7 Whole-Disk Encryption Apps Put A Lock On Data - InformationWeek
IoT
IoT
Software // Enterprise Applications
News
3/25/2008
09:06 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%
RELATED EVENTS
The Real Impact of a Data Security Breach
Aug 02, 2017
In this webcast, experts discuss the real losses associated with a breach, both in the data center ...Read More>>

7 Whole-Disk Encryption Apps Put A Lock On Data

TruCrypt, PGP, FreeOTFE, BitLocker, DriveCrypt, and 7-Zip provide remarkably strong, on-the-fly, encryption to keep your data secure from loss, theft, or prying eyes.

Few IT professionals need to be lectured about data security. All too frequently we hear of the theft or loss of a computer or hard drive with data stored in the clear -- without encryption.




TrueCrypt volume contents are indistinguishable from random data.
(click for image gallery)

Fortunately, on-the-fly data encryption is no longer some exotic, costly beast. Rather than just encrypting single files, some applications are able to create virtual disks, either within a file or directly on a partition, where everything written to the disk is automatically encrypted. On modern hardware, the overhead for encryption is minimal; you no longer need dedicated hardware to make this happen.

In this review I've looked at several programs for creating and managing encrypted volumes, from Windows Vista's own BitLocker encryption to PGP's full-blown desktop suite for encrypting e-mail and instant messaging. You can even get remarkably strong, well-implemented whole-disk encryption without having to pay for it -- although in a corporate setting, features like manageability or support are well worth paying for.

1
TrueCrypt 5.1a
Cost: Free / open source
Web site: www.truecrypt.org

TrueCrypt makes an incredibly strong case for being the first whole-disk or virtual-volume encryption solution to try out. Aside from being free and open source (two big pluses), it's full of smartly written usability and data-protection features and is an effective way to encrypt a whole system, including the OS partition.

TrueCrypt lets you use your choice of AES, Serpent, and Twofish algorithms, either singly or in various combinations ("cascades"), along with the Whirlpool, SHA-512, and RIPEMD-160 hash algorithms. The actual encryption can work in one of three basic ways: it can mount a file as a virtual encrypted volume; it can turn an entire disk partition or physical drive into an encrypted volume; and it can encrypt a live Windows operating system volume, albeit with some limitations.

Encrypted volumes can be protected with a password and optionally a keyfile for additional security -- for instance, a file on a removable USB drive, which lets you create a form of two-factor authentication. If you create a standalone virtual volume, you can use a file of any size or naming convention. The file is created by TrueCrypt itself and then formatted to ensure that it appears to be nothing more than random data.

TrueCrypt is designed in such a way that no encrypted volume or disk can be casually identified as such. There is no obvious volume header, required file extension, or other distinguishing mark. The one exception is encrypted boot volumes, which have the TrueCrypt boot loader -- but it wouldn't be impossible in future versions of the product to conceal the entire volume and use an external boot loader from a USB thumb drive or CD. On that note, it's also possible to create a self-encrypted USB drive which runs in "traveler mode" -- it contains a copy of the TrueCrypt executable and can be mounted and run on any Windows machine where the user has admin privileges.

TrueCrypt also includes what it bills as "plausible deniability" features, the most significant being the ability to hide volumes inside each other. The hidden volume has its own password, and there's no way to determine if a given TrueCrypt volume has a hidden volume somewhere in it. If you write too much data to the outer volume, however, there's a chance you can damage the hidden one -- but, as a protection measure, TrueCrypt optionally lets you mount the hidden volume as read-only when mounting the outer volume.

If you're using system-disk encryption, the actual encryption process takes a while, but it can be suspended and resumed on demand (you may want to do it overnight with the PC in a locked room), and the program insists on creating a rescue CD that can be used to boot the computer in the event of a disaster. (One disadvantage: you can't encrypt a Windows system that's dual-booted from a non-Windows bootloader.)

Previous
1 of 6
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll