How Do You Protect Your Data?
Posted in Random by Dan at 11:01 pm
This post was published 9 months 2 days ago and its content may not be valid anymore.In light of what happened to me recently, I am rethinking my personal data encryption techniques. The IT professional in me wants to deploy the industrial grade security I have deployed at the companies I consult for, but in reality a personal workstation needs to be treated differently.
A simple user password is not enough protection. Now, the tin foil world is out to get me attitude I am subscribing to wants PGP WDE (Whole Disk Encryption), but good security doesn’t come without consequences. So, I think we should open a discussion of your personal data protection schemes and how you balance performance with security.
Protected partitions? Bit Locker? Secured Directories? The Cloud? Sound off on what you do to protect your data?
I wanted to use TrueCrypt on my laptop’s internal, but it doesn’t support multiple partitions on one drive. I might try Bitlocker.
FileVault seems to work fine for me. No noticeable speed hit, and it requires no 3rd party software. The only weak link in it is the possibility of using a weak passphrase, but that’s the same for any encryption.
And not more than a day after you got your laptop stolen, someone broke into my mother’s house and completely wiped her out. Ironically, the only thing they left was her macbook. Sure, they take the Dell, but leave the Apple. Go figure.
Ian… I feel so bad for your Mom. I’m so sorry.
Oh, and for backup, I use Amazon S3 with full private key encryption. Pretty cheap and I can access my data anywhere thanks to JungleDisk.
@Ian
Sorry for your Mom’s loss, good luck!
My suggestion is to have a truecrypt volume (syncd to the could with dropbox) that you encrypt using a file (stored on pen drive and backup somewhere safe) and long pass phrase.
Then store all data, application settings etc. on the turecrypt volume (not sure how easy this is on a Mac, I am a mostly a Windows/Ubuntu/BSD users), and religiously run or schedule a secure delete program to clean up everything outside the truecrypt volume.
This way your Mac is completely secure if nicked, and all your data is securely syncd to the cloud and other computers, win win!
I use Drobo’s for in home backups
I use Zenfolio and Amazon S3 to backup all of my photos
The problem with solutions like TrueCrypt or File Vault is that while they look like a normal file system while you’re using them, they’re actually a big single blob of encrypted binary when you’re not using them. This makes them a complete fail for incremental encrypted backups. My home directory is normally between 20-30 gigabytes. Not like I can send that up to the cloud every day.
So, you either have a big encrypted volume OR you have easy backups. I restrain my paranoia and run an unencrypted file system with certain sensitive things encrypted on an as-needed basis. This allows for easy incremental backups to disk with Super Duper, and to the cloud as well.
I have been thinking lately about doing two partitions, an OS partition and a personal data partition. the problem with this is that I use windows and of course all the data that programs save (profiles and the like, which can contain important data) gets stored to OS partition, a work around for this is downloading portable applications, these are made to store your information in the same folder they’re installed in, and ensure that they will be encrypted with the personal data partition.
Another option is to get a large enough USB flash drive, and either keep it in your shirt pocket, or hook it to your key chain or phone, maybe store it in your wallet, if it doesn’t have a hole for a key chain, open up the device if possible, make a note on the outside where the internal components end, put it back together, and drill a hole. Then store all the information you want to keep save on that drive alone (I again suggest getting portable applications, but I’m not sure how a mac would deal with these) then if you want you can encrypt that with your favorite encryption software.
The last option I’ll suggest is to write your own operating system and then write all the programs for it, then only you would know how to get to your files! (I kid I kid)
I do keep my personal data on a partition. I keep my keepass file in the cloud and can access it from my phone or pc. I keep a copy of my bookmarks in the cloud and in Foxmarks (latest version is awesome).
A bios password will stop almost everyone from getting in to a laptop. But that scares me. It would make you laptop worthless to thieves though.
I tried encrypting my data partition, but forgot to write down the password. I finally remembered it, but no longer encrypt anything. I leave the bulk of my files on my home PC (ubuntu) and put what I need on a 16g flash drive (have lost those as well). I am moving and syncing personal stuff to the cloud. When out and about I usually have a old laptop with a 12″ screen for work.
I never use remember me or my password on any computer. Never type in passwords in a public wireless network ( such a hassle).
My best security technique is that I live 15 miles from the nearest stoplight and it is 80 miles to the next one after that. No one locks their car, keys are often in the ignition or on the floor. I have to convince customers to encrypt there wireless networks as they feel it would be ok if someone used their network.
as far as encryption goes, i don’t do any of that. I tried it a few times, and it was good, while it lasted, but it wasn’t practical.
As a safety means, i have my data stored over various hds, (no raid). one hd for the OS (vista ultimate), one hd for recorded TV/movies, one hd for music, one for photos. I’m very paranoid about loosing data.
As far as backing it up after that, the OS i dont care too much about, tv i care alot about because i have whole series ive recorded, music is eh, most of it i can rerip, or redownload from iTunes. Photos i care the most about, those are on a dvd backup, once a month.
I’m also trying to setup an off site backup between me and my friend. Between the both of us we have plenty of computers to spare, we just need to figure out the easiest way to implement it. (I also don’t like to pay for services).
I believe the online storage solution Wuala is solving many issues that have been discussed above. Thought the hint could be helpful to enrich this discussion.
Wuala is a java desktop client (no installation required) which encrypts files on your computer employing the 128 bit AES algorithm upon insertion. The files will then be sliced into fragments and distributed around the P2P network. Since privacy was a major concern when designing Wuala, neither the password nor the encryption key ever leave the computer. Only an encrypted encryption key will be stored in the network to enable global file access. This gives the advantage of good privacy while it also means that the only key to your data is your password, which we will never be able to recover in case of loss. I believe that we are the only one or at least among the very vew personal online storage providers who grant this level of privacy (who can’t access your personal data), hence providing a unique level of data security.
Before working at Wuala, I liked Dominik Grolimund’s (CEO and Co-Founder of Wuala) speech at the Google Tech Talks to get a basic understanding of the technology, which I recommend to the interested parties, too. Then there are also some scientific publications further explaining our security and encryption mechanisms.
Disclaimer: I work at Wuala.
I back up nightly to an external HD (using Time Machine) and sync my contacts and calendars using MobileMe. If both my laptop and my external HD are stolen, I’m screwed as far as data loss goes, but if just one is lost I can retrieve everything. If I were more serious I would have a second external HD and backup daily at work.
So I’m a bit confused: is it that easy to hack a good-quality user account login password? How many thieves have such expertise? Do we really need to be so worried?
Eric
I believe anyone can overwrite your user password with the Mac install CD.
cat,
I knew that without a firmware password anyone can boot up from the Mac install CD, but does that give access to password-protected user accounts? I thought that a thief’s usual course of action at that point would be to erase the entire disk and then either use or re-sell the laptop. Am I mistaken?