dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
486
share rss forum feed

Cronk

join:2005-07-16

Encrypted drive

My friend wants to have an external drive that is encrypted to prevent others who sit down at his computer at home from having access to his business files. But he would rather not have multiple user accounts on the computer, so I am wondering what encryption software/hardware would keep other people who are using his user account out of the encrypted drive. Would he need to log out of the encrypted drive in some manner when he was done? If so, how do you do that?

The only encryption software I've used is TrueCrypt, where you have to Unmount the drive. I suspect he would not remember to go back to the application and click an Unmount button. So I guess what I am asking what is out there as far as how the drive gets unmounted.

Thanks


MacGyver
Don't Waste Your Energy
Premium,ExMod 2003-05
join:2001-10-14
Canada
kudos:2
Reviews:
·voip.ms
·TekSavvy DSL
Don't put business files on a shared home computer, ever.

Given the criteria you have been given for this favor, I don't think there is any truly bulletproof method to accomplish what he wants.

Even if he encrypts the drive, another user with access to the same account (which I'm guessing is administrator equivalent) could install a keylogger and grab a password that way.


NOYB
St. John 3.16
Premium
join:2005-12-15
Forest Grove, OR
kudos:1
reply to Cronk
Encrypted flash drive on a necklace that stays in your friends possession 100% of the time. Keep a duplicate for backup in another location that anyone with access to the computer does not also have access to (parents place, safe deposit box, siblings place, etc. Make sure no one has ability to obtain both the password and the device. Possession of one or the other does them no good.
--
Be a Good Netizen - Read, Know & Complain About Overly Restrictive Tyrannical ISP ToS & AUP »comcast.net/terms/ »verizon.net/policies/
Say Thanks with a Tool Points Donation

drjenkins

join:2005-03-30
Bealeton, VA
reply to Cronk
Consider a separate business laptop with TrueCrypt encryption and no shared access. If his company will not provide a laptop, or if he is self-employed, he may be able to take a tax deduction for business expenses.


norwegian
Premium
join:2005-02-15
Outback

1 recommendation

reply to Cronk
A container with hidden attributes maybe?
»www.truecrypt.org/docs/tutorial

But I think what everyone is saying though so far:
The user wants security but allows everyone else to use the same account.
It's almost a matter of wanting security but not understanding the needs of how to apply the security.
Wants privacy, but wants the same account?

Another option is possibly an external drive that can be unplugged after he is finished, and a run of something like ccleaner and logging out before the next user?
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



HA Nut
Premium
join:2004-05-13
USA
said by norwegian:

But I think what everyone is saying though so far:
The user wants security but allows everyone else to use the same account.
It's almost a matter of wanting security but not understanding the needs of how to apply the security.
Wants privacy, but wants the same account?

This sums it all up best.

IMO, a second account is the easiest approach. Plus, in the long run, it would offer other things (the look and feel of the UI and more.)

Bottom line is the user needs to do what would be required to accomplish what he/she wants. Life with computers just isn't so easy quite yet.

Cronk

join:2005-07-16
reply to Cronk
Thanks for the replies. I am going to demonstrate TrueCrypt and see if that works for him.
I'll mention MacGyver's points about that not being truly bulletproof.
I'll see if he will make the leap to separate user accounts.

Any thoughts on BitLocker in Windows 8? I've never used it, just looked at it briefly today.

Thanks


therube

join:2004-11-11
Randallstown, MD
reply to Cronk
TrueCrypt has some Auto-Dismount options:

»www.truecrypt.org/screenshots6


NOYB
St. John 3.16
Premium
join:2005-12-15
Forest Grove, OR
kudos:1
reply to Cronk
BitLocker is what I use. But mine is not a shared computer. BitLocker will have pretty much the same device unmount requirement as TruCrypt.

BitLocker is only available on Windows 8.x Pro and Enterprise, or Windows 7 Ultimate and Enterprise.

BitLocker is much easier to enable than TruCrypt (IMO).

All my devices (except those with only installation software) are BitLocker encrypted. Even the OS drives.

Sensitive information is only stored on off-line devices in at least triplicate (3 duplicate devices stored in different locations).

--
Be a Good Netizen - Read, Know & Complain About Overly Restrictive Tyrannical ISP ToS & AUP »comcast.net/terms/ »verizon.net/policies/
Say Thanks with a Tool Points Donation


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:5
reply to Cronk

TrueCrypt

Hold off with TrueCrypt since something happened today... »What happened to TrueCrypt.org? Hacked? Real?

Cronk

join:2005-07-16
reply to Cronk

Re: Encrypted drive

Thanks to all for the info. I am going to go ahead and suggest TrueCrypt, I don't think the issues about it that are in the news right now will bother him - it should be sufficient for keeping others in his household out of his files, which is what his goal is.

He does not have BitLocker on his versions of Windows.

drjenkins

join:2005-03-30
Bealeton, VA

1 recommendation

If you don't already have a clean copy of TruCrypt 7.1a you can no longer download it from the TrueCrypt page. Steve Gibson has the full package available on the Gibson Research Corp. web site:
»www.grc.com/misc/truecrypt/TrueC···7.1a.zip

The full page with Steve's breakdown on the breakdown is here:
»www.grc.com/misc/truecrypt/truecrypt.htm

Cronk

join:2005-07-16
Yes I read Steve's article, and downloaded the installation file there. Thanks


NotAGoodIdea

@50.170.133.x
reply to Cronk
Sorry guys and gals but this is the part where you want a VM where the host has no swap space(or better yet, boot CD/write-protected USB drive) and not trust the applications' tracks to be erased. If we assume the worst case of malware in the BIOS/EFI, then even that is not safe, hehe.