Protect your data from physical access

Experts are able to gather sensitive data from your computer if they gain physical access to it. This can be achieved by various means like Live CDs, accessing unprotected accounts or administrators that take a look in your profile folders. They can search the files on your hard drives, read documents, look at your Internet cache, the mailboxes which contain all of your mails - even the deleted ones - and histories of downloaded files.

It can go on by using recovery software to gather a list of software that once were installed on the computer but have been deleted by the user. In the end they have access to almost everything if you did not take the necessary measures to make sure that no one is able to access sensitive data.

Protecting your data is essential these days and even if some of you would call me paranoid I think everyone should do it. But, how would one do that ?

This is actually easier than you would have thought. My suggestion would be to use encryption to protect the data. This does mean however that the user has to enter a code to decrypt the data before he can use it which is far better than handing the data on a silver plate to everyone who has physical access to the computer.

Just follow the easy steps outlined below to secure your computer:

Download and install True Crypt on your system. True Crypt is able to encrypt hard drives and partitions with a secure key. I would suggest to use either an external hard drive or make space on a internal hard drive. It is far better to encrypt the complete hard drive.

Be aware that you need at least one unencrypted partition to be able to boot your operating system.

Encrypt the hard drive. I outlined the process in an earlier article called

Create a secure data safe with True Crypt

.
Now the important part. Move all your sensitive applications to that encrypted partition. I'm thinking of email clients, browsers, p2p applications, ftp programs, documents, pictures, videos and everything else that you do not want to share with anyone.
Make sure you change the data paths in the applications as well. It would not help if you use the email client from the encrypted hard drive but have the mailboxes on an unencrypted one. Move them all to the encrypted hard drive as well.
No one is able to access that data unless they provide the key to decrypt the hard drive. It is theoretically possible to break the algorithm or use brute force. The later would take ages if you use a key with more than 40+ chars.

Other measures that you should undertake could be to clean the caches on exit and using a software like Eraser to regularly delete information about former files on unused disk space.

Do you have additional ideas or methods that you use to protect your data ?

Advertisement