Secure your customer data with bitlocker or truecrypt
4.91/5 (3 votes)
If you work on a Windows machine with customer data, you owe it to them, your employer and yourself to secure it - heres a quick run-through how!
Introduction
This is not a coding article, but is important, very important for developers to do - if you dont lock down your data at the moment, then take ten minutes to do it now - this quick article will show you how, and its really important!
(did I say it was IMPORTANT !!!! :) )
In a lot of countries, keeping personal data secure is the law. Have a look at my artice on data privacy/data proteciton for developers for more information.
Most organisations consider the code/work their employees produce property of some sort ... if your machine gets stolen or lost, and the data on it is not locked down, guess who's going to get the blame.... this is a quick run-through of using BitLocker in Windows 8 to create a secure drive where you can save your code and customer data to, ensuring you keep your rear end covered in case of machine loss!
This quick run-through assumes you are using Windows 8. You can also do this in Windows 7 - the routine is more or less the same. One of the things you need to be watchful of is default save locations for things like MS SQL data ... when creating / restoring databases you need to set the path carefully. When using an encryted drive, you also need to take into account that until you unlock/mount the drive, applications that need access tot he data on the drive might report errors. For this reason I leave my SQL-server for example in "manual start" mode, and turn it on from a batch file on delayed start after I unlock my secure drive.
It turns out that BitLocker is only available on certain versions of Windows-8, so for those it does not work on, I have included instructions for using a version of TrueCrypt that was available before it was unfortunetly, abruptly with-drawn from the market. TrueCrypt works in a different way to BitLocker. Rather than operate on a disk level, it creates a secure file container, that gets "mounted" to the system using a device driver, and then appears to the system as a new hard-drive. You can mount and unmount the drive-file at will, and a great benefit is that it is easily transportable. I use both BitLocker and TrueCrypt on a regular basis and dont find any speed issues for data access.
There has been concern voiced that TrueCrypt is "no longer secure" - technically, it is no longer secure in the same way that for the most part Windows XP is no longer secure. What is meant by this is that it is no longer activly maintained, therefore as there will be no more patches or security fixes/updates, it is not as up to date as it might have been. It is understood that the source of TrueCrypt will be branched and deveoped onward. For a good solid discussion on this, check out Gibson research. As the main site for TrueCrypt no longer allows downloads of the last secure version, I have attached it to this article. To get to it, you will need to downlaod the zip at the top of this article, unpack the contents, then rename the file giving it an "exe" extension to run.
Getting to secure...
#1 - BitLocker
Open control panel, search for disk, then click “create and format hard disk partitions”
If you dont have some unallocated drive space already, we need to create some. In this case, select the drive you are going to resize...
Right-click, select “shrink volume”
Wait for system to query the disk volume
Decide what size to make the new drive
Wait until new drive appears
Select, and click “new simple volume”
Walk through the wizard that pops up
Drive is now ready for locking down
Drive is now ready for locking down
Back in control panel, search for BitLocker
We see the new drive
Expand the details, and click the “shield” icon
Check “use password” and enter a SECURE PASSWORD !!
You need to save a recovery key – save this to a file/usb/cd and keep in secure/safe storage, in a different locaiton to your laptop!
Note the warnings (if any), and click next!
We now have a secure drive to store customer data!
When you start the computer the drive will appear as follows:
You can click on the icon and unlock
You now have a secure BItLocker drive setup and ready for use. Thats all - Job done! ... its quick, its easy, please do it, theres really no excuse!
(ps: if you get an error message abut "TPM", you need to tell Windows to ignore it - check here for details .. if you have a TPM enabled drive, the PDF attached gives further info)
#2 - TrueCrypt
After installing TrueCrypt, run it and set up a new secure container. This is done by clicking the "create volume" button on the main screen.
We are going to create an encrypted container and mostly "next..next" through the wizard.
At the next step, you need to tell it *where* to create the encrypted file, so give it a path and file name
Decide what size you want to make the drive...
enter a password (a good one please ... read the attached pdf for some guidance on passwords !!!!!)
Now the fun bit !!! ... you need to move your mouse around the screen randomly for a while to generate some random seed data for the encryption routine...
Having done that (arm tired yet?!), click "format" and TrueCrypt will create the secure container
To use your newly created secure area, , back at the main screen, select the file you created, then click "mount"
Enter your password (it was secure and big, right?!)
Congrats! your secure container is now mounted as a drive on your machine and ready for use
When you are finished, go back to TrueCrypt, select the drive-letter, and click "dismount".
Thats all - Job done! ... its quick, its easy, please do it, theres really no excuse!
(ps: if you get an error message abut "TPM", you need to tell Windows to ignore it - check here for details .. if you have a TPM enabled drive, the PDF attached gives further info)
History
8/Oct-14 - added TrueCrypt as option