software review: Truecrypt – free and effective file encryption

Are you a laptop user and work away from home or office?
Do you carry around confidential files on a USB stick, external hard drive or on CDs/DVDs?
Have you thought about what would happen if a computer or media was lost or stolen?
Are you a company director or IT manager and thought about what would happen if your staff with the above scenarios?

You should have encryption software!!

I have been using a free piece of software called Truecrypt for my own use in storing lists of passwords and other sensitive files, not only is it free it offers are very high level encryption and can be used interchangeably between Windows, Macs and Linux computers.

I firstly used this app as when I was working for Southampton NHS trust, a user was given a CD with patient data from an organisation who were authorised to deal with a patient’s records, possibly for the purposes of a patient whose medical history was needed to be accessed another clinical authority while they were travelling in another country for treatment.  Although the trust didn’t officially use or support this app, my manager was ok for me to supply this employee that needed the files.  So I quickly installed Truecrypt on her laptop and using the password she was given by email got the files for her, this of course meaning if the CD was intercepted by a third party it would be useless.

Using Truecrypt means you build a virtual drive of a size of your choice, several kilobytes, megabytes or gigabytes, and a drive letter (for instance X: ), chose a password, copy your files to the drive, then the virtual drive can be closed when not needed, the virtual drive exists as a file on any type of media, so you dont necessarily need to give it the .tc extension so a possible unauthorised person probably wouldn’t know it even exist.   If you do give it the right filename extension, then you can just double click on the files, let say, secret.tc and Truecrypt will start up and prompt you to enter a password for it.  If you wish to close your encrypted drive you can just right click on the blue Truecrypt icon on the task bar and dismount this drive (the drive X: will disappear from your My Computer folder)   you can then eject the CD or USB stick if needed, and if you click on Start then ‘Recent documents’, any file names you were working on will vanish from there, no one will know on your PC you have been accessing them.

I personally think deploying this app for a private individual or a business should be quite simple as long as the follow factors are put in place:-
– If a CD or USB stick has encrypted if used on someone else’s (a client let say, that a salesman visits)  they will need to have the Truecrypt client installed, or you can run it straight from the USB stick rather than install it on the host computer.
– If the password is forgotten, the files will be absolutely impossible to access!   A clear policy on passwords should be done, maybe just one for all staff of a department might be a good idea.   Truecrypt actually recommends at least 20 (!) characters in a password for maximum security.
– A clear policy on how big the encrypted drives needs to be.   For instance if everyone creates a 1gb or more drive but actually only uses a small portion of this, and they store it on their network drive, then that could become a big waste of disk space on the server.
– Don’t touch the other features in the app unless you know precisely what they do in case it could render your files impossible to read.
– Like any new change in IT, users should be trained and IT support teams should have some documentation for them to follow so it becomes familiar in everyday use.  Things should be well rehearsed in case, lets say, you are about to a presentation in front of some people and huge embarrassment could happen if you cant get at the file.

Truecrypt also has other features, ie: can encrypt the whole of a laptop’s hard disk sector by sector.  This is a good idea as it is pathetically easy to crack an Windows administrator password on a laptop with the right boot CD (had to do with when my previous employer gave me a laptop of a salesman who just got fired and the administrator password of his laptop was changed to something unknown.)   I have not used this feature of this app yet but I have used rival products from Symantec and PGP – which were not free and cost my former employees a lot for licences)

This program is a really good example how open source apps can come up trumps in doing a task well for zero costs rather than forking our money for individual paid for licences for an equivalent app from another software maker, and unlike Microsoft’s BitLocker which comes with Vista and 7, Truecrypt has the edge in working transparently between any version of Windows, Macintosh and Linux environments.  I don’t pretend any app is perfect but this seems like a excellent solution with 256 bit encryption meaning getting round a password would need a specialist criminal very, very determined for weeks to have any chance of getting at those documents.

Jonathan would be pleased to provide you with further consulting on this application by email or phone in return for donations for his second trip to volunteering in Jerusalem, he would gladly accept any ideas on funding for my flights, insurance and costs, he is experienced in supporting many different applications both typical traditional Microsoft business applications and equivalent free alternatives.

Jonathan likes the benefits of free and open source software, as well as the obvious plus of not having any cost for the application, its good to be free of complex, confusing and restrictive licence agreements and having the source code available in the open has a degree of accountability as flaws and bugs can often be spotted and fixed quickly with a wider team of developers, tools used in business tend to be designed to be more closer to the way people work and to open standards, meaning better integration between other software.  He has a sharp eye for possible security threats in previous places he has contracted at, wether it maybe a non-encrypted wireless network that could let an unauthorised person in a company network, strange search toolbars in a browser which is a sign of a possible spyware application present, or an absent or disabled antivirus client, amongst flaws which are very real dangers for any business.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s