Laptop encryption part of Infomation Security

I have been researching and working in Bank with laptop security solutions ranging from encryption, to tracking and two or three factor authentication and have some initial interesting results to share.
Let’s start with encryption tools. There are a LOT of encryption tools out there for:

Encrypted files, file systems, or directories hidden encrypted files, file systems of directories encrypted operating systems hidden encrypted operating systems These can address physical hard drives, RW CD’s or DVD’s, USB drives or any other variant of external media.

Most of the offerings I encountered were pay and license with evaluations available. What I did discover is that all of these applications, whether free, expensive or in between, essentially used
the same underlying technologies for encryption. The key difference was presentation, or in more simple terms, the GUI. The one that I found most useful and cost effective is Trucrypt. This tool is free, no
shareware or time limited freeware.

I am not going to go into great technical details on the workings of this tool but will outline what
you can expect to accomplish using TruCrypt. With Trucrypt you can create encrypted files, directories and file systems on external devices. A most obvious choice would be a USB thumb drive. There are a few options with a USB drive, you can either turn the entire thumb drive into an encrypted file system, or you can make part of it un encrypted, some encrypted and another part of it hidden and
encrypted.

What I did for testing the first time was just to encrypt the entire drive, this process is very simple as all the user needs to do is mount and dismount the drive using Trucrypt to access encryption features.

The disadvantage of this, once the entire drive is encrypted, you cannot add in additional encrypted or hidden files/directories. So this method gives you an entire drive that is either visible and accessible….or not.

If you are dealing with highly sensitive data, a hidden encrypted file system might be or more interest. Try and visualize the thumb drive as a series of small to larger containers where the smaller ones are contained within each next large one, the smallest one being the hidden encrypted. So the outside part of the thumb drive is un encrypted and contains an encrypted file that holds the partition information for the encrypted file system and the next container in holds an encrypted file system, and this file system
contains a hidden file system.

Access to each one of these containers is determined by the password assigned to each container. So for all you ultra conspiracy theory people you can have a hidden filesystem that will not show up even when the encrypted file system is open.

Let’s go back to encrypting an entire operating system. Trucrypt allows for Windows OS’s to be fully encrypted. Be advised that encrypting an entire drive takes a very long time. Encrypting a 300GB
drive takes approximately 16 hours. Encrypting an entire drive or OS will insert to the MBR, requiring a password for any operating system to be booted.

Once a successful password is entered, the entire operating system is running as encrypted. Note that additional encrypted files, directories, or containers can no longer be added to the encrypted operating system. Use of this technology could be very useful to prevent thieves from even being able to access the operating system…unless of course the BIOS is not password protected and the
thief is allowed to boot to CD.

The measured overhead on the encrypted file system or operating system has been observed to be negligible on a fairly under-resources laptop (1.4GB with 512 RAM).

So with an encrypted drive in place and the BIOS password protected, I am sure there are still thousands of ways the thief can still get to your data, so let’s introduce concepts of two and three factor based authentication to dissuade would be thieves even further in my next posting on two factor authentication for laptops.

==== Cheers ====

Advertisements

About msetyadi

I am an IT Strategic
This entry was posted in Expertise. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s