Hi, I'm trying to get all my data safely archived and also to protect my local working files from potential unauthorised access. Before anyone mentions my massive pron collection - I don't have one! Here's my situation: I have 3 1TB drives in my machine. One (drive A) for os and programs. One for data (drive B), and the other one (drive C) is kept in sync from drive B. I also keep the most important files on an external drive as a last resort. All is fine with this, but I don't have any encryption on my system which is something I should have sorted out a long time ago as if the machine got stolen, well....you know the rest. 1. I've been thinking of using the Windows built in Bitlocker to basically encrypt EVERYTHING on all the drives. I don't like the idea of using Truecrpyt as I want the software to be somewhat accountable for any problems I might have (if this is possible), and using something like Bitlocker would give me more confidence than say an open source program. Open source v full retail is a no brainer on this for me - I'm responsible for other people's data as well as my own, so this is an important factor. So would this be an effective way to protect the data on my drive rather than using windows EFS? 2. Secondly, I am testing out Mozy to keep the very important files safely backed up online. I'm not really interested in keeping files in sync as most of the files are fairly massive and I don't tend to overwrite files with changes - I just save another version with a higher version number. I just need a secure place to store files. I know Mozy encrpyts files prior to uploading, but should I look into zipping the files with say 256 bit encryption before uploading as an extra security measure? Any thoughts would be most appreciated! Q.
I've never had problems with truecrypt, i've been using it for 4+ years and its never put a foot wrong. As with any back up solution don't keep it in the same place as the main data i would 1) if its just personal data find a friend /relative and keep the back up at their place and shift data to it once a week ( cheap nas ). 2) if its a real super important, customer medical/banking records. Use a professonal data centre service. It's a bit pricey but weight that against a class action law case when a burst pipe trashes their 10 year tax records. eep
Two things to consider with this statement - first, the idea of holding Microsoft to account for flaws in their software seems highly optimistic. When was the last time anyone heard of them having to pay out over security vulnerabilities, sloppy design, deliberately placed back doors and other failings in Windows? The second thing is that good encryption is very hard to do. Most failings tend to occur with implementation (not securing the key properly, poor quality entropy, etc) rather than technique so open source (which allows for such boo-boos to be picked up more quickly) should be considered a better choice than closed. For large amounts of data, an external drive is the only way to go, stored with friends/relatives as WTF_Shelley has suggested. Have a couple of these and you can rotate them, one at home and one (or more) held elsewhere. Use whole disk encryption on them (which will prevent tampering as well as protecting your privacy) and make sure that they're labeled with your name and address plus a statement that only you can decrypt them (if you're holding data backups for others, insist on similar labeling as well - that covers you against the possibility of being charged for failing to disclose an encryption key on demand, under the Regulation of Investigatory Powers Act 2000). Keeping online backups of small amounts of critical data is a good move - but I would suggest encrypting them beforehand rather than relying on the facilities (or "privacy policies") of the service in question.
Thanks guys - really appreciate your thoughts...I've gone and used Bitlocker on my data drives, though couldn't do the boot drive due to me not having a TPM chip onboard, though I still plan to use the less secure way of encrypting (the boot drive) and saving a key onto a usb stick (and printing it off and hiding it), as it's better than not having it. I've also spent quite some time coming up with and memorising long, strong passwords for the encryption keys and have also changed all my online passwords to similar levels. I've become mildly obsessed with it all but it's done now. While I was on my mission, I also invested in a desktop kensington lock pack for securing your monitor, pc and other odds and sods as some sort of deterrent to opportunists. Having never used a Kensington device or indeed even looked at the mounting point on laptops and monitors, I can only say that they look almost useless to anything more than a quick grab and run job! Thanks again though, Q.
I have used BitLocker myself for a while now and have always found it very good. Although I'm sure I read somewhere that there is a very easy way to get around it during boot up. What I tend to do with passwords is randomly type on the keyboard to end up with something like: bnth5jb97fgehbcnv3o81f. I will then store this in a discrete way onto my phone and reference it when needed. After you type it in enough times, you finally memorise it. I only use this method for major stuff like online banking and PayPal etc. For other stuff like forums I'm not too bothered.
I think of a few random words and then replace some of the letters with numbers, much the same result. darknessmountains = d2rkn8ssm1unt9ins
