Files containing sensitive information which could be used by a hacker or thief to engage in identity theft should of course be encrypted. This includes any personal information such as full name, social security number, bank account numbers, and passwords. Company policies might dictate that certain information must be encrypted, especially on portable devices such as laptops, PDAs, and increasingly, smart phones. Various regulatory agencies require businesses to encrypt data in order to protect the privacy of customers.
One just might want to keep a spouse's gift list a secret. The best encryption solution depends on the operating system, the other users on the system, and the reasons for protecting the information.
EFS - the Easiest Windows Encryption
For Windows users, EFS (Encrypting File System) is probably the easiest solution. EFS is automatically installed with the NTFS file system, used by most Windows installations since Windows NT. To encrypt any file using Windows Explorer, simply right-click on the file name and select 'Properties.' In the General tab, press the [Advanced...] button. Check the box labeled 'Encrypt contents to secure data.' Click on [OK], then [OK] again, and it's done.
Encrypting an entire directory and all it's contents is done the same way, using the folder instead of an individual file. Windows will ask if it should encrypt file files in that folder only, or the contents of subfolders as well.
Files encrypted with EFS are accessed by the user and any Windows program just like normal files, as long as the user who encrypted them is logged on. The files are unreadable by anyone else accessing the system.
EFS PROs
- Free, comes with select versions of Windows.
- No Installation.
- Easy to use.
EFS CONs
- Not available in all Windows versions. Specifically, EFS isn't included in the Home, Basic, and Starter editions of Windows XP, Vista, and Windows 7.
- Not available for Linux or Mac users.
- Only works on the hard drive. Files copied to removable media or network drives lose their encryption, as do files attached to email.
- Only as secure as the user's Windows password, which is vulnerable to brute force attacks.
TrueCrypt - Cross-platform Encryption
TrueCrypt is a free, open-source encryption suite which allows users to create encrypted volumes. These volumes, or containers, become virtual disks in which files and folders can be created or copied. The application uses a wizard-like interface to guide users through the creation of these volumes.
Basically, the program asks for a volume name, a drive letter, where to locate it (a directory on the hard drive, or on a flash drive, for example), and a password. The application has options for mounting and un-mounting TrueCrypt volumes. They can only be mounted by users who know the password with which they were created.
Once mounted, files and folders copied onto or created on the virual disk will be encrypted, but they can be accessed by any program or application run by the user. Once unmounted, or if the system is restarted, the files in such a volume are unusable until they are mounted again.
TrueCrypt PROs
- Free, Open-source software.
- Available for all versions of Windows since XP, including the home / starter editions.
- Works on Macs, as well as systems running Linux, and the BSD derivatives (FreeBSD, OpenBSD, etc.).
- Can be used on removable media such as CDs, DVDs, and flash drives.
- Offers a 'portable' mode enabling the use of the software without installing it on a hard drive.
- Has the ability to create a hidden operating system volume.
TrueCrypt CONs
- More complex, requires the creation of virtual disk volumes.
- Encrypted files can be sent over email, but the recipient must know the password or have the same key the sender used to encrypt them.
GnuPG - Complete End to End Encryption
GnuPG (GNU Privacy Guard, also known as GPG) is the most complex of these free solutions. Strictly speaking, GnuPG is a command-line tool, but a number of good graphical front-ends are available. Like TrueCrypt, GnuPG can be used to encrypt and decrypt files on drives with a password or pass-phrase.
GnuPG can also be used to encrypt email and instant messages, provided the recipient has GnuPG or a compatible product. In fact, GnuPG can be integrated with most popular email clients, including Outlook Express, Outlook, Eudora, and many others. Windows users will probably just need to download Gpg4win, a complete installer which includes GnuPG, plus modules for integrating with Windows Explorer, email client plug-ins, and key management tools.
In order to support encrypted messages that can only be read by the desired recipient, GnuPG implements public / private key pairs. In a nutshell, one uses someone else's public key to encrypt a message. Only the person with the matching private key can then decrypt and read the message.
For authentication, GnuPg-enabled Email programs use the sender's public key in order to digitally sign messages. This affords the recipients a fair degree of confidence that the named sender actually sent the messages, and not some hacker trying to spoof the sender's email address.
GnuPG PROs
- Free, Open-source software
- Cross-platform, runs on a wide variety of systems in addition to Windows, including MacOS X, Linux, and the various flavors of BSD.
- Encrypted files are portable and can be copied to flash drives, disks, etc.
- Integrates with Email and Instant Messaging clients to send encrypted messages easily without sharing the sender's password or private key.
- Uses digital signatures to support authentication.
GnuPG CONs
- Most complex. Users must create public and private key pairs.
- Add-ons necessary for integration with graphical user interfaces.
Making the Right Encryption Choice
For users of Windows with EFS who use strong, complex passwords, EFS provides excellent encryption with no setup required. This will only work for data on the local hard drive. Those whose OS doesn't support EFS, or need to extend encryption to removable media like flash drives should go with TrueCrypt. If encrypted communications are required, then GnuPG provides encryption and authentication, giving complete, end-to-end protection of data and messages.
 |
