Encrypting your hard drive with TrueCrypt

One option you might entertain is encrypting your whole hard drive. If you have a business-oriented laptop, your computer might have a TPM module. In this case, you can probably just use BitLocker, which comes with Windows. This will stop a thief from removing your hard drive, attaching it to another computer and then reading the contents.

What if you don’t have a TPM module? Or what if you want more protection than that? Again, I’ll reference the free, open-source product TrueCrypt. You can use this product to encrypt your hard drive.

This will encrypt the contents of the drive, and it will also prompt you on boot-up to put in a password.

PLEASE NOTE: You MUST have a DVD burner and an empty DVD. This process requires that you create a rescue disk and TESTS that rescue disk before it encrypts your drive. You cannot do this process with a DVD burner.

STEP 1: Backup your data
Make sure you have a rock-solid backup of your data. You are about to mess with your hard drive, so there is an off-chance that something could go wrong. You are best-served to back everything up!

STEP 2: No, seriously. Backup your data!
I’m not kidding, there were two instances where I lost my hard drive in the process of this (and changing some settings). It’s not likely this will happen to you, but it’s possible.

You are messing with the guts of your hard drive, you could lose it all, so seriously, back up your data!

STEP 3: Download and Install TrueCrypt
Go to http://www.truecrypt.org and download the latest version.

STEP 4: Figure out a good password
Electronic security is only as good as the password, so picking a good password is critical.

See this page on picking a good password.

STEP 5: Start the Wizard
Start TrueCrypt. Click the Volumes menu, and then Create New Volume:
image[3]

this will start the wizard. Choose to encrypt the system partition or entire system drive:
image[7]

and take most of the defaults:
image[10]

for the most secure setup, choose to encrypt the whole drive:
image[13]

You will see a few more screens specific to your system. Ultimately you will get to this screen – I just take the defaults (of AES-256):
image[16]

when you click next, this is the most important screen of all – the password. If you have a weak password, then this whole effort will be wasted! Again, take a look at Picking a good password before continuing:
image[19]

next, you move your mouse around so it can get a really good random seed – and click Next:
image

after this step it will prompt you to create your recovery disk – and verify the recovery disk. After that, you specify the Wipe Mode:
image

I’d encourage you to read up on this – this is how the encryption process will handle deleted files. After this, it will do a “pre-test”, where it makes sure that it can modify the boot sector of your boot disk. When you reboot, you will see a prompt like this – this is where you put in your password from the step above:
image

Windows should then boot normally. When you log back in, you should see this pop up:
image

When you click “Encrypt”, this will start to encrypt your drive. This takes a LOOONG time – typically hours, depending on your hard drive.
image

I’m doing this on a VM that has a small, virtual SSD for a hard drive, so it is showing 43 minutes, but I don’t think that’s typical.

SUMMARY:
When complete, you reboot. Now, every time you boot your computer, you will see that boot screen where you put in your password, and from that point on – your computer should work like normal – except now everything on the hard drive is encrypted.

What did you gain from all of this? Well, someone would need to break your drive encryption password, just to be able to get to a Windows prompt. And, if you take this drive out and try to connect it to another device, it will basically be unreadable. So, this is a pretty solid way to keep your drive safe from the average attacker, and beyond.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Archives
Categories

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2 other followers

%d bloggers like this: