Blog of a Long Distance Worker Tech

The blog about mobile tech

Tag Archives: Software/Apps

Whole Disk Encryption – The Holy Grail

You have your nice laptop for running around the world with, you are on a business trip to Warsaw and then suddenly after getting off the plane and on your way to your meeting you find that you do not have it. Doh! you remember that you put it in the little pocket of the seat in front of you just before you landed but you forgot to get it out. You frantically get in touch with the airline who tell you that nothing has been handed in, and then you start to worry about the commercial secrets that you have on the disk and that copy of the spreadsheet that contains all your banking details. It is lost and available to whoever has the machine. Oh, but you say that you have the OS logon to protect you… wrong, that is easy to bypass when you have physical access, just remove the disk. Oh yes, the Bios password – same issue and anyway you can normally get past that with some secret key presses found in many places on the Internet. What about the 40 bit encryption put in place by Excel on the spreadsheet? – nope that will be gone too with a couple of utilities, and anyway that data is spread all over the disk in temp and page files for the half skilled hacker to get.

So you are screwed. What now?

Well there is something that you could of done that is really easy to have implemented and that would have protected you from all but the most serious of attackers – whole disk encryption. Historically tricky outside of certain quarters, it certainly has been available but only in the last 12 months has it really become simple to implement and use. You could use Bitlocker from Microsoft of course, if you have Vista. Then again you are almost certainly not running Vista and anyway Bitlocker is a little tricky to implement and only available on some versions of Vista – definitely not the one you probably have. So what are the alternatives? Well I will not go into the whole bunch, but I will focus on one which is freely available and simple to implement – Truecrypt, in particular version 6.1 which has largely resolved some critical problems for operation with laptops that earlier versions suffered from. The problems that it used to have was that it would not let you suspend or hibernate, but that is now resolved.

truecryptSo how do we get it? Just go to Truecrypt’s website and download it, make sure that you have read the installation guidance off their website, backed up your important data (because it could go wrong!) and just run the installer and set your passphrase well. In my instance I found a big problem during the installation – I was installing on a netbook without an optical drive and the installation routing REQUIRES that you create a recovery boot cd. It is irritating that a bypass mechanism is not available for this, but this is sort of for your own protection. Anyway, out came the USB CD/DVD writer and a boot CD was dutifully created and installation completed. The installation is pretty simple and includes a test boot but the most interesting fact is that at the end of installation, your disk is still not encrypted. It actually does this as a first step after install completion, and it allows you to continue to run the machine as normal as it churns through all the disk encryption, and allows you to pause the process and/or shut down the machine at any time, for it to continue when you startup again. This is a very nice touch.

The encryption process takes a nice length of time dependent upon disk size but at the end, you have a high level of disk encryption that just happens all the time without you doing anything more. In operation you do not notice a difference at all apart from some performance loss. Now on my Atom based 1.6GHz processor, I reckon that the performance hit in normal operation is about 10-15% where disk access is required (I have not measured it) but there is a much greater effect on the hibernation process – both going into and coming out. Certainly a doubling of the time to do the process and I can only guess that during that phase the disk writing/reading capability is hamstrung in some way but the overall impact is acceptable considering that if I lost the laptop, all my corporate secrets are still secret – as long as I picked a suitably strong pass phrase and logon passwords. Note that for suspend operation, the encryption boot block does not come into operation so your logon password is all that protects you there.

Truecrypt does offer other facilities as well, as it offers multi-layers of encryption and data hiding but for the standard business use a single disk encrypt is almost certainly enough. Truecrypt also offers the more mundane folder encryption particularly for external drives but I will go through that in another post.

All in all then, this is a must both to protect your data and your clients data, and a simple addition to your portable business armoury. If you or your company wants further advice about deployment of software like Truecrypt and security principles that are advisable, then please feel free to contact Blackarrow Consulting via our website for that service.

So you got a Netbook, what now?

advent-4211-msi-wind-mini-laptop-small You take it home, do the unboxing, get it powered up and running and now what?

1. Get comfortable with the Linux install that you may have inherited or swap it for Windows XP. If it came with XP, then settle in.

2. Get Firefox 3.0 running, OpenOffice 3.0 onboard, get hooked up to WiFi, and get yourself a 3G card unless it is already built in.

3. If you have a netbook with a 2 or 3 cell battery – get out and buy yourself the 6 cell battery as quickly as you can – you do need it.

4. If you have the HP2133, scour the Internet for instructions on how to get it running Linux or Windows XP because that beast is damn slow with Vista.

5. Get yourself setup with Delicious from Yahoo and add its plug-in to your Firefox or Internet Explorer install so that you can have all your cloud bookmarks tagged and running with you and/or get Foxmarks with the password sync – now you will have your bookmarks and passwords synchronised across all of your machines as long as you spread the love a little.

6. Migrate your email over to IMAP4 based services unless you already have it…or better move the whole domain over to Google Apps and use their facilities. This way, your email is always going to be available and not locked to a single machine.

7. Get yourself some web storage like box.net.

8. Sign yourself up to Skype – with that webcam in your machine, you have an ideal tool for getting into VoIP/Video Conferencing and this is on most of the netbooks by default. Share your Skype ID out.

Now assuming that you have progressed to Windows XP on your netbook…

1. Do all the above but in XP of course.

2. Think about Hosted Exchange for business use…it is slightly better than IMAP4.

3. Get Microsoft Mesh on the netbook and all of your other machines, and share the important folders across all of your machines in Peer-to-Peer mode.

4. Make sure that you setup that Skype install.

5. I know it is my preference, but get yourself a Google Reader setup running and make sure all your textual RSS feeds are setup there.

6. Install Juice for podcast downloads and Miro for vodcast downloads, I always find it comforting to have my text/graphics RSS separate to my audio and video feeds, but you could have it all in Miro.

7. Download Windows Live services such as Live Messenger, Live Photo Gallery, and of course Live Writer for blogging.

8. Optimise your netbook setup to maximise battery life when on battery, and run as fast as possible on mains. Use additional power management tools like Notebook Hardware Control to manage the switch automatically.

And then scour the internet for sites that service the optimisation of your particular netbook for those interesting new tweaks.

Oh, and stay with this blog.

Spambayes – Spam filtering

Anti-Virus The news of the shutdown of a major spam source in the US gives you some warm feelings about the constant stream of poorly targeted rubbish in your inbox, but the rate at which you will see them will grow again soon enough. So as a small business or independent consultant/freelancer what do you do about it?

One thing you can do is use an email client with built-in Bayesian filters for spam such as Thunderbird, but what happens if you are using Microsoft Outlook or Windows Mail? Outlook has a basic tool for filtering spam but frankly it is just a simple blacklist mechanism and not worth actuating it for what it does and I recommend not activating it.

Well what you can do is use Spambayes, a slowly/quietly developing solution which is a simple Bayesian spam filter implementation primarily for Outlook, which is open source and therefore freely available. I have used this for going on four years and it is very effective even from the start without any learning. Once it has learned up on the steady stream that you highlight, it operates very well with few (if any) false positives and it comes to the point that you forget that you have it implemented for the amount of Spam that you actually see.

One thing though, periodically (about once a year), the constant anti-spam filter methods of the spammers does have an effect, so you do have to reset the rulebase but this is so easy that it is not a problem at all. Highly recommended, and you can download it here.

PDFs’ R You

Adobe are responsible for an important publishing format with the PDF, unfortunately they have made it prohibitively expensive to create documents through the use of Adobe Acrobat. This is not to be confused with Acrobat Reader, the freely available tool that Adobe distribute. Now their tool allows you to explore the more esoteric aspects of PDF creation, but for most people you just want to be able to save into the format, for basic publication/distribution. For this, an excellent tool is the freeware doPDF from Softland which operates as a virtual printer driver allowing its use from any software that can print.doPDF