Securing your Pc with True Crypt
Only a few days ago I wrote a first small article about true crypt and recommended it. Back then I bought a usb 2.0 hard drive with 300 GB capacity and encrypted its entire partition with true crypt. This was done to test the programs functionality but also to see if it would slow down my main computer (athlon 64 3000+, 1 gb ram).
To my great surprise it did not slow down the pc and I decided to expand the encryption to cover all my hard drives. Let me tell you why and how i did this and why you should also be considering this.
Why ?
The first question that comes to my mind and probably yours as well is: Why would someone want to encrypt his hard drives / part of his hard drives ? (note you can also encrypt other storage devices like usb sticks)
There are numerous reasons for this. It can be as profane as to hide your daily dose of naked ladys from your wife, hide personal information from other people who might have access to your pc or encrypt your files on a removable storage device for transportation to prevent that the files can be accessed when the device is stolen.
Now what ?
Now, why encrypt the whole drive(s) and not just a small part of it ?
This is a good questions and I have to answer it to some lengths. Let me first tell you that true crypt is not able to encrypt a operating system and boot from it at the same time. That means either you use a second unencrypted operating system or move all sensible user data to the encrypted partitions.
As I said earlier I only encrypted the removable usb hard drive. All my tools that I´ve been using daily are still on the unencrypted internal drives. Guess what happens when I open Open Office and load a document from the encrypted drive ?
It leaves traces. Last used files are normaly shown, it probably gets cached in windows cache as well. That means, although the file itself is encrypted the possibility exists that it could still be accessed by other means. There are lots of scenarios like this, a browser caches the pages you visit, a media player keeps records of last played files aso.
Wouldn´t it be much securer if those tools are also stored on an encrypted disk ?
The setup:
I decided to do the following. I already have a partition for the operating system. All other partitions would be encrypted. The user data from the operating system would reside on an encrypted disk, as would be the pagefile and all other caching.
As a sidenote, one could also install a clean operating system on that partition and use vmware to install another operating system on encrypted drives. BartPE is another possibility. The operating system would be stored on a read only device.
All my tools reside on the encrypted drives, making it impossible for someone else to access them. (unless one would keep the pc running when leaving..)
How to:
I suppose you already are using your drives. True Crypt will erase all data on a partition if its applied to it. Therefor you should move or backup your files before you start this process.
Download true crypt and install the program. Download the true crypt user manual as well. Then backup / move your files if you have not done so already.
Start True Crypt and select Create Volume. You have the choice to create a standard or a hidden True Crypt Volume. The difference between the two is the following. A hidden volume has a own pass phrase and always resides inside a standard volume. If someone forces you to reveal the pass phrase you provide the one for the standard volume. Its impossible to say if a hidden volume exists even if the standard volume has been mounted. (True Crypt partitions are always filled with random data and one can´t therefor distinguish.)
Select standard partition now and in the next window you have the option to store the encrypted data in a file or encrypt a whole device. We want to encrypt a complete hard drive, select device and chose your hard drive that you want encrypted.
Encryption Options:
You have to select an encryption algorithm and an Hash Algorithm now. I don´t want to recommend one to you but as of now none has been officially cracked. Some people are discussing their choices on the official true crypt forum, if you are unsure you might want to go there. You can also use Wikipedia for more information. (Blowfish information in this example)
Make sure that in the next step the whole hard disk space will be encrypted.
Selecting a password:
You will have to select a password which will be asked every time you want to mount your encrypted drive. Recommendations are that yours should be 20+ chars that consist of a mixture of upper- and lowercase, special chars and numbers. Its hard to remember at first but it will become easier over time. Its suggested that you do not write it down but that’s up to you..
Volume Format:
Move the mouse around for 30+ seconds, select a file system (ntfs for windows xp recommended), leave cluster size at default and click format afterwards. The whole partition will be formatted and encrypted, all data that is left on the device will be lost forever. Make sure there is none that you still need left.
Mounting:
You have to mount an encrypted partition to enable it in windows. Chose Select Device in the main menu of true crypt and pick the encrypted drive. Then click on mount and enter your pass phrase. If its correct the drive will appear and you can fill it with data.
The drive letter remains the same as before, so there should not be any problems with broken program links or the like.
Final Words:
Depending on your choices to use an unencrypted operating system, BartPE or VMware you need to make sure that all personal data and caches are stored on the encrypted partition. I strongly suggest you use one of the latter for the best security.
If you encounter errors I suggest you visit the true crypt forum which is well visited and contains lots of valuable topics of users that had problems with the tool.
I for myself decided to give BartPE a go and forget about the idea to have the operating system on the unencrypted partition. This saves a lot of the hassle of moving all cache and personal data locations to ones on the encrypted drive
To my great surprise it did not slow down the pc and I decided to expand the encryption to cover all my hard drives. Let me tell you why and how i did this and why you should also be considering this.
Why ?
The first question that comes to my mind and probably yours as well is: Why would someone want to encrypt his hard drives / part of his hard drives ? (note you can also encrypt other storage devices like usb sticks)
There are numerous reasons for this. It can be as profane as to hide your daily dose of naked ladys from your wife, hide personal information from other people who might have access to your pc or encrypt your files on a removable storage device for transportation to prevent that the files can be accessed when the device is stolen.
Now what ?
Now, why encrypt the whole drive(s) and not just a small part of it ?
This is a good questions and I have to answer it to some lengths. Let me first tell you that true crypt is not able to encrypt a operating system and boot from it at the same time. That means either you use a second unencrypted operating system or move all sensible user data to the encrypted partitions.
As I said earlier I only encrypted the removable usb hard drive. All my tools that I´ve been using daily are still on the unencrypted internal drives. Guess what happens when I open Open Office and load a document from the encrypted drive ?
It leaves traces. Last used files are normaly shown, it probably gets cached in windows cache as well. That means, although the file itself is encrypted the possibility exists that it could still be accessed by other means. There are lots of scenarios like this, a browser caches the pages you visit, a media player keeps records of last played files aso.
Wouldn´t it be much securer if those tools are also stored on an encrypted disk ?
The setup:
I decided to do the following. I already have a partition for the operating system. All other partitions would be encrypted. The user data from the operating system would reside on an encrypted disk, as would be the pagefile and all other caching.
As a sidenote, one could also install a clean operating system on that partition and use vmware to install another operating system on encrypted drives. BartPE is another possibility. The operating system would be stored on a read only device.
All my tools reside on the encrypted drives, making it impossible for someone else to access them. (unless one would keep the pc running when leaving..)
How to:
I suppose you already are using your drives. True Crypt will erase all data on a partition if its applied to it. Therefor you should move or backup your files before you start this process.
Download true crypt and install the program. Download the true crypt user manual as well. Then backup / move your files if you have not done so already.
Start True Crypt and select Create Volume. You have the choice to create a standard or a hidden True Crypt Volume. The difference between the two is the following. A hidden volume has a own pass phrase and always resides inside a standard volume. If someone forces you to reveal the pass phrase you provide the one for the standard volume. Its impossible to say if a hidden volume exists even if the standard volume has been mounted. (True Crypt partitions are always filled with random data and one can´t therefor distinguish.)
Select standard partition now and in the next window you have the option to store the encrypted data in a file or encrypt a whole device. We want to encrypt a complete hard drive, select device and chose your hard drive that you want encrypted.
Encryption Options:
You have to select an encryption algorithm and an Hash Algorithm now. I don´t want to recommend one to you but as of now none has been officially cracked. Some people are discussing their choices on the official true crypt forum, if you are unsure you might want to go there. You can also use Wikipedia for more information. (Blowfish information in this example)
Make sure that in the next step the whole hard disk space will be encrypted.
Selecting a password:
You will have to select a password which will be asked every time you want to mount your encrypted drive. Recommendations are that yours should be 20+ chars that consist of a mixture of upper- and lowercase, special chars and numbers. Its hard to remember at first but it will become easier over time. Its suggested that you do not write it down but that’s up to you..
Volume Format:
Move the mouse around for 30+ seconds, select a file system (ntfs for windows xp recommended), leave cluster size at default and click format afterwards. The whole partition will be formatted and encrypted, all data that is left on the device will be lost forever. Make sure there is none that you still need left.
Mounting:
You have to mount an encrypted partition to enable it in windows. Chose Select Device in the main menu of true crypt and pick the encrypted drive. Then click on mount and enter your pass phrase. If its correct the drive will appear and you can fill it with data.
The drive letter remains the same as before, so there should not be any problems with broken program links or the like.
Final Words:
Depending on your choices to use an unencrypted operating system, BartPE or VMware you need to make sure that all personal data and caches are stored on the encrypted partition. I strongly suggest you use one of the latter for the best security.
If you encounter errors I suggest you visit the true crypt forum which is well visited and contains lots of valuable topics of users that had problems with the tool.
I for myself decided to give BartPE a go and forget about the idea to have the operating system on the unencrypted partition. This saves a lot of the hassle of moving all cache and personal data locations to ones on the encrypted drive
No comments:
Post a Comment