3 Comments

TrueCrypt: A Free, Effective Way To Protect Mobile Data

Written by:  • Edited by: Bill Bunter
Updated May 7, 2010 • Related Guides: Usb Flash Drive | Windows
4

There's no question that encryption is necessary to protect data on USB drives, laptops, or removable media. If you don't need a centrally managed encryption solution for your business, TrueCrypt may be exactly what you need. Read on to find out more in the comprehensive review of TrueCrypt 6.1a.

Protecting data on mobile devices is not an option. Every security manager knows this can be a hole in an organization's defenses. The best way to protect data on the move is encryption. However, providing the right tools is not easy--especially when cost is an issue. Any tool must be easy to use and one most, if not all, users are willing to integrate into their daily routines. TrueCrypt fulfills these basic requirements, and then some.

I installed and tested TrueCrypt 6.1a (released December 2008) from the perspective of user and SMB security manager.

Feature Set
Rating Excellent

TruecCrypt is an open-source encryption solution provided by the TrueCrypt Foundation. It isn't new to the encryption market. Version 1 was released in February of 2004. According to the Web site, the following are the product's main features:

  • Creates a virtual encrypted disk within a file and mounts it as a real disk.
  • Encrypts an entire partition or storage device such as USB flash drive or hard drive.
  • Encrypts a partition or drive where Windows is installed (pre-boot authentication).
  • Encryption is automatic, real-time (on-the-fly) and transparent.
  • Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:
    • Hidden volume (steganography) and hidden operating system.
    • No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).
  • Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS.

TrueCrypt also supports security tokens and smart cards.

Users can encrypt entire USB drives or create encrypted areas for storage, called containers. Encrypted volumes can be auto-mounted via the TrueCrypt interface or via a script using command line capabilities.

Another great feature is TrueCrypt's requirement to backup the master boot record (MBR) before encrypting a laptop system disk. There is no way around it. No backup, no encryption. The backup disk provides a means to recover if the TrueCrypt MBR is corrupted.

Showing page 1 of 2
1
We Also Recommend...

Comments

Showing all 3 comments
 
jaswinder Oct 8, 2010 4:37 AM
Create volume using command line not GUI
Create volume using command line not GUI
Tom Olzak, CISSP Mar 2, 2010 7:52 AM
Windows problems
CentralCoastRick,

The problem with Windows you describe in your comment is usually not a problem with TrueCrypt. It is a characteristic of using localized encryption instead of full-disk encryption. In addition to backup copies of files, there are hibernation file and swap file concerns. However, you can solve these problems with TrueCrypt by using it to encrypt the entire hard drive and implement pre-boot authentication.

For more information on these topics, see "Choose Encryption Wisely" (http://www.brighthub.com/computing/smb-security/articles/22969.aspx) and "Protect enduser devices from swap and hibernation file data leaks" (http://blogs.techrepublic.com.com/security/?p=225).
CentralCoastRick Mar 1, 2010 9:22 AM
Turecrypt
Was hoping the reviewer would comment on some of the problems using Truecrypt in Windows. (My concerns are more with windows problems - such as applications like word making backup/autosave copies of docs on the application drive from an Truecrypt drive which remain visible after the truecrypt drive is closed.)
 
blog comments powered by Disqus
Computer Security
FEATURED AUTHORS
veikoh Sandro Gauci Tye Yorkshire John Garger
Tricia Goss Chris Hoffman William Busse Radell Hunter
Most Popular Articles
Email to a friend