Over the last few months, I’ve been experimenting with various IT security applications and techniques. I’d like to present a few of my favorite. These are designed to compliment each other, so I recommend using all these applications for maximum benefit.
1. Password Management
Using the same password for more than one service is a huge security risk. All it takes is for somebody to get hold of your password and suddenly they have access to all your other online services (Facebook, Gmail, etc). Because this is such a common mistake, it is one of the first things a would-be intruder would attempt.
This is where a Password Manager comes in handy. I recommend Keepass for this – It’s open source and available on every platform imaginable (Android, IOS, Windows, Linux, OSX, etc). You create one secure “Master Password” that grants you access to your encrypted password safe where an entry for each of your accounts lives. I use the built-in password generator set to a length of 25 characters for each of my entries, ensuring I have unique and VERY secure passwords. Obviously, make sure the “Master Password” is sufficiently complex, as a poor choice here would compromise the security of all your other passwords. I store the file that Keepass creates on my personal cloud service or an encrypted flash drive (See below).
2. Personal Cloud
People love using Dropbox as an alternative to flash drives. It allows you to access your files anywhere, without having to carry around a physical device. This is all well and good, but how much do you trust Dropbox not to dig through your personal stuff?
All you need to host your very own storage cloud is a virtual or dedicated server and a free installation of ownCloud. While you can use the web-interface to manage your files, there are plenty of client apps for various platforms. Be sure to “force SSL” to prevent eavesdropping. Also, enable encryption in the settings menu. This will encrypt your ownCloud files on the server’s hard drive, preventing an intruder to your server from accessing your files.
3. File Encryption
One of the nicest ways to encrypt files is through TrueCrypt. It’s an open source, cross-platform application that creates encrypted devices and volumes. Essentially, you can either encrypt an entire device (flash drive) or create a volume that is mounted as a virtual drive upon successful decryption. You have many different options available, but I recommend using AES-Twofish-Serpent which is a cascading cipher. What this means is the volume is encrypted first with AES, then the result is done via Twofish and then via Serpent. This makes it incredibly hard to crack as you are effectively dealing with 3 layers of encryption.
As far as passwords go, obviously the strength of your encryption is only as good as the password you choose. TrueCrypt allows you to also include a “key file” in the mix. A “key file” can be any file at all. When chosen, the password is mixed with a hash of the first 1024 bytes of the chosen key file. The result of this is used to encrypt the volume. This effectively provides you with two-factor encryption as you need to know the password as well has have the key file to decrypt the volume.