Improve your security #16: Encrypt your data

The best way to protect your data is to use encryption. Encryption is is the process of encoding messages (or information) in such a way that eavesdroppers or hackers cannot read it, but that authorized parties can. [check Wikipedia for more details]. Applied to files, this means that each file is encrypted in such a way that only  the owner of the encryption key is able to encrypt the file. Normally, this should be enough to protect the content of the file from unauthorized eyes. However, when applying this to many files, it proves to be quite challenging to encrypt and decrypt files one by one. Not to say, almost impossible. This is why there are today many solutions that provide all-in-one methods to encrypt information:

  • full hard drive encryption

The entire hard drive is encrypted, including the operating system area and in order to even start the operating system the user needs to authenticate.

  • partial encryption (only non bootable partitions)

An entire partition, different than the one with the operating system is encrypted. In order to mount the partition, the user has to authenticate first.

  • Encrypted file container

As its name says, a large file is created and mounted as it would be a partition on the hard drive.

All these methods allow the user to protect a large amount of files at once without having to encrypt/decrypt manually each file individually.   There are several solutions available on the market which can achieve some or all three methods. Some of the products are free (True Crypt), some are coming only bundled with hardware, therefor are not free (HP, DELL, others), others are paid (too many to be mentioned here). I will discuss here about TrueCrypt which is free and one of the best encryption solutions available. In the article “Improve your Security #2: Securing your notebook” I have described how to create an encrypted file container.

In this article, I will explain how to create a entire partition encrypted.

 

1. Open the Disk Management in Control Panel-> Computer management. Select the drive you want to encrypt and remember its name. In this case, it is Disk 1. Make sure you don’t forget this disk otherwise you could end up selecting the wrong disk and lose the files on it.

1

 

2. Open TrueCrypt and check that you can see the disk and the partition you’ve chosen at the previous step (\device\harddisk1\Partition1). You have to click on the “Select Device” button in order to see the list of the partitions.

2_1

 

3. Choose a drive letter for the future encrypted partition (T:) and select which disk and partition will be used.

3

4. Select from the menu Volume -> Create new volume. You will see this dialog.

4

 

Select the second option.

5. Select the first option – Standard TrueCrypt volume

5

 

6. Select the drive and partition to format again

6

 

7. Choose the first option if there is no data on that partition. Choose the second one if there is data. In order to avoid any problems, even if you select option two, I strongly suggest to make a full backup of that partition. Note also that the process will take in this case a lot more time.

7

 

8. Leave everything default. The defaults are offering a decent amount of privacy. However, if you are more security savvy as I am, choose as Hash Algorithm SHA-256.

8

 

9.  Just click Next

9

 

10. Enter a strong password here. You can find here tips how to create a good password.

10

 

To create a 20 chars password is not realistic. You will end up doing some unsafe things like mentioned here. So ignore the warning and choose a click on Yes.

11

11. Format the partition. You may want to check that box “Quick format” because it dramatically improves the required time.

12

Click on Format and then on Yes.

13

 

12. Depending on the size of the partition, the formatting will take a while.

14

13. After the format is finished, you might have to select again which drive you assign to the partition.

 

After this process is finished, you should be able to access the partition using the driver letter chosen at step 3 (t:\).

In order to automatically mount on every reboot the combination driver letter and drive-partition (t: -> drive\partition), you need to save this in Favorites -> “Add mounted volumes to favorites”.

15

 

From now on, on reboot (or logon) you have to authenticate in order to  access the encrypted partition and save your files safely.

16

 

 

 

If you want to improve your overall security, check our Improve Your Security series.

 

 

Sorin Mustaca

IT Security Expert