In today’s world, there is no such thing as “too much security”. OK, maybe there is but taking a few extra precautionary measures to protect sensitive data helps me sleep a little better at night. I don’t know about you, but I keep A LOT of data stored locally on my laptop. Granted I back it up frequently, but what would happen if I left my laptop at a clients site, or if it was stolen? Anyone with a password cracking utility can easily get past my Windows credentials and access my data, or even take my hard drive out of the laptop, and attach it as a external disk to their personal laptop. So how do you prevent this from happening? Simple.
If you are running Windows 7 ultimate or enterprise, then I would recommend using Windows BitLocker that is built right into the operating system of Windows 7 Ultimate or above. If you are running Windows 7 Pro, XP etc, a great alternative is TrueCrypt. TrueCrypt is a free OpenSource encryption software that you can use to encrypt your entire hard disk , or just have a single encrypted container within your operating system. In this post, I will give you step-by-step instructions on how to encrypt your entire hard disk using TrueCrypt.
Step 1.) Download and install TrueCrypt from http://www.truecrypt.org/
Step 2.) Launch the installer and accept the license agreement
Step 3.) Select Install, and click next
Step 4.) Select all the desired check boxes, and click next
Step 5.) Once everything has been installed, Click Finish
Step 6.) Launch TrueCrypt and select System –> Encrypt System Partition / Drive
Step 7.) Select NORMAL on the type of system encryption, and click next
Step 8.) Here you can select to encrypt the entire disk, or just the Windows partition. If your system has a recovery partition that allows you to restore the operating system back to factory defaults, then you may want to select “Encrypt the Windows System Partition” In this example, we will encrypt the entire disk
Step 9.) Select no to encryption of the host protected area.
Step 10.) Select if you have a single-boot or mutli-boot environment. In this example, we will continue with single-boot and click next
Step 11.) Select the type of encryption you want to use. The default show be fine for standard installs of AES, AND ripemd-160. If you have other special requirements , you can change them using the drop down menus. Click next and continue.
Step 12.) Select an encryption pass that the user will have to type when the system is turned on. This password should be documented someplace safe. Click next when finished
Step 13.) On the “Collect Random Data” screen, move your mouse around for a few seconds to generate the encryption keys. Once you are done, click next to continue.
Step 14.) Once you receive confirmation that the header and master keys have been created, simple click next to continue.
Step 15.) The setup program will ask you to create a rescure disk. This rescue disk can be used to gain access to the system in the event a user forgets the encryption password, or something happens to the TrueCrypt bootloader. Save this ISO file in a safe location either on a network share, or burn to a CD. Select a location and click next.
Step 16.) Setup will not let you continue until it verifies the ISO file has been created. Unless you want to burn the ISO, you can use a program like WinCDEMU to mount the ISO file as a drive letter. Right Click the ISO file you saved, and click “Select drive letter and mount” In this example, we are using WinCDEMU instead of burning a CD.
Step 17.) Select the drive letter you want to use, and select OK.
Step 18.) Once TrueCrypt has verified the ISO Rescue Disk, click next to continue
Step 19.) Select the Wipe Mode to NONE. Any other settings will completely erase your drive! Click next to continue
Step 20.) TrueCrypt is now ready to test the bootloader. Click “TEST” to reboot the machine and make sure you can login using the encryption password you have selected.
Step 21.) Click YES to restart the computer now
Step 22.) Once the system has rebooted, you will come to the TrueCrypt prompt where you can enter the password you have selected. Enter it, and press enter when done
Step 23.) Now that the test has completed, TrueCrypt will automatically launch and ask you to start encrypting the drive. The time can vary depending on the size of the drive. The average 250GB hard drive may take between 2 – 4 hours to complete.
I hope you found this useful. I will also be creating a “how to” article for Windows BitLocker in the near future.