I keep struggling with how I want to maintain security and reliability for my critical information.
First things first - if you are in an area where you are concerned about your safety because of information you feel you need to keep encrypted - don't use the internet. I don't have any information that requires this level of security. If you do, you have bigger problems than security, but here are a few ideas:
Don't connect the computer to the internet. Have a dedicated machine with a tamper seal (I'd recommend a laptop) with a strong password for log in. Note that if someone is trying to get access to your information, they can put a hard drive in your machine that looks exactly like a windows log in and have it send your password information over the internet - and if their hard drive is in the machine, your log on password is now compromised. If they image your hard drive and put it back in the machine, but with an altered system file that just sends keystrokes to a remote IP address, you won't even know your data is compromised. So the tamper seal becomes important - but probably can be overcome if they are dedicated.
The best way to overcome this attack is to encrypt the root volume of your computer, which TrueCrypt will allow you to do. Again, I don't have any information that falls into this level of security. I'd use an encryption program such as TrueCrypt to cover the information on the drive on the drive as well, with a long sentence based password that is something you'd remember, like "ThetimeIbangedthatchickIpickedupatthebarwasAWESOME!", or use a key file with a picture that you recognize, but keep it in a picture album with many other files. Or use both. This allows for a form of backup, if you are willing to risk it, since the encrypted volume file can be copied. If it is less than 4GB, burn it to a DVD. Without the keyfile or password, it is probably protected against anybody but the NSA. Or them torturing you to get the access. Again, if you have this level of security problems, I wish you the best. Caveat Emptor - I've never used the encrypted root volume of TrueCrypt, so I am unsure how effective it is or even how to set it up.
For run of the mill, ordinary people, like my self, I recommend the following. I break my information down into three categories:
First things first - if you are in an area where you are concerned about your safety because of information you feel you need to keep encrypted - don't use the internet. I don't have any information that requires this level of security. If you do, you have bigger problems than security, but here are a few ideas:
Don't connect the computer to the internet. Have a dedicated machine with a tamper seal (I'd recommend a laptop) with a strong password for log in. Note that if someone is trying to get access to your information, they can put a hard drive in your machine that looks exactly like a windows log in and have it send your password information over the internet - and if their hard drive is in the machine, your log on password is now compromised. If they image your hard drive and put it back in the machine, but with an altered system file that just sends keystrokes to a remote IP address, you won't even know your data is compromised. So the tamper seal becomes important - but probably can be overcome if they are dedicated.
The best way to overcome this attack is to encrypt the root volume of your computer, which TrueCrypt will allow you to do. Again, I don't have any information that falls into this level of security. I'd use an encryption program such as TrueCrypt to cover the information on the drive on the drive as well, with a long sentence based password that is something you'd remember, like "ThetimeIbangedthatchickIpickedupatthebarwasAWESOME!", or use a key file with a picture that you recognize, but keep it in a picture album with many other files. Or use both. This allows for a form of backup, if you are willing to risk it, since the encrypted volume file can be copied. If it is less than 4GB, burn it to a DVD. Without the keyfile or password, it is probably protected against anybody but the NSA. Or them torturing you to get the access. Again, if you have this level of security problems, I wish you the best. Caveat Emptor - I've never used the encrypted root volume of TrueCrypt, so I am unsure how effective it is or even how to set it up.
For run of the mill, ordinary people, like my self, I recommend the following. I break my information down into three categories:
- Information that I have a ton of, that is not particularly sensitive, that I would like to keep backed up, ideally both locally and remotely. There are plenty of pay to play services here that work fine. I like iDrive as you can have a key file that makes the information garbage to them. If it is smaller, SkyDrive from Microsoft gives you 25GB for free. We routinely make DVD backups on a monthly / yearly basis to backup our photos. There are several online services that allow you large backup volumes. I'll admit I don't use one.
- Information that I want to keep secure, but is not huge. In this category I place my Quicken data files, my downloaded pay statements, scans of hard copy financial data, backup of my contact data, etc. While I wish it were open source to really provide the level of cryptographic integrity that comes with open source software, I currently use CloudFogger in conjunction with a SkyDrive account to keep all my important data both secure, and remotely backed up. This data exists in an encrypted state on my hard drive, so if my laptop is stolen, I am relatively confident that they will not get access to the data, and with the remote backup capability, I'll be able to recover the information.
- I only recently started using #2 above, and before that I used (and still use) a 10 GB partition on my computer encrypted with a long password or key file. Right now the only thing of note on that partition is my Outlook file. I don't think it is any more or less secure than CloudFogger, but I believe the performance is a bit faster. But that is totally anecdotal. No testing to back that up.
- For all my passwords, I use KeePass. I use a file that is uploaded to DropBox, and then can access that on my phone if required. I try not to use this option much, and always close the application on my phone when complete. But there have been several times I've been happy to have it on my phone.
Note that DropBox is also a potential choice, though it does not have the same size for free that SkyDrive has. DropBox is potentially a better performer that SkyDrive in terms of internet loading in that DropBox tracks the sectors of a file that have changed and only updates those sectors. SkyDrive does a file change based replication. Note these again are based on anecdotal reading - not based on testing I've personally executed.
I recommend that you do not keep information from #2 above on your phone. Too risky. I keep contact information, email, tasks, notes, and a copy of my KeePass file as I mentioned above. That is as much risk as I want to take for a cell phone. If someone steals it, my entry password is probably secure enough that they won't guess it before my phone wipes itself. Bottom line, consider that all unencrypted information on your phone will be compromised. I recently went through my Outlook Notes with that in mind and changed many Outlook Notes to entries in KeePass. This gives me a sufficient level of comfort with the security of the data.
No comments:
Post a Comment