TrueCrypt 4.3: A full-volume encryption option for Windows Vista

Vista Business and Ultimate also include BitLocker, an on-the-fly encryption system that encrypts the system disk, including the operating system's own executables and boot files. This is a useful way to prevent, for instance, a notebook computer from being compromised if it falls into the wrong hands. But BitLocker only encrypts the system volume; it doesn't encrypt auxiliary volumes or removable drives. To solve that problem effectively, you need to turn to a third-party solution.

One of the very best that I've found, not only for the scope of its features but also for its licensing and implementation is TrueCrypt, a free open source encryption application, available for both Windows and Linux, and with the C++ source code available to all for inspection. I've been using TrueCrypt for some time now (about a year and a half) as a way to encrypt both whole drives and virtual drives, and I am consistently impressed with the way it's relatively easy to use and intelligently designed from a security standpoint.

TrueCrypt open source encryption works by allowing you to create encrypted volumes either from an entire physical drive or partition, or by turning a regular on-disk file into an encrypted virtual disk. All data that passes to and from the volume is encrypted and decrypted on the fly with your choice of encryption algorithm (256-bit AES, Serpent, Twofish or "cascaded" combinations of the above) or hash algorithms (Whirlpool, RIPEMD-160 and SHA-1). Without the proper volume password, everything on the encrypted volume is i

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Vista security issues, updates and alerts Ten ways to sell security to management Improve Windows security with our top 10 tips Windows Vista management tutorial Minasi says Vista SP1 solves problems, adds new ones Does Vista's strong security make it better than XP? Are Windows Vista's features silencing critics? Managing single sign-on security burdens in Windows Top 10 ways to improve Windows Vista security A Windows security checklist for IT managers Unauthenticated vs. authenticated security testing Windows desktop security tips How Windows 7 stands up to security tests Securing sensitive data on Windows-based laptops Gathering and documenting your Windows desktop security policies Windows desktop security standards documentation best practices Desktop security preparation for a new wave of Windows apps Four Internet Explorer 8 group policy security settings The state of enterprise security and emerging threats in 2009 Why should Windows shops use Microsoft Baseline Security Analyzer? A first look at Windows 7 security enhancements Using Sysinternals tools in security management scenarios

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary drive-by download  (SearchEnterpriseDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

ndistinguishable from random data.

Moreover, there's nothing to distinguish an encrypted TrueCrypt volume -- the encrypted volume has no specific header or identifying parameters, and a virtual TrueCrypt volume file does not have to have any particular extension to be usable. Windows sees the encrypted volume as just another drive, and any operations that can be conducted with a regular file system can be performed on a TrueCrypt volume.

TrueCrypt sports a number of other high-security features that are optional but useful:

I should point out that Windows users should observe some precautions when using TrueCrypt that have been documented by the program's authors. One major way protected data can leak out is through the paging/hibernation files. If unencrypted data is written from memory to either of those files, it could be analyzed by a third party if the volume they are written to isn't encrypted. However, if you use TrueCrypt in conjunction with a BitLocker boot volume, this should reduce the total attack surface since any decrypted data that might be written "in the clear" would typically just be written to the BitLocker volume.

Third parties have written add-ons for TrueCrypt, since the TrueCrypt APIs are entirely open and documented. One of the third-party contributions to the TrueCrypt project is an add-on called TCTEMP, which automates the process of encrypting the paging files, temporary files generated by the system, and print spooler files -- all of which might pose security hazards mentioned in the previous paragraph. It does not yet encrypt the hibernation file, however. (Another third part add-on, TCGINA encrypts Windows user profiles by creating a GINA that Windows uses during the logon process.)

About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!

Rate this Tip To rate tips, you must be a member of SearchEnterpriseDesktop.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.