Information theft is a BIG thing and it’s only going to get bigger in the foreseeable future. Now, a lot of people talk the talk – but my question to you today is: do you walk the walk? Can you honestly say that in the event of your notebook OR desktop being stolen today, that you wouldn’t be worried about your data getting into the wrong hands? If your answer wasn’t a resounding “YES, I would not be worried”, then take the time to think about your security strategy today!
As a developer, I have a lot of information I need to protect, like:
1. Checked out source code (projects checked out of version control). This could be an end-to-end system complete with business rules, entire databases, detailed specifications, quotes, and basically anything an attacker or rival company would just love to get their hands on.
2. Databases. Mostly part of and similar to point 1, but likely to be in a different location on disk.
3. Emails, Tasks, Calendars, Contacts.
4. Virtual machine files. In my case this would include the hard disk files for VirtualBox machines, which might contain any of the before mentioned data.
5. Personal Files – Financial data, pictures, documents, etc.
My strategy is to use EFS to encrypt most of my day-to-day files – point 1, 2, and 3 from above. I use a combination of EFS and Truecrypt file containers for my personal data. My virtual machine files are not being encrypted at the moment – so I try to keep sensitive data out of there. I have a password manager to manage the multitude of passwords I have, this is great cause I can generate 20 character long passwords randomly and I never even need to know what they are (just copy and paste). Obviously, the password manager is protected by a loooong random password and a keyfile which is kept separate from the password database.
The major problem with all this encryption is performance. It slows everything down, which is the only reason why my virtual machine files aren’t encrypted at all. Unfortunately, one doesn’t really have a choice – either encrypt and accept the performance penalty, or leave unencrypted. The other problem which reared its head just the other day, was when I tried to access my files from my wife's computer – it just wouldn’t show the EFS files. Then I realised that XP Home doesn’t support EFS. As I would like my files to be fairly portable, this has meant that I’m now rethinking my encryption strategy. I’m now contemplating encrypting my entire data partition with Truecrypt – which should be fine except for the added nuisance of having yet another partition (which can't be resized)...
What strategy do you use?
posted @ Saturday, July 04, 2009 6:49 PM