TENNESSEE (BLOGGER )COMMENTS ON DATA THEFT http://www.taborcg.com/?p=30
I have started to use a new open source program called “TrueCrypt” and I wanted to share some of my first impressions.
Data protection is quickly becoming the number one priority in computer security. In fact it could be argued that the data carried on your computer is more valuable than the computer itself. For example, last year the Nashville Election Commission had stolen a laptop containing data on every Nashville voter. With this data a criminal could have assumed the identify of any Nashville voter and done any of the typical “identify theft” things such as opened credit card accounts under that ID, opened/closed utilities, etc, etc. Fortunately Nashville got the laptop back, but the other data loss situations are popping up all the time.
It’s a fact of life that someone is going to lose a computer component that will have sensitive data on it. Be it a laptop, desktop hard drive, backup tape, or USB thumb drive, accidental loss or just plan theft will occur. Of course when that laptop is stolen, did the thief just steal it to pawn for drug money, or was it a calculated attack aim at getting sensitive data? Who’s to say that even if it did get pawned, what if the new owner finds the data and sells it? The only sure defense for your data is to encrypt it, and that is what TrueCrypt does.
TrueCrypt takes different approaches to how it encrypts your data. One method is the concept of using a “virtual drive” or “drive image”. Basically, a “virtual drive” or “drive image” is a file on the hard drive which the OS (Windows in this case) “mounts” as a normal drive in and of itself. So the file in My Documents called “Some_cd_image.iso” is mounted to look like it’s the “L:\” Drive. Any data read or written to the “L:\” Drive actually goes into “Some_cd_image.iso” in My Documents. Mac users are more accustom to this concept because Mac Software from the Internet is generally distributed using a “.dmg” file, which is a drive image. People who “back up” there CD ROMs also work with drive images, because those backups are simply sector-by-sector image copies of the original optical disk. But I digress.
One method for TrueCrypt is to create a file which is then mounted as a drive image. TrueCrypt will then automatically encrypt and decrypt data as it written or read from the “drive”/file.
TrueCrypt can also encrypt whole drives, so rather than having an encrypted file which is then mounted as a virtual drive, you can choose to encrypt an entire thumb drive, or a second hard disk. Again, once the drive in created and mounted, you can read and write data to it just like any drive. TrueCrypt handles the encryption and decryption automatically.
TrueCrypt also has a “whole drive encryption” feature for the system drive. This is the really COOL feature in which you can encrypt your ENTIRE computer. When your computer boots, TrueCrypt will ask for a password (this is the encryption key), after you enter the correct password, your system will boot and run as normal. If your computer is lost or stolen, your data is safe. TrueCrypt isn’t a password, it’s encryption, so even if they thief took the hard drive out and put it into a another system, they would not be able to “see” any of the data on it. Because you only have to enter your password at boot time, there is no consent “in-your-face” element to TrueCrypt, all new data, email, or programs, you put on your system are safe.
TrueCrypt also has some other features which I really like.
- Total lack of data structure in a secured file. This means that if you had a file you mounted as a drive image, there is no way for anyone to tell what exactly that file is or how full that “virtual drive” might be without knowing your encryption key (password). In fact, a TrueCrypt file is nothing more than random “noise” before you use your encryption key, thus someone could not actually PROVE that the file they are looking at is even an encrypted file.
- Hidden Volumes and Plausible Deniability. TrueCrypt lets you create a “file within a file”. Let’s say that you have a situation where you are forced by some means to give over your encryption key (password). There are many far-fetched examples on why this would happen such as “someone has a gun to your head”. However a more realistic example would be “you are under court order to turn over a password”. With Hidden Volumes and Plausible Deniability you could have 2 passwords, one opens up your real secret stuff, the other opens up somewhat secret stuff. If forced you simply give up the “somewhat secret stuff” password. There is NO technical way to prove that you gave up the wrong one.
- Key Files. These are files which you can use in place of, or along with, a password. For example, you have a picture, or ten pictures, which you can use as “passwords”. You simply tell TrueCrypt to use the “hashed sums” from that or those image files as the password. A “hashed sum” is a mathematical representation of a computer file which is always the same so long as the file does not change. What makes the use of “hashed sums” of key files interesting is that you can avoid using the keyboard to input the key to unlock your data. Criminals have used “key board loggers” which record every key stroke to record passwords from victim’s computers.
I have really stared to beat the drum about security with my clients here at TCG. TrueCrypt is perhaps the best tool I have found thus far for the lay-person to help guard against data theft.
Posts
No comments:
Post a Comment