Protect That Stuff My Friends

Got a smartphone?  Got a computer at home?  Got something sensitive on there you don’t want falling into the wrong hands should you lose a laptop?

I’ve  had a lot of luck encrypting data.  So far, no major issues.  Here’s what I’ve used, if you have something I should look at, I’d love to hear about it.

Oh and any of these can work for you at home or in the office.  If in the office, just have a management plan as you would any other effort.

TrueCrypt

This is one of my favorites.  I used it on a USB drive and it worked great, like Windows Bitlocker To Go.  Lightweight, open source, free and I can secure things on Linux nicely.  I’ve also used it on my Mac at home too.  Definitely worth having a look-see if you’re in the market for something at home or at the office.

Symantec Endpoint Encryption

Another very easy tool, one that has a lot of merit in an office setting.  I’ve run a management server to manage all the endpoints, but they can run as stand alone managed clients.  Anyhow, one of the unique features I like is taking advantage of the pre-boot authentication.  That way, users have to authenticate well before Windows loads.  And last I checked, Symantec randomizes the location of encryption keys in memory so that you never know where to look, making it more difficult for preboot attacks.  It also has a nice management tool to allow client tokens requests, like a help desk for users when they get locked out.

If you enable pre-boot authentication bypass, you’re drive will still be encrypted, but just make sure you recognize that you’re OS will still be vulnerable to OS or network based attacks.

I’ve personally encrypted a drive with this product, then booted into Ubuntu (or maybe I was using Backtrack at the time, can’t recall), and tried to look at the data on the disk.  Couldn’t do it, encryption worked like a charm.

Bitlocker

I’ve also used this tool quite a bit.  Windows operating systems are encountered quite a bit.  No surprise there.  But if you want something easy to use and built into Windows, take a look at it.  I’ve only encountered a few weird issues.  One example I recall is having some windows updates come through as they normally do.  Then, upon a reboot, Bitlocker asked me for a 48 character passkey (you save that somewhere, say a USB drive, once you enable Bitlocker on a drive) since some changes were made to the system.  I’d expect that if I made changes to the BIOS or something else substantial.  But hey, I don’t know what that update did under the covers, just a regular Windows update.  So I either have to type in that passkey or I can insert my master USB drive and boot to it.  Just keep the master USB key in a safe place or you’ll be hosed.

Also, in practice, I’ve noticed that once booted into Windows, I have to disable and then enable Bitlocker again to get it to quit asking me for the passkey.  Those instances have been rare, but I wanted to share them nonetheless.  I’ve used this on many, many laptops for a couple of years now and it’s been good to me.

Built-in iOS

One more thing.  If you have a smartphone, turn on encryption!  It’ll be in the settings somewhere, just look for it.  Use a password too – no good to turn on encryption if you don’t have a password protecting your phone.  If you have an iPhone like I do, just check out the link above.

I’ve hacked my previous iPhone (OS < 4, I think it was).  It’s much improved and doesn’t have the same vulnerability.  At the time, I believe I used the iPhoneBrowser tool and reset the password using the internal database.  Can’t really recall it’s been a while, but I do remember that being fixed quickly by Apple.  But the point is encrypt it so that’s not an issue.

That’s it.  I just wanted to pass along some tools I’ve used in practice and had good luck with…let me know if you have any comments!

Advertisements
Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: