So, if you have been reading our security series part 1, you should now have a list of various places that have your data and you're ready to go. The first part we will deal with is the places that fall under the category of Hard data. We are using this definition for the purpose of making it easy to determine what method we will use to secure your data. There are those who have been doing this for a very long time and may not like simplification, just remember that we are not assessing the risks, we are simply trying to identify where the data is and secure it.
Protecting the data that is defined as hard data
I will use my list for this part and try to give you some thoughts to decide on, and which posts that lifehacker has already written about that part.
There are many ways to secure hard drives. An extreme way was covered on gizmodo. but we are not James Bond or Q. , If we were then we would just follow these guides given by the NSA to harden your Operating system.
The question you must think about is what is the type of the machine the hard drive is being used for. for example is the hard drive being used in a laptop or desktop? The reason is that you need to think of several things before just jumping in.
Performance versus Security
The standard way to protect a Hard Drive is to encrypt it. When you employ an encryption scheme, you add a load to your machine to do encryption, and could slow older machines down. A solution is to only encrypt the files you need to encrypt, it's a compromise between performance and security. Melanie Pinola talked about this in this article
Security versus Ease of Use
Like all security schemes the most effective one is the one that gets used all the time. If the user (you hopefully) finds it difficult to use or remember then no security scheme will be very effective. Adam Dachis already discussed this concept when he talked about passwords, the same concepts apply here.
Both of these areas plague security experts all of the time. So don't be surprised at all the opinions, everyone has one, expert or not they all will swear they are right.
The thing to think about is if the drive leaves a “secure” location , a place such as your home is more “secure”then the coffee shop or the office not so "secure", then you probably should encrypt your entire drive. If you're wondering why, here is one of many posts by the lifehacker staff on the subject.
There are many ways to secure the data in our hard drives such as pass-wording files and making them hidden but the most talked about is encrypting the file. Lifehacker loves Truecrypt and has discussed it a lot. So this is the software we will be using for our encryption tasks.
Let’s get started:
These are just my recommendations of which posts to use. Feel free to use one of the other posts that give you more security if you feel its necessary, I would not go less if you don't have to.
One additional note about SSDs,(Solid State Drive) in order to use Truecrypt on these devices you need to have set the BIOS to use AHCI rather than IDE, when you install windows, so that it will install the AHCI drivers that support trim. You can tell if windows has detected your SSD correctly when the windows experience Index is disabled.
- Desktop hard drives:for average use just create an encrypted volume, Gina Trapani wrote a post about it here:Geek to Live:Encrypt your data and store your sensitive P.I.I. (Personally identifiable information) in it.
Needed : A copy of TrueCrypt downloaded here available for Windows, Mac, and linux
- Laptop hard drives: There is a decision you need to make at this point as to how much security you need, refer to the two points made above. Each point below implements successively greater security.
1. You can just encrypt the whole drive following Gina’s post given under desktops.
Needed: Blank cd to burn recovery key. its required to encrypt a whole drive
- Network attached drives/Servers with drives: These drives are either attached to a server or to a separate unit that makes the drive available over the home network. They can be whole drive encrypted, it is how you access/mount the drive that is important. If you don't want to send the data encrypted over the network then you must not mount the drive as a device if it is in a server, this is the only way to maintain encryption without using vpn or other technology to maintain file security. If you do chose to mount the drive and the share it you would most likely end up sending the data unencrypted over you network. TrueCrypt has a document that explains it here.
Portable drives (include usb and firewire connected)
- Desktop storage drive/Portable drive USB/Firewire attached: I combined these two types of drive in to one section because they are protected basicly same way. The difference between these drives and hard drives is that they are removable and therefore can not be accessed on a system without truecrypt installed. Since these are removable drives it might be sensible to encrypt the entire drive. Whichever scheme for encrypting these drives you can use the same instructions as the hard drive above.
- USB flash drives: It is usually the standard to encrypt the usb flash drive as an entire drive to prevent someone from accessing its contents. To do so just make sure when you are creating your TrueCrypt volume you chose the second option under the truecrypt volume creation wizard.
- CD/DVDs: CDs and DVDs can be encrypted but they can not be changed. which means that you must keep your keep your password and if you lose it you can not recover them because they can not be modified once burn to media. Just something to consider.
Next time, in part 2, we will discuss securing data in "liquid form" this will include the WiFi connections we use to connect to our networks as well as what we can do to secure our data while it is in transit. See you then.