Data Security in Simple Terms

01Nov09
TrueCrypt
Image via Wikipedia

Getting back to technical topic now, but as usual aiming to make it plain and simple for every person. In short this post aims to get you a practical idea of how easy and important it is to protect your data from falling into the wrong hands. It does not matter who you are, what data you think you store or where you store, there are people and programs who have a keen interest in everything you save on your hard drive or pendrives. Security tools in today’s age has become more and more freely available and with the dire need for them, more popular. Having a set of security tools to keep your data safe is not a geek status but an essential part of any person’s computing setup.

Methods of Security

  1. File-based :- This is the most basic, easiest and messy form of security. Its quick, portable and is best applicable when sharing sensitive information. I call it basic because to the user, its just a matter of how to get a certain file locked in a container file (secret.txt locked as ahemahem.lock). Its the easiest as its a portable solution. Most of the times the encrypted file includes the decryption mechanism within, so there is no need to carry around the tool used to lock it. Its messy though, because if you lock up a lot of files that you keep for your own use mostly, they’re gonna be all over the place.
  2. Volume-based :- This is the next level of securing data that is still easy, needs some thought but is definitely much less messy. Here a volume means a chunk of disk space that is treated as a complete disk unit with what you read or save to it being totally encrypted. The chunk could be the whole disk itself or a certain portion of it measured in %age or file size. It needs a little thought as most tools don’t allow for a flexible size limit, so the encrypted volumes created take up all the space at the time of creation. Creating too many tiny volumes will be plagued with the problem of being messy like file-based solutions. Having said that, if its your pendrive, simple choice would be to choose the whole disk as an encrypted volume. If its your hard disk, then you might choose to test out with a file-based volume. Basically its a file that can contain your encrypted files within. Downside being you need to have the tool to unlock the volume wherever you take it. Upside: There are portable solutions :)
  3. Physical :- Unlike the previous two methods, this one doesn’t use software to hide/protect data but physical isolation of the storage hardware, in a secured environment. This obviously sounds a little out of reach for home users, but here’s a simple example. When you encrypt an entire pen drive and keep it only for saving extremely important files and lock it away in your closet with lock and key, you basically have physical security right there. Data off the network is safe as no amount of spyware or crackers can get to your data through the computer.
  4. Secure Deletion :- Sometimes the only way to secure data is to remove all traces of it on the disk. There are secure wipe tools, that completely overwrites all traces of any file that you need to leave no evidence of. Its not just incriminating evidence that people need to hide. We sell off old machines. We work on our friends’ machines. Where do you think the data we create and save goes? It has been possible to extract confidential information of many people from hard disks of disposed or re-sold machines with merely undeleting the contents. For the paranoid, higher number of overwrites sound better, but how much disk wear and tear can you justify?

Freely available Tools

I am not going in depth now to explain any of the tools that I mention below that you can try out for your preferred method of security. Sites like MakeUseOf, Lifehacker etc. have good explanations on most of these tools. Most of the tools explained have portable versions. They can be carried on your removable drives and can also be run from anywhere on your hard disk.

For file-based encryption, you can use Toucan, AxCryptor DCU (Drag n Crypt Ultra). These usually create a encrypted file, that contains the original one. For safety they also offer to delete the original file. So you better memorize your password. A special case of these tools is a message or text encryptor. LockText is a file-based encryptor that basically saves your secret text as an encrypted text file. You needn’t worry about filenames or having a mess of text snippets all over the place.
A category of data security tools that fall between file-based and volume-based tools consist of password-protected zip files or similar multi-file containers. These tools help you add up a bunch of files into a encrypted container, but often its hard to add more files or remove files from the container, without a long wait to re-encrypt the entire thing on each operation.

Volume-based encryption tools like FreeOTFE and TrueCrypt have transparent on-the-fly encryption wherein, though the container size is fixed, the files added or removed happen at a slight cost to speed of reading and saving files, which is well worth the peace of mind. Basically how you set up an encrypted volume is to specify a chunk of the disk on which you want to create the volume. Say you want a 100mb chunk. Mostly the software would ask you to name a file, which then will be created with 100mb occupied. You then choose a strong password. Depending on software there will be a method to add randomness like moving your mouse or typing on the keyboard. When you want to use the volume as a disk in your OS, you need to mount it or activate it through the software by choosing a free drive letter or path and entering the password to authenticate it. These tools are wizard driven, so no big deal in remembering the steps. Using the encrypted drives is as straightforward as using your usual disk partitions in your file manager like Explorer and so on.

Secure deletion tools are plenty out there and often free. A lot of software that are not primarily secure deletion tools do offer the feature as an extra. Eraser is a currently developed secure deletion tool, with EraserDrop being a newly developed easier interface to it. EraserDrop puts a trash icon on your screen that you can drop files you want totally erased onto. The only thing you need to think about is how many times you want the tool to overwrite the file with garbage. The more important it is that no one gets to your file, the more number of times you will choose. Its upto you to decide the importance. A minimum of 3 is a must and 35 is for the paranoid, esp. among home users.

Secure deletion tools and the physical method of security has some sort of connection. Think about it, you initially do create or save your digital assets like important information files on your hard disk using your computer. You then archive the old data onto external backup devices to isolate them from the computer and keep them physically safe. What happens to the originally created files on your computer’s primary storage? That’s where secure deletion tools help ensure that besides the off-site backup, there are no other traces of the data on the original hard drive, where the files were first saved or created. External disks have become really really affordable. If you only use it exclusively for the work data that you have at just 1TB or so, you could backup data for a couple of users. You could allot equal sized volumes for each person with their own passwords to protect their containers.

How much is enough?

As I often mentioned through the article, that security can be set to really high level, that is always cumbersome to unlock or at very minimal level, that is easier to break. There is no optimal setting that is universal. How much security is enough, depends on how easily your mind is convinced to be at peace with the choices made. You might feel using 3 layers of cascading encryption method would be best, but what if your storage medium wears out faster as a consequence, and to think all you did were store some of your upcoming blog drafts? Think a bit, not too much. Get started with the tools first.

When you leave your house, do you care more to lock your house up properly or being able to identify the burglar on the streets? Similarly its important to lock your important information rather than guessing who’s gonna be after it.

Reblog this post [with Zemanta]
About these ads


3 Responses to “Data Security in Simple Terms”


  1. 1 Learn to Use Free File Security Encryption Software
  2. 2 7 security practices you need to follow | spf13.com
  3. 3 7 security practices you need to follow | Steve Francia's Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Follow

Get every new post delivered to your Inbox.

Join 146 other followers

%d bloggers like this: