When your worst fears become a reality and you notice there has been some breech of your data (a stolen laptop, an unlocked or unattended computer) and someone has either access to your machine or has a copy of it for themselves, is there any hope left? Although most don’t think it’s necessary, encrypting data is another link in the chain mail that is our security policy. While this link is not substantial on it’s own, the entire suit of armor is where the true strength lies.
Data encryption sounds scary. People think of lines of binary crossing the screen at lightening speed like a scene from The Matrix or Hackers, but it’s become something so simple that everyone should be doing it! In this post, we’ll review some free and open source solutions to offer protection and peace of mind that what’s yours stays yours!
Encrypted Password Manager: KeePass
KeePass is a powerful password manager that supports the Advanced Encryption Standard (AES) and the Twofish algorithms to encrypt your passwords and various account information. In addition, SHA-256 is used as password hash. This means a master password is hashed using this algorithm and the output is used as a key for the encryption. One master password will decrypt the entire database which supports multiple user keys, which offers the option to have your key on CD, USB or floppy (floppy disk, really?) in addition to or in lieu of a password. KeePass is small and portable. This means it runs just as smoothly from a USB disk as it does installed to a hard drive. KeePass doesn’t store anything on your system. No registry keys are created or modified and no INI files are added to the Windows directory. Deleting the KeePass directory or using the uninstaller leaves no trace of the program after removal. This tool has too many features to list completely if we intend to discuss others, but a random password generator allows you to create a password within KeePass and then copy it and paste into the necessary forms using intuitive and secure clipboard handling. One final feature that can’t be left out is the ease of database transfer. When passwords need to be available on multiple machines or in a multi user setting, a simple copy and paste of a single database file is all it takes to solve the problem.
“The sun will go nova before you can decrypt the database”- www.KeePass.info
Encrypted Volume Manager: TrueCrypt
TrueCrypt is an open source disk encryption program that creates a virtual encrypted disk within a file and mounts it as a real disk. Encryption is automatic, real time, and transparent. This virtual partition can be read and written to as fast as if it were not encrypted thanks to the use of parallelization and piplelining of data. This tool allows multiple encrypted volumes to be created and relies on AES-256, Twofish, and Serpent algorithms to protect your sensitive data. TrueCrypt can be downloaded and installed quite easily and includes a setup wizard which will guide the creation of the encrypted volume. Once created, the interface allows you to mount one or multiple volumes, which then gives the ability to treat these as local drives to store data at will. Very smooth in use, very user friendly, and something any user should employ to protect personal and/or private data of any kind. – www.truecrypt.org
Email Encryption: x.509 Certificates
x.509 email encryption assumes a strict hierarchical system of certificate authorities, much unlike the “web of trust” models like PGP, x.509 is a ITU-T standard for public key infrastructure (PKI) for single sign-on and Privilege Management Infrastructure (PMI). Specified within x.509 are standard formats for public key certificates, certificate revocation lists, attribute certifications, and certification path validation amongst other things. While the TrueCrypt’s use of MD5 based certificates was in question as recently as 2008, x.509 certificates based on SHA-1 are deemed to be secure. While it is prudent for companies to use enterprise level encryption solutions, individuals can protect themselves with the help of a free x.509 personal email certificate from www.thawte.com.
More often than not people see encryption, passwords, and monitoring policies more of an annoyance than anything else. Few would argue that it’s a pain to have to input a password to do anything at the system level or to have to remember to mount, unlock, and unmount an encrypted volume, or to have to allow access through a firewall- until you need it. When someone steals your data, you’ll be happy to know your passwords are locked up safe, and your data is encrypted to the point you can back up and change anything sensitive before the bad guys can get to it! Keep your armor strong and polished and most foes will seek alternative victims. Don’t be an easy target!