Travel Technology - Encrypting data on notebook

I am considering encrypting specific files / folders on my notebook, but don't want to get myself in a jam I cannot get out of. For those of you that have (or decided not to), what are the things to be careful of if there are any at all? If you've opted not to encrypt, why not?

I am considering encrypting specific files / folders on my notebook, but don't want to get myself in a jam I cannot get out of. For those of you that have (or decided not to), what are the things to be careful of if there are any at all? If you've opted not to encrypt, why not?

Google "PGP", get the free application (i.e. not professional/enterprise version) and you're all set. Takes a little time to read instructions, etc.

Works for iPods also...

I highly recommend TrueCrypt (http://www.truecrypt.org) . It can create an encrypted partition as a file or take over the whole disk such as a USB flash drive. It is straightfoward to use. Mount the encrypted partition on drive letter and enter your password. Any files saved to that drive is encrypted. Unmount the partition when done.

An alternative is the encrypted file system (http://www.microsoft.com/technet/security/topics/cryptographyetc/efs.mspx) built-in Windows XP or 2000. Encrypting a file or directory is as easy as right click on the file and check "Encrypt this file" in the detail attribute window. The user needs to be diligent on backing up of his keys. If the users' profile got corrupted and keys were not backed up, the files are nearly impossible to recover. I have seen this happen...

I am considering encrypting specific files / folders on my notebook, but don't want to get myself in a jam I cannot get out of. For those of you that have (or decided not to), what are the things to be careful of if there are any at all? If you've opted not to encrypt, why not?

Is there a specific reason (appart from theft) that is prompting you to encrypt certain files? Do you find that you leave your laptop turned on and unattended for some time?

If none of the above is true, the best thing, and also easiest, would be to set up a BIOS password. Not easily breakable, unless the perpetrator, after digging up the diagrams from some underground online forum, was able to put together a little PCB with various diodes and cathodes mostly obtainable through your local Radio Shack.

If you have any data valuable enough to require encryption (as opposed to using the Windows XP user password at startup), then you should be hiring a data security expert as a consultant, rather than asking for advice from random amateurs like me. :eek:

I'd second Msb0b's recommendation of using Truecrypt. When travelling I carry a list of personal contacts, credit card info & just stuff I wouldn't like to be made public knowledge if the laptop were stolen. I like the fact that after you enter your strong password once Truecrypt becomes unobtrusive and you just use your encrypted drive as if it were a native hard disk. The BIOS password is nice in the fact that it does make it more difficult to boot your computer, but it does nothing to protect the data...if you remove the hard drive and put it in an external USB enclosure (or another computer) everthing is visible.

Just some random amateur musings...YMMV

I just have a lot of data, personal and work, on the machine that I'd not want to be accessed should my pc get lost or stolen.

I use the commercial version of PGP called PGP Desktop Professional. Lots of features, but most important (to me) is whole disk encryption. If you get your hands on my laptop's disk drive, good luck decrypting any of it.

Of course, if you forget your password, you are well and truly screwed.

I just have a lot of data, personal and work, on the machine that I'd not want to be accessed should my pc get lost or stolen.

Commercial encryption can be broken a lot easier than a BIOS password.
But if in fact your laptop is stolen, you will at least have the sadisfaction that the user won't even be able to go past the BIOS password screen. Essentially, that computer is one huge paperweight.
I say put a system BIOS password and a hard drive BIOS password. Make them different. The hard drive retains the password even if it is moved to another computer, and even if the actual PCB of it is changed. In this manner the hard drive is virtually not accessible.

I work in the IT department of a major consulting firm and security is huge for us. The question was raised whether HDD passwords could be broken. I tried tirelessly, whatever I knew, whatever I could think of and whatever I found on the net... no love. The password was not broken.

BIOS passwords can be defeated by removing the HD and attaching it to a different PC. I also heartily recommend using a USB/thumb drive with Truecrypt. I use free suite of USB apps available here (http://www.theinfobox.com/index.php/Portable_USB_Apps) that includes Truecrypt and many other freeware apps.

.

And remember that encrypting single files might not be enough. Depending on how the software is designed, and the persistance of the thief, temp files may be available that are unencrypted. That is why whole disk encryption is stronger.

Edit: remember, even more important than encryption is physical security-if the attacker can't get the laptop, no amount of hacking/cracking technology will help them (assuming of course that you have firewall, antivirus, etc.)

If none of the above is true, the best thing, and also easiest, would be to set up a BIOS password. Not easily breakable, unless the perpetrator, after digging up the diagrams from some underground online forum, was able to put together a little PCB with various diodes and cathodes mostly obtainable through your local Radio Shack.
Not sure about laptops, but for most desktops getting around the BIOS password is as easy as changing one jumper on the motherboard. Takes two seconds, as long as you have the computer manual to tell you which one to change to what.

If you are going to go the encryption route, remember that you have to keep your key and the files separate for this to be effective. So if you're going to leave your laptop in the hotel room, for example, then you've got to take the key with you, or the encryption is worthless.

Also remember to choose a good passphrase, the longer the better, the more random (don't just choose words out of the dictionary) the better.

Highly recommend TrueCrypt - free & effective!!

BIOS passwords can be defeated by removing the HD and attaching it to a different PC. I also heartily recommend using a USB/thumb drive with Truecrypt. I use free suite of USB apps available here (http://www.theinfobox.com/index.php/Portable_USB_Apps) that includes Truecrypt and many other freeware apps.

.

you add a HDD password along with it. Suddenly both laptop and hdd are unusable in the wrong hands.

I also highly recommend TrueCrypt which is free. It provides the highest level of encryption available, same as used by the government for top secret stuff. It is as unbreakable as you can get if used correctly. The only way someone could get your encrypted stuff is to crack your password which would be virtually impossible if you create a strong password and as an extra precaution use "keyfiles" with it (another feature of TrueCrypt). It is slick and highly sophisticated yet very easy to use. You just need to spend an hour or so carefully reading the well written user guide that comes with it so you fully understand its capabilities and how to use it.

With TrueCrypt, you basically create a file (you specify the size) which will be a "container" for a password protected encrypted volume which TrueCrypt allows you to "mount" by entering your password. Once mounted, the volume is unencrypted and behaves and is seen by the OS or programs as another local drive in your system. You can access stored files on it and save new files to it up to the size limits you specified when you originally created the file/container. When you "unmount" it, (a one or two click operation in TrueCrypt), everything in the volume is again encrypted and vindows no longer can see the volume. The only thing windows sees is the file/container, which is fully encrypted and can't be read, unless and until the volume is mounted again by entering the correct password in TrueCrypt.

I have this on my work computer (laptop). It apparently is one of the best out there, but I unfortunately don't know if their "lite" version is truly free, (as you have to register to find out and I already have it). Here's the link (http://www.pointsec.com/), in case you are curious.