If they can’t read it, it isn’t valuable.
Today’s challenge – Encrypting Your Data – Direct Link to Guide Page
By this time you probably have a good grasp on what encryption is: transforming your data into a pile of letters and numbers that is unreadable, unless you have the key. Having data that leaves your control encrypted is absolutely essential – USB devices that your send to someone, files you share with clients via cloud storage, your mobile phone. All of this data is in the lingo, “in motion”. But what about your data that is “at rest”. That is, stored on a hard drive that sits in your office? And what about the in-between case: the data on your laptop that you carry with you but are much less likely to lose that a USB drive?
This “at rest” data needs to be encrypted as well. Even the computer sitting in your office is vulnerable to attack, via the cable that gives it Internet connectivity. What we need is Full Disk Encryption (FDE). Thankfully there are some very good encryption products which are either included with your operating system or are free, open source software.
If you’re a Mac user, it’s pretty straightforward for you. MacOS has a product called FileVault built into it. You just need to follow these instructions to turn on encryption for the hard drive in your machine.
If you’re a Windows user, it’s slightly more complicated (isn’t it always!). If you have the Professional or Enterprise edition of Windows, Bitlocker will be available to you for free, you just need to follow these instructions. If you aren’t sure what version you’ve got, and the device wasn’t issued to you by work, then you’ve probably got Windows Home edition. Which makes things more difficult. You’re either going to have to stump up another $100 or so to upgrade Windows to the Professional edition, or you’re going to need VeraCrypt. It’s a free, powerful, open source encryption tool which, in case you missed it, is free. It’s not as as easy to use as Bitlocker, but, well, it’s free. Justin has a great rundown of how to setup and use VeraCrypt at his post so if you need to go with that option, please refer there.
On that subject, Justin recommends using VeraCrypt even if you’re using a Mac and have FileVault. Whilst I agree that his implementation is significantly more secure than just relying on FileVault or Bitlocker, for the average play-along-at-home user, the built-in solutions are in my opinion good enough for what we are trying to achieve with this challenge.
There is an important point that needs to be made here: if you encrypt your data and forget your passphrase, YOU’RE NOT GETTING YOUR DATA BACK! Make sure you make the password something that you’re going to remember without having to rely on your passphrase manager. It needs to be a strong passphrase obviously, but this is one that you can’t rely on your passphrase manager to handle for you.
Geoffrey: I’ve been using Bitlocker Full Disk Encryption for many year now, and whilst it has some quirks with my current laptop, I’ve never had any problems with it, and have never lost any data.
Juan and Priscilla: Their laptops are controlled by their company IT Department and I was pleased to see that the drives were already encrypted. Well done IT Department!
Diana: With a new MacBook, it was pretty straightforward for Diana to turn on FDE. Diana asked what is a really prescient question – if this technology is built into Macs, and is so good at securing your data, why doesn’t it come turned on as standard. That is a very good questions Diana. The main reason is that there is a small performance loss when using FDE as the file information needs to be decrypted before it can be used. It also means that if someone forgets the passphrase to their computer, the data on it is unrecoverable.
Previous Days Here:
Day 0 – Introduction to the Team
Day 1 – Installing Operating System and Application Updates
Day 2 – Set Up A Standard User Account
Day 3 – Review Privacy Settings
Day 4 – Setup Private & Secure Email
Days 5&6 – Weekend Project #1
Day 7 – Install a Password Manager
Day 8 – Change Your Passwords
Day 9 – Browser Security
Day 10 – Firefox Security Add-ons
Day 11 – NoScript Security Suite
Days 12&13 – WiFi Security Checkup
Day 14 – Virtual Private Network
Day 15 – Two Factor Authentication
Day 16 – Smartphone Security I
Day 17 – Smartphone Security II
Day 18 – Secure Messaging
