Friday, January 31, 2003

Computer Data Security

I'm mildly concerned about data privacy. Especially since I often travel with a laptop that also has my personal financial software installed. Plus, there's the lists of passwords to various web sites or services, my personal information such as resume, work history. Basically, a bunch of information, that - should it be stolen - would severely compromise my security (financial mostly).

So, I make use of an encrypted volume on my laptop - which is a virtual disk drive that encrypts everything that gets stored on it. In order to access the contents of this volume, you must enter a key or a pass-phrase. The nice part about virtual encrypted disks is that they are transparent to the end-user. Once you mount the encrypted volume, it's just like having another hard drive connected to your computer.

For the longest time, I used PGPDisk (comes with PGPDesktop), but when NAI stopped supporting PGP - it didn't work well with WindowsXP - so I was forced to look for an alternative. So now I'm using DriveCrypt which serves me very well, although I'm very tempted to go back to PGPDesktop v8.0 now that it supports WindowsXP.

One of the tips I have for folks just getting into encrypted volumes is that they create the volume of a size small enough to be written off to CD-R media whenever they feel the need to backup the contents of the volume. In PGPDisk, this means creating your volumes as a 695Mb FAT32 disk. That way, you can unmount the encrypted volume, write it to a CD-R and store it in your safe-deposit box (or safe, or laying on the counter) and be content not only knowing that your files are now backed up - but that nobody else can swipe the CD-R and get at your personal data. (PGPDisk has been around long-enough that I feel pretty confident that I'll be able to read the contents of my encrypted disk volumes 10 years from now.)

Links:

Computer Data Security - ARC on Computer Security

PGP Desktop - I recommend this highly, especially PGPDisk

PGP Freeware - good for personal use when you just want to encrypt files and e-mail messages

DriveCrypt - another excellent tool along the lines of PGPDisk

GnuPG - open-source alternative to PGP

BCWipe - free space disk wiper

The other thing that I recommend is to get a tool that lets you schedule a free-space wipe on a daily basis. This ensures that any temporary or deleted files don't leave behind fragments that can be read back off of the disk by forensic tools (if you're not afraid of the gov't, maybe you should worry about the identity thief who also has access to such tools). The recommendation for commercial-grade security is to over-write each free segment 9 times in order to assure that you can't use advanced techniques to read the "ghost" imprints left behind. So, if you're only over-writing your free-space once a month, you should use the 3x or 9x options - but if you schedule to run the wipe daily (usually while you sleep) - you may be able to getaway with a 1x or 2x option (since you're doing it day after day after day - all those days of 1x or 2x will add up after a while).

posted by Wuphon's at 2:31 PM