So about two or three weeks ago I decided to bite the bullet and install a whole-disk-encryption solution to my personal laptop.
We use whole disk encryption (WDE) at work on all our systems for security and data-loss prevention so the whole concept is well covered here and I’ve done a number of posts on PGP WDE in particular, when combined with WinPE solutions.
But PGP is a commercial solution, and like some other commercial WDE products, is pretty costly and not a practical solution for most home users.
The whole concept of whole disk encryption is that even if someone physically steals your computer/laptop/portable-drive, they cannot access the data in a readable format without the use of an encryption key. In many ways, I think this is one of the very last bastions of standard computing security practice that hasn’t made it down to the average consumer level…and sadly…many companies and small businesses. I always shudder when I see computers in small mom-and-pop businesses sitting out in the open near windows and wonder if their customer data is really safe at rest on them.
Anyway, it was time to lock-down the Valca laptops.
There were a small number of free/$$ consumer products out there for whole disk encryption I could have gone with. The two major factors I was particularly concerned with were 1) would system/disk performance be negatively impacted and 2) would recovery options to off-line mount the encrypted disk be available for me to use under a WinPE platform?
Advances in standard desktop hardware performance pretty much rendered the first one not a concern, and I have been using the portable version of TrueCrypt off USB drives and in WinPE for quite a while.
In the end I went with TrueCrypt and haven’t been disappointed.
The whole process is very easy to go through and I’ve seen absolutely no performance issues. In fact, I did all my recent HD video editing exercise with nary a performance blip shortly after my system was running the TrueCrypt whole disk encryption.
- TrueCrypt - System Encryption
- TrueCrypt - FAQ (answers to frequently asked questions)
- Step-by-step guide to installing TrueCrypt and encrypting Windows XP system partition - Security Beacon
You might want to consider some of the points that Michael Pietroforte raised last week over at 4SysOps
- Is TrueCrypt trustworthy? - 4sysops. I think he does make some valid points, but regardless, my primary concern is data loss prevention from robbery/burglary/my-own-stupidity and not from possible back-door exploits from shadowy gobernment data-collection operations run against the citizenry. Anyway, I thought Michael provided a great and often unconsidered perspective.
Alternative whole disk encryption solutions worth considering for home users
CE-Infosys - Free CompuSec PC Security Suite - I first stumbled across this German based software solution back when I was seeing how WDE might protect against KON-BOOT. It is completely free for both personal and professional use.
DiskCryptor - Open Source disk partition encryption program. I am not as familiar with this program but it has been kicking around now for a very long time. In addition it also supports Windows LiveCD integration.
Microsoft BitLocker/TPM - Note you need to be running Windows 7 Enterprise or Ultimate (or other Vista/Win 8 supported editions). Windows 7/8 Home editions don’t support it. A system board with TPM chip is not required, but recommended.
- Help protect your files using BitLocker Drive Encryption - Windows.
- BitLocker Drive Encryption Overview - Microsoft TechNet
- What is BitLocker? What does it do? What does it not do? - US SMB&D TS2 Team Blog
For commercial products, this article may be helpful:
Buyer's Guide to Full Disk Encryption - eSecurity Planet
Cheers and stay secure,
Claus Valca
1 comment:
You should update your blog since it comes up in the first few pages of several Google searches.
TrueCrypt has been abandoned and is no longer considered secure.
Post a Comment