Recently we went through a project to determine the best encryption software to use in our business. The projects evaluated were McAfee Safeboot, SafeNet, and GuardianEdge. Each of these three products have their respective strengths and weaknesses in an enterprise environment, but there is one problem that all three of them share, and that is that they are an enterprise solution. You wouldn’t want to use this or pay for this for home or small business use.
The best solution that I have found for the home and small business is Truecrypt. There is plenty of documentation on that site to explain how to set it up and run it. I want to describe the reasons for running it at home. Obviously an enterprise has company confidential data including trade secrets, pricing, margins, employee data, etc. that has to be protected. Hopefully they aren’t putting these things on a laptop in the first place since there is very little reason that anyone would have to have a local copy of much of this while off site, but it does happen.
Your home laptop probably doesn’t put an enterprise at risk if it is lost, however it can put you at risk. The majority of laptops that are stolen are done so just for their resale value. They get stuck on ebay or sold to a pawn shop or some guy down the street. There is less thought to the value of the data on it than the value of the hardware itself. When that is not the case, your data is completely vulnerable. If you have logged into banking websites, the tracks are probably still available. If you recently logged into your webmail then your computer may still have a cached session available for the thief. If you run an email client you likely have it set to remember your email account passwords. With that little bit of information a theif could reset your password for your bank and log in, just as one small example.
Encryption solves this problem by making it more difficult to break into your data than any value that could possibly be received from having done so. In other words, no commonly used encryption is completely foolproof, but all provide barriers to your data that would require significant computing effort to break through.
There are two types of encryption most commonly used by consumers. First is the built in encryption with their computer. For Windows users that would be Microsoft’s file and folder encryption which is activated simply by right clicking on the file or folder, clicking properties, advanced, and then checking the box that says to encrypt. Note that you have to have a password specified for your account, and I’m just speaking about modern versions of Windows. There are two inherent dangers with this type of encryption. First, it is all tied to your windows password. In other words, if someone gets your password, they have your encrypted files. Second, it is easy to forget to encrypt important files including paging file, temporary files, etc.
The solution is full disk encryption which encrypts everything on your hard drive including temporary and swap files and makes it all inaccessible without a bootloader password. The password you generate should be significantly difficult. I use a combination of phrases and random characters and numbers. With recent versions of the software Truecrypt is capable of allowing suspend to disk with your bootloader password required to boot back into the system.
Having this protection on your laptop gives you peace of mind when there are times that you must leave your laptop in a less secure place. There are some concerns about your encryption key being in memory if the system is in a sleep state, and it is true that someone could compromise your laptop in that state IF they were prepared to do so. In Vista it is easy to set a timer on the sleep so that after a certain amount of time the system will wake up and go into hibernation. There is also a possibility that within a few minutes of the system being off that the data would still remain in RAM to be retrieved by someone who really knows what they are doing. In other words, there is little reason to be concerned about these vulnerabilities. If you worry then just hibernate or power off your system and wait two minutes before leaving it alone.
I would also like to say that I’ve had it installed on my laptop for a long time and have never noticed a performance problem.
Entries (RSS)
Thanks for comment on my site. Nice blog you won and of course with good content.
technobloggers last blog post..Chrome the new browser!!!
Truecrypt is pretty good, but you will have to support it yourself. Utimaco Safeware has a standalone version which is perfect for home or small businesses. If you are a small business and decide to upgrade later to the full Enterprise version, it’s a very easy upgrade without decrypting your hard drive.
For more information, you can attend a weekly public webinar from Utimaco’s website. Go to the website and click Resources -> Webinars.
If you don’t want to go the full disk route, try Utimaco’s SafeGuard PrivateDisk. It creates an encrypted vault on your hard drive and anything you put in there is safe. It’s very similar to Truecrypt, but with support.
There is a downside of Truecrypt, especially if you wanted to use it in an enterprise. Basically you would have to store CD recovery images for every user. It isn’t an enterprise solution. Yet.
The problem I have with Utimaco is that $240 price tag. It is out of the reach for most home users, and that only includes 1 year of support, after which you are back to being “on your own.” The Truecrypt community on the other hand provides endless support.
From what I read, Utimaco is a good product. It’s hard enough to get end users to install encryption software when it is free, so I don’t see how putting a $240 tag on it will encourage adoption. End users looking for a commercial solution are much better off going with hardware encrypted hard drives which ads minimal premium to the cost of a disk.
@technoblogger
I’m not sure you meant what you said. “Nice blog you won”? Just to clarify to my readers, I started this from scratch and all content is mine and will always be my original work. I’m not opposed to doing reviews, paid or otherwise, but it will always be my own content and my own opinion.
Sorry that was typing mistake. Actually the word was “own”. Actually I want to say that you have really a very nice blog with good content.
technobloggers last blog post..Chrome the new browser!!!