Home > IT Blogs > The Security Enigma: How to protect your network > Encryption and data security
>>VIEW ALL POSTS  

The Security Enigma: How to protect your network

« The UNIX epoch threat
Response to a social engineering comment »
Feb 22 2008   5:56AM GMT

Encryption and data security



Posted by: Eric Hansen
Security

Every company who handles classified information is (or at least should be, logically) concerned about whose eyes are seeing what.  Is password-protecting a file secure?  Sure, just like giving someone a username and password for the computer.  Is encrypting the file secure, as well?  Why yes it is; just as safe as it is to view cookies that store sensitive information.  So how should we eliminate the threat of password-protection and encryption?

Enter TrueCrypt.  Before reading any further, I WOULD NOT recommend reading further if you cannot attempt to use this program if you cannot become root/administrator of your computer.  The reason being is that for Windows, it has to use a driver to create the virtual drive, and that requires administrative rights.  As for root, I’m not sure how TrueCrypt works on *nix-based systems, but their website does state you have to have root privileges.

Okay, so outside of the introduction for TrueCrypt (TC), what’s its purpose?  How does it work?  Why should I even consider it?  Well, I answered #2 in the last paragraph (it creates a drive on Linux as well…which could also explain the root requirement, given most people don’t have write access to /mnt or /dev, I don’t think),  so I will answer the other two with one answer.  Encryption. Now, you’re probably thinking, “wait…didn’t you just say this thing will eliminate the need for encryption?”…well, you are correct, but let me explain this.

Encrypting a file is simply shifting or changing bits of data around, so they cannot be opened unless the person can decrypt it.  Now, TC uses only the 2nd half of that philosophy.   Shortly, here’s what happens.  When you run TC (assuming you already did the configuration for it), it will ask you mount a file.  Now, you’re probably wondering what this has to do with encryption.  Well, with TC, that file is what will be used as a virtual drive.  However, when you unmount that virtual drive, it will be saved…and when it is saved, it’s saved as an encrypted file.  No, this is not the same as what we are trying to avoid, for this simple fact…the data inside of that file is not encrypted.

Think of it this way…you have an archive file (zip, rar, what have you), and you place a few pictures in there.  Next, you decide to encrypt that zip file.  So, now we have the zip file (or the virtual drive file), that is encrypted…but, in actuality, the data inside of the zip file remains intact…just unreadable because the the archive cannot be opened.

Now, I bet you’re even now wondering what this has to do with businesses/you?  Simple enough question.  Let me ask you this, however.  If you entrust an employee with a prototype documentation Word file, what would you rather have: A)  an encrypted Word document where the user can easily forget the password for it and then you lose all that information, or B)  an encrypted virtual drive where you can still restore data from it, and not have to worry ’bout remembering the password for the Word document as well? Sure, you can recover passwords from Word documents, but those programs cost money, and you want to be as cost-efficient as possible, right?  Well, the makers of TC also have a recovery disk available to recover passwords of encrypted disks (info: http://www.truecrypt.org/docs/rescue-disk.php ).  Does it cost money?  Nope…as it says on the page: “During the process of preparing the encryption of a system partition/drive, TrueCrypt requires that you create a so-called TrueCrypt Rescue Disk (CD/DVD) […]”

Really, there isn’t much more to say about TC that would support this entry any more.  Overall, it’s a very useful program, which is also portable (you can put it on your flash drive or such).  The only downfall to this is the root/admin requirement, but if you can get around that, then this is a pretty flawless program.  Especially with the recent release of 5.0, it’s added one function that a lot of people seemed to have been crying for for a while, so kudos to them on that as well.

It’s free, it’s efficient, user-friendly and is quite the indispensable tool.   All in all, I give it a 4.5/5.0, and we already know why it’s not a 5/5, hehe.  But, that’s the end of this story.

P.S.: I was writing a TC entry back in December, but it wasn’t working as well as I wanted it too, so I’m scraping that entry for this much more…professional (sic), entry.

Links/resources:

TrueCrypt homepage: http://www.truecrypt.org/

Quote about TC recovery:  http://www.truecrypt.org/docs/rescue-disk.php (found in the “Documentation” section of the website.)

P.P.S.: This entry in no way is meant to demean the usefulness of password-protecting a file, or encrypting it like many already do…but, this entry is meant to explore a more elegant way to handle sensitive data.  TC is a very powerful program, and I do not recommend it to the people who are not comfortable with the fear of data loss or other severe consequences, but as with any software, that threat does exist.

AddThis Social Bookmark Button     Comment     RSS Feed     Email a friend

Comment on this Post


You must be logged-in to post a comment. Log-in/Register