laptop actually is because I'm too lazy to do before and after speed tests, but thankfully Tom's Hardware has done that already (Protect Your Data With Encryption : TrueCrypt 6.1--Tried And Tested). While they are using an old version of TrueCrypt and a very old laptop for their tests, it still gives you some stats to look over.
Ok so speed is not an issue, why use full disk encryption?
Because it's easy and relatively secure. The entire hard drive is encrypted (not just part of it) which means that if someone gets a hold of it and tries to read the data off (excluding brute force attacks against the encryption, etc.) they get nothing.
At this point I should point out a few things. The reason I'm using full disk encryption is because I don't want someone who steals/finds my laptop to have access to my shit. This is not an effort on my behalf to stop police, airport security (more on this later) or a guy with a gun at my head from getting access.
But if you wanted to hide the fact your system is encrypted, TrueCrypt has a feature which disables the boot screen so instead of the standard "TrueCrypt Boot Loader" it displays a blank screen and the computer appears unresponsive unless you enter the correct password (even as you type the computer appears unresponsive).
Because the computer appears to be dead you could claim it's broken if any one attempts to gain access to it. You could even go so far as to blame the people questioning you about it. "What do you mean my computer isn't working? What did you do to it? All my work files were on that!"
This is especially useful at airports since airport security is becoming more and more aggressive in their search for "bad people" (see everyone) and it is now common for them to access laptop data with or without the consent of the owner.
Personally at this point I'm not sure I give a fuck if airport security wants to look at my shit. But it's something to think about especially if you consider it to be an invasion of your privacy.
Full disk encryption with TrueCrypt requires the creation of a recovery disk so that the boot record can be restored in the event of corruption. This is a nice feature since if the boot record does become corrupted and you don't have the recovery disk, you lose your data; end of story, there is no way to recover it.
I suggest uploading this to the cloud or storing it somewhere safe (common sense). And if I was attempting to hide the fact I had an encrypted drive (by claiming the computer was broken) I wouldn't' carry this on me (even as a bootable USB key) since if they find it that excuse goes out the window.
The recovery disk when inserted into a drive is clearly labelled "TrueCrypt Recovery Disk". You could change this before your burn a copy, but why bother explaining why you're caring a DVD with 1.5MB of data written to it. It's far safer and easier not to have to explain anything at all.
All in all, if you're concerned about the security of your data, give TrueCrypt full disk encryption a try. Hell if it sucks for you, there is an option to remove the encryption and go back to an unencrypted state. It's win win.
* It should be noted that all security systems including encryption are fallible. If someone wants the data bad enough they will get it.
* TrueCrypt will not stop you from losing sensitive data to a Trojan. Nothing will protect you from data lose when the method of attack being used has access to the data in an unencrypted state.
This is mainly for people who travel a lot or work with laptops or other portable media, although it still applies if your computer never leaves your home.
For the last couple of months I have been slowly migrating my data to the cloud so that it makes traveling easier. I have reduced the terabytes of data I once had down to a bare minimum. It's amazing how much of the data is just junk (movies & TV shows that will never be watched again etc.) when you actually minimise it to the data you actually need, but I digress.
The one problem I still faced was what to do with the data that remained on my laptop.
Initially I thought of partial disk encryption using TrueCrypt. I looked at this initially because I was concerned about speed issues of full disk encryption that TrueCrypt offers. But partial disk encryption has problems from a security stand point.
Only the data contained in the encrypted partition is secure and anything outside of it is accessible by anyone. Windows, like all other OS, stores massive amounts of sensitive data with and without your knowledge, a lot of which cannot be easily secured with partial disk encryption.
As I mentioned, I was initially concerned that speed would be an issue with full disk encryption since the whole hard drive is encrypted and the data is being decrypted on the fly. But it turns out its barely noticeable.
The specs for my laptop and the encryption are the following;
- Intel i5 2450M 2.5GHz
- 8 GB DDR3 1333 MHz SDRAM
- 750GB 5400rpm
- NVIDIA GeForce 610M with 2GB DDR3 VRAM
- Windows 7 Ultimate
- Using 256 AES encryption with hardware acceleration
- Encrypting the entire drive took approximately 12 hours
The laptop is hardly impressive by any standard but I have been impressed by the fact I can't notice any speed degradation. The laptop doesn't feel slow, sluggish or unresponsive. I normally use a mix of Photoshop CS6, Visual Studio 2010 (IIS and SQL Server), Firefox, Iron, IE in my day to day and watching movies with VLC and playing games (LFD2, CSS, etc.) hasn't been a problem either.
I don't have any hard data on how much slower the laptop actually is because I'm too lazy to do before and after speed tests, but thankfully Tom's Hardware has done that already (Protect Your Data With Encryption : TrueCrypt 6.1--Tried And Tested). While they are using an old version of TrueCrypt and a very old laptop for their tests, it still gives you some stats to look over.
Ok so speed is not an issue, why use full disk encryption?
Because it's easy and relatively secure. The entire hard drive is encrypted (not just part of it) which means that if someone gets a hold of it and tries to read the data off (excluding brute force attacks against the encryption, etc.) they get nothing.
At this point I should point out a few things. The reason I'm using full disk encryption is because I don't want someone who steals/finds my laptop to have access to my shit. This is not an effort on my behalf to stop police, airport security (more on this later) or a guy with a gun at my head from getting access.
But if you wanted to hide the fact your system is encrypted, TrueCrypt has a feature which disables the boot screen so instead of the standard "TrueCrypt Boot Loader" it displays a blank screen and the computer appears unresponsive unless you enter the correct password (even as you type the computer appears unresponsive).
Because the computer appears to be dead you could claim it's broken if any one attempts to gain access to it. You could even go so far as to blame the people questioning you about it. "What do you mean my computer isn't working? What did you do to it? All my work files were on that!"
This is especially useful at airports since airport security is becoming more and more aggressive in their search for "bad people" (see everyone) and it is now common for them to access laptop data with or without the consent of the owner.
Personally at this point I'm not sure I give a fuck if airport security wants to look at my shit. But it's something to think about especially if you consider it to be an invasion of your privacy.
Full disk encryption with TrueCrypt requires the creation of a recovery disk so that the boot record can be restored in the event of corruption. This is a nice feature since if the boot record does become corrupted and you don't have the recovery disk, you lose your data; end of story, there is no way to recover it.
I suggest uploading this to the cloud or storing it somewhere safe (common sense). And if I was attempting to hide the fact I had an encrypted drive (by claiming the computer was broken) I wouldn't' carry this on me (even as a bootable USB key) since if they find it that excuse goes out the window.
The recovery disk when inserted into a drive is clearly labelled "TrueCrypt Recovery Disk". You could change this before your burn a copy, but why bother explaining why you're caring a DVD with 1.5MB of data written to it. It's far safer and easier not to have to explain anything at all.
All in all, if you're concerned about the security of your data, give TrueCrypt full disk encryption a try. Hell if it sucks for you, there is an option to remove the encryption and go back to an unencrypted state. It's win win.
* It should be noted that all security systems including encryption are fallible. If someone wants the data bad enough they will get it.
* TrueCrypt will not stop you from losing sensitive data to a Trojan. Nothing will protect you from data lose when the method of attack being used has access to the data in an unencrypted state.
