With their high capacity and low cost, USB storage devices have become popular
for backing up and storing data. However, with the convenience comes a risk:
What happens if you lose a USB storage device that has confidential business
data or personal data? Losing confidential business data can damage a company's
reputation and put employees and customers at risk. With the rise in identity
theft, losing personal data can be equally damaging.
You don't need to stop using USB storage devices because of this risk. Instead,
you just need to safeguard the data you store on them. Although you can purchase
USB storage devices that feature fingerprint recognition technology, encryption
capabilities, and password protection, you can use free software solutions to
protect the data on existing USB storage devices. My favorite is TrueCrypt,
which you can use with Windows Server 2003, Windows XP, Windows 2000, and Linux.
TrueCrypt (http://www.truecrypt.org)
is a free open-source tool that uses encrypted volumes to protect data on USB
storage devices and PCs. (You can also use it to encrypt physical partitions
or devices.) Data on encrypted volumes can't be accessed without the correct
password or password and keyfile combination. You can create a standard volume
or a hidden volume. A hidden volume is a volume hidden inside a standard volume.
I used TrueCrypt to create a password-protected standard volume on my USB storage
device and a backup copy of the encrypted volume on my PC. With this setup,
my data is secure and backed up in case my USB storage device is ever lost or
stolen. Here's how you can do the same:
- Attach your USB storage device to your PC.
- Download and install the TrueCrypt software on your PC.
- Launch TrueCrypt. In the TrueCrypt UI, click the Create Volume button to
launch the TrueCrypt Volume Creation Wizard.
- In the opening page, select the Create a standard TrueCrypt volume
option and click Next.
- In the Volume Location page, click Select File. In the Specify Path
and File Name dialog box, specify the path to the volume you want to create
on the USB storage device (e.g., E:\PersonalData\) and the name you'd like
to give the volume (e.g., Confidential). Click Open, then Next.
In the Encryption Options page, you can select the encryption and hash algorithms
you want to use. Unless you have specific algorithms in mind, leave the defaults
and click Next.
- In the Volume Size page, specify the maximum size of the volume, then click
Next. How much space you want to allocate to the volume is up to you. For
example, my USB storage device is 1GB, so I allocated 500MB to the volume.
- In the Volume Password page, enter the password you want to use. The stronger
the password, the more difficult it will be to guess or crack. TrueCrypt recommends
that you use a password that's at least 20 characters long and has a combination
of uppercase letters, lowercase letters, numbers, and special characters.
Reenter the password to confirm it, and click Next.
- In the Volume Format page, select the appropriate file system (in my case,
I chose NTFS), then randomly move the mouse within the Volume Creation Wizard
window for 30 seconds or longer. According to TrueCrypt, moving the mouse
is important for the quality of the encryption key. Click Format.
- After the formatting finishes you'll receive a message box stating the
volume was successfully created. Click OK, then click Exit to close the Volume
Creation Wizard.
Note that steps 1 through 9 are required only when you're creating the volume
for the first time. After it's created, you only need to follow steps 10 through
13 to use it.
- In the TrueCrypt UI, select the drive letter to which you want to mount
the volume, then click Select File. In the Select a TrueCrypt Volume dialog
box, select the volume you just created and click Open. In the TrueCrypt UI,
click Mount. You'll be prompted for a password. Enter the password you specified
in Step 7, and click OK.
- Now that your volume has allocated space and a drive letter assigned to
it, you can move all your confidential data to this virtual drive. You move
files to this virtual drive the same way you move files to any other drive.
For example, you can use Windows Explorer to move files to the virtual drive.
The data is encrypted on the fly as it's being written.
- After all the data is on the virtual drive, you need to dismount the volume.
In the TrueCrypt UI, click the Dismount button. Click Exit to close the TrueCrypt
application.
- Copy the TrueCrypt program folder from your PC to the USB storage device.
That way, you can view the encrypted volume on the USB storage device no matter
what PC you're using. (To view data on the encrypted volume, you need the
TrueCrypt software.)
- Keep a copy of the encrypted volume on your PC to serve as a backup.
With this setup, your confidential data is encrypted and backed up, giving
you peace of mind. And it didn't cost you anything other than a little bit of
your time.
—Asif Bhatti
Register
spaciba September 26, 2007 (Article Rating: