Secure my OS and data at the HDD level.

I have a dual hdd / dual boot computer. What I want to do is to have one OS and HDD as my public OS, for game parties and what not, but I want to lock out my other OS and HDD from others.

What I was thinking was PGP full disk encription as well as putting the hard drive inside a lockable HDD enclosure. This would allow me to turn off this hard drive before I turn on the computer, which would force the machine to boot into the public OS.


Can anyone recomend encryption programs that use higher bit encryption? And any other "hack proof" ideas I might look into?
 

Codesmith

Distinguished
Jul 6, 2003
1,375
0
19,280
1) Plain old Windows Encryption works very well.

Anything that is in an encrypted folder can't be read unless you log into the system with the correct user account. In fact if you ever so much as change the accounts password your encrypted data is gone forever.

This is far different than permissions, which can be bypassed by simply reinstalling XP or booting from a Knoppix Disk.

You can make yourself a back door by exporting the encryption key. Obviously you don't want to store the key on your system.

I don't think you can encrypt an entire hard drive as some system files need to be accessed before you log into your user account.

2) Many programs exist that let you create encrypted containers, which usually mount as virtual hard drives. These work well and usually let you teak your encryption settings to your hearts content.

This is best if you have a group of files you need to keep secret. You can still backup the container, move it to another system... but withotu the right password there is not way to open it.

Some even let you have a setup fake content and real content incase you are forced to reveal your passwords. Adding files to the fake container also scrable the real one.

I used BestCrypt in the past, but there is an open source program at Sourceforge that I plan on trying if I ever need to protect any files.

The good think about an open source solution is no one can hide a backdoor into the code, as anyone can examine the source.

----
The 1st solution won't protect you against people accessing your data if you walk away without loging out, it also won't protect against hackers and trojans as once you log in, the system automatically decrypts all the files as they are opened.

The 2nd solution will let you close and open the container at will, and it is probably what I would suggest.

If you only unlock the container when off the network there is no chance anyone can steal your files.

--

As far as locking up your hard drive, I just would put it in a moble rack and leave it at home when go to lan parites.
 
Thanks, I never considered using windows "green" files. You can use full disk encryption to encrypt everything down to the system files. To programs that do this are PGP and Entrust.


I saw there is a build of windows called TinyXP which I would try installing to my flash drive and removing it once I am through, but I am discuraged by the lack of read/rights I can do. The container Idea is a good one except I need complete protection of the drive... and Good point, i need to make sure I can secure the KEY in another location.

So my setup as of the end of today:
1.) removable internal HDD
2.) Encryption requiring a USB key w/password protection
3.) Degaussing unit? lol.

Well I will look up the programs you mentioned. I believe the two im thinking of are quite expencive.
 

Codesmith

Distinguished
Jul 6, 2003
1,375
0
19,280
http://www.truecrypt.org/ is free and can create virtual containers as well as encrypt entire hard drive.

However I do not belive it can encrypt your system disc, which is apparently something the PGP software can do.

An interesting free solution would be to run a virutal PC inside an encrypted container. I use VMWare workstation all the time, and they also free version that will definately get the job done.

Very hard to hack a virutal OS with no internet acess :)

Oh and get rid of all your page files unless you are using a solution that encrypts all your hard drives.

BTW the PGP Whole Disk Encryption software looks really impessive.

I don't think there is any free software that will encrypt your system partition.

If I had any data worthly of this level of protection I would definately spend $119 for it, although I would check out some independet reviews first, rather than just reading PGP's infomation.