Page 1 of 2 12 LastLast
Results 1 to 10 of 20
  1. #1
    Mostly harmless member kingdragonfly's Avatar
    Join Date
    Dec 2005
    Location
    Wellington NZ
    Posts
    1,066

    Default How to protect your PC with Encryption.

    I know most people don't care if the someone reads every file on your PC: "if you got nothing to hide, then you shouldn't be worried..."

    However even individuals like ex-President Jimmy Carter, noted peace activist, tries to avoid surveillance.

    Note the following is for stand-alone systems. An enterprise solution, protecting many PC's with centralized management, is outside the scope. I assume you are working from home / "on-the road".

    *************************************
    Tip 1, full disk encryption
    *************************************

    Use stand-alone full disk encryption, to encrypt everything on your hard drive.

    Full disk encryption, abbreviated FDE, will protect your all your contents including memory page file, temporary work files, Internet history, hibernation files, everything...

    In a good stand-alone system, if you lose your password, no one can recover your hard disk.

    By the way, you can backup encrypted hard drives by using any number of disk image tools, that can create a raw sector by sector disk clone. "Acronis Backup & Recovery " is popular.

    https://kb.acronis.com/content/1543

    *************************************
    Tip 2 - avoid BitLocker, use Truecrypt
    *************************************

    Do not use Microsoft's Bitlocker. Even if you try to "opt-out", Microsoft REALLY wants you to store your keys in a hidden central location, out of your control. Given half a chance, it'll copy them elsewhere.

    You should strongly consider using TrueCrypt, which is open-source.

    Truecrypt's short-coming is there's no two-form authentication. (see YubiKey note above)

    *************************************
    Tip 3 Disable hibernation
    *************************************

    Disable hibernation / sleep on your PC. Always power-off your PC when you're not using it.

    Example:
    http://www.moonsols.com/windows-memory-toolkit/

    See
    http://support.microsoft.com/kb/920730

    *************************************
    Tip 4 - do NOT use Solid state drives
    *************************************

    Don't use SSD / Solid state drives with TrueCrypt encryption.

    Use the "old-fashion" / cheaper hard-drives.

    If you use SSD, please realize that the FDE feature is actually riskier than software-based encryption. Most attack vectors still exist for FDE, plus there's an additional attack vector "hot plug attack".

    http://www.truecrypt.org/docs/wear-leveling
    https://www1.informatik.uni-erlangen...s-at-risks.pdf

    *************************************
    Tip 5 - two form authentication
    *************************************

    Let me digress a moment, and discuss "two form authentication".

    Think about using an ATM machine. To get cash, you'll need your ATM card, and know your PIN.

    For PC's "two form authentication" is often a password, and a smart card / USB token.

    For most, a password is sufficient.

    The next level up is pseudo-two form authentication, which protects against most attacks, except for the most extreme.

    https://www.yubico.com/applications/...ion-truecrypt/

    And then for the "I'm Edward Snowden" level, you need true two-form pre-boot authentication.

    For "serious geeks only" solution, you'll need Ubuntu, and supported hardware
    https://www.opensc-project.org/opens...portedHardware

    Lastly there's a commercial product called Winmagic "SecureDoc Standalone". It's supposed to work standalone with tokens, and smart-card readers. By the way, Aladdin tokens are easily available and inexpensive.

    It's not open-source, so that's a problem.

    https://www.winmagic.com/products/fu...on-for-windows
    http://www.winmagic.com/3rd-party-te...r=-&type=Token

    *************************************
    Tip 6 - Do NOT use these
    *************************************

    Avoid these technologies:

    - - Microsoft's Bitlocker

    - - SED: "self-encrypting drives"

    - - TPM: "Trusted Platform Module"

    - - TCG: "Trusted Computing Group".

    *************************************
    Tip 7 - disable FireWire
    *************************************

    This one's easy to fix, because disabling it is almost never noticed.

    Firewire is an Apple technology, that you'll find on some PC's. It's rarely used, and USB 3 is easily poised likely to eliminate it completely.

    Since it's rarely used, have a technician disable your FireWire ports if they exist through BIOS. It also needs to be disabled in Windows.

    Example:
    http://www.breaknenter.org/projects/inception/
    http://support.microsoft.com/kb/2516445


    *************************************

    Here's some background articles

    http://www.mcbsys.com/techblog/2010/...and-bitlocker/
    http://ctogonewild.com/2009/08/28/10...out-bitlocker/

  2. #2
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: How to protect your PC with Encryption.

    I doubt USB 3 will eliminate firewire, if the device youre using doesnt use or have USB 3.

    I may use TPM. Since I'll be getting a TPM module for this mobo sometime this week. I doubt that it'll or can sync with Onedrive / whatever if its off / disabled. And if you dont use your MS account in Win 8.1.

  3. #3
    Mostly harmless member kingdragonfly's Avatar
    Join Date
    Dec 2005
    Location
    Wellington NZ
    Posts
    1,066

    Default Re: How to protect your PC with Encryption.

    I find the FireWire security hole a bit shocking:

    "The [Inception] tool can unlock (any password accepted) and escalate privileges to Administrator/root on almost* any powered on machine you have physical access to. "

  4. #4
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: How to protect your PC with Encryption.

    Cant say I've ever used a password for firewire. I know people who have tried to give it an ip address, which is a no-no. It can screw it up. I know that it can cause network probs for some reason. Esp when its starting to die or fail

    I had a FW card in the other PC here, then noticed over time, it couldn't get online. The longer it was installed, the worse the network connection got. Until I removed it completely

    Used to have one in this too for the video cam I've got (so I can xfer video, since the only thing its got is a FW connection).

    But have removed it now. Since, the one I've got now, uses an SD card. And I can use the card reader to copy what I record
    Last edited by Speedy Gonzales; 14-05-2014 at 03:17 PM.

  5. #5
    Systems Engineer Alex B's Avatar
    Join Date
    Mar 2010
    Location
    London
    Posts
    1,669

    Default Re: How to protect your PC with Encryption.

    Don't use an SSD, yeah right.

  6. #6
    Mostly harmless member kingdragonfly's Avatar
    Join Date
    Dec 2005
    Location
    Wellington NZ
    Posts
    1,066

    Default Re: How to protect your PC with Encryption.

    You read the links before you posted your reply.

    Yeah right

  7. #7
    Computer Technician wainuitech's Avatar
    Join Date
    Aug 2007
    Location
    Wellington
    Posts
    28,347

    Default Re: How to protect your PC with Encryption.

    What say a person doesn't use Encryption on their drives. A high percentage of people don't, so its all irrelevant really.

  8. #8
    Mostly harmless member kingdragonfly's Avatar
    Join Date
    Dec 2005
    Location
    Wellington NZ
    Posts
    1,066

    Default Re: How to protect your PC with Encryption.

    My very first sentence said most people don't care about encryption.

    It's inconvenient. Even when there's no performance degradation, you still have to do / have something extra to start your PC.

    Hopefully it of interest to a couple of people.

  9. #9
    Senior Member fred_fish's Avatar
    Join Date
    Sep 2009
    Posts
    1,995

    Default Re: How to protect your PC with Encryption.

    I've seen more data loss in the last year due to people (mis)using encryption than to hardware failure.
    Forgetting the passphrase, remembering the passphrase but formatting the device with the actual encryption keys etc.

    Them: "You can 'bypass' this password thing can't you?"
    Me: "Um - no... Where are your [unencrypted] backups?"
    Them: "Ah......" (priceless look on face as reality hits)
    Me: ROFLMFAO

  10. #10
    Modulator Greg's Avatar
    Join Date
    Dec 2004
    Location
    Napier
    Posts
    9,115

    Default Re: How to protect your PC with Encryption.

    Quote Originally Posted by kingdragonfly View Post

    Hopefully it of interest to a couple of people.
    It is, and thanks.
    Bugger the cancer. I'm suffering from terminal inertia.

Similar Threads

  1. WEP Encryption Key
    By EFFIGY in forum PressF1
    Replies: 5
    Last Post: 14-11-2009, 10:20 AM
  2. 2 way encryption using php - How?
    By Morgenmuffel in forum PressF1
    Replies: 5
    Last Post: 31-10-2005, 09:59 PM
  3. Help with encryption please...
    By paradox in forum PressF1
    Replies: 6
    Last Post: 14-10-2005, 08:16 AM
  4. Encryption
    By Neverest in forum PressF1
    Replies: 2
    Last Post: 15-06-2005, 01:47 PM
  5. no encryption in IE
    By loser in forum PressF1
    Replies: 9
    Last Post: 28-11-2002, 04:29 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •