420 likes | 718 Views
Using TrueCrypt. 6 th May 2009. Sensitive data. data which relates to a living individual who can be identified by that data. strategic planning or financial information Sensitive data now MUST be encrypted if being accessed outside QUB. What is encryption?.
E N D
Using TrueCrypt 6th May 2009
Sensitive data • data which relates to a living individual who can be identified by that data. • strategic planning or financial information Sensitive data now MUST be encrypted if being accessed outside QUB
What is encryption? • Data is garbled using a key (usually a password) • If data is lost or stolen, it is inaccessible • Without the key, no way to access data – so don’t forget your password. • Not recommended that you store your ONLY copy of anything important in an encrypted volume
TrueCrypt • We will be using TrueCrypt to implement encryption in Psychology • Now installed on all computers in Psychology • TrueCrypt is available for MacOS • Other solutions available e.g. IronKey (but 1GB key costs £60+VAT, 4GB costs £100+VAT)
What to encrypt? • Can encrypt entire computer • e.g. School laptops in workshop; enter password to enable the computer to boot • Do NOT recommend do this with desktop computers • Or can encrypt a part of a disk • May wish to do this on your desktop computer • Recommend you do this on your memory stick
How does TrueCrypt work? • It creates an encrypted area inside an ordinary file. This file can even be disguised. • File can be on your Desktop or on a memory stick – anywhere you like. • When you provide the correct password, the file becomes a volume in My Computer with a drive letter – just like inserting a memory stick. • Files that are copied to our from the encrypted volume are encrypted/decrypted on the fly.
VERY IMPORTANT • To access an encrypted volume • EITHER need TrueCrypt installed (computers in Psychology) • OR need to have administrator privileges (home computers, laptops) • use on 3rd party e.g. hospital computers would need to be clarified (use IronKey?)
Practical Session I • Create an encrypted volume on your USB memory stick or on the computer you’re sitting at. • Recommend only encrypt a portion of your memory stick. Rest can be used for non-sensitive unencrypted data.
Type or select the name of the file to hold the volume If using a memory stick, make sure it is inserted now Do not use an existing file as a file container as it will be completely overwritten.
Encryption Options Keep the default settings
Enter the size for the new virtual volume – for today, 1GB maximum Ensure that you have enough free space for whatever volume size that you chose. Note that there is a 4GB limit on computers for which you do not have administrative privileges. Also ensure that the file container you are creating is big enough to hold the data you need to encrypt – the container cannot later be resized.
Enter a password Use a long password or phrase that you will remember. Loss of this will make your data permanently inaccessible. Key files provide an extra layer of security but are not required. If you type a short password, a warning will appear.
Final step - format the volume Unless the encrypted volume is larger than 4GB keep the default settings for ‘File system’ and ‘Cluster’. Now move the mouse randomly within the window for about 30 seconds, to generate strong cryptographic keys. Click 'Format'.
Practical Session II • Set up AutoRun on your USB device • Makes access to your encrypted volume easier • IMPORTANT: this allows you to access your encrypted data if TrueCrypt is not installed but ONLY if you have administrator privileges on that computer.
Traveller Mode“Tools -> Traveller Disk Setup” Insert the USB device containing the encrypted volume Enter or browse to the drive letter of your USB device Clear “Include TrueCrypt Volume Creation Wizard” Select the “Auto-mount TrueCrypt volume (specified below)” option. In “TrueCrypt volume to mount”, enter the name of file which contains your encrypted volume Click on “Create”.
Using AutoRun Now when you insert your USB device you will normally see a window similar to that below. To access your encrypted volume, select the “Mount TrueCrypt volume” option and enter your password when prompted. If you only wish to access the non-encrypted portion of your USB device, you may click on “Open folder to view files using Windows Explorer”
Practical Session III • Using AutoRun to access encrypted data
New drive in Computer window Your encrypted file container will now appear as a separatevolume – in this case (G:). “TrueCrypt Traveller Disk (F:)” which confusingly is the drive with the TrueCrypt icon, is unencrypted. “Removable Disk (G:)” with a standard disk icon contains the encrypted data.
Removing the memory stick I Open the Computer window and right-click on the device. First select “Dismount All TrueCrypt Volumes” Then select “Safely Remove” You may now remove the USB device from the computer. If Windows won’t allow you to safely remove the device, go to the TrueCrypt icon, right-click on it and select “Exit”.
Removing the memory stick II First, right-click on the TrueCrypt icon and select “Dismount All Mounted Volumes” Then click on the Safely Remove Hardware icon Safely remove the USB device in the normal way. If Windows won’t allow you to safely remove the device, go back to the TrueCrypt icon, right-click on it and select “Exit”.
Practical Session IV • Accessing an encrypted volume without using AutoRun
Open TrueCrypt main window Select any drive letter In ‘Volume’, enter the path to the file containing the virtual volume Click on 'Mount' at the bottom of the window. After entering the password, you encrypted files will now be available. When finished with the volume, select its drive letter again within the TrueCrypt window and the 'Mount' button will become a 'Dismount' button. Click it to release the volume.