Encryptification Required

Posted by on July 31, 2008 under Uncategorized |

I have been knee deep in encryption process documentation and implementation the last few months and have come to the (obvious) conclusion that in today’s technology age, encryption is a key IT responsibility, second only to backups.  And just as backups are something we take for granted (honestly - how often do you backup your computers at home) so is encryption.

That is, until something happens such as you lose your laptop, USB key, CD, etc… Maybe you do have a backup, but and you are unsure about what critical or private data was on it?  Or a real example, your Director of HR puts their laptop through the security scanner at the airport and then forgets to pick it up on the other side (yes, it has happened).

Most small organizations don’t have the time, resources, or foresight to appropriately address the encryption aspect.  I’ll be posting a new series of articles covering encryption on PCs, Servers, Networks, and data in general.  Of course, it will all be done using FOSS (because FOSS based systems are the best I found, and encryption SHOULD be OS, to know that it is working as advertised).  To start, here is a short list of key components to your path to full encryptification :

- KeePassX http://www.keepassx.org/
KeePassPPC  http://keepasssd.sourceforge.net/ for Windows Mobile
KeePass  http://keepass.info/ for Windows, and other links

I just started using this a few months ago when I needed something that worked on Linux, WMobile, Blackberry, and Mac.  The beauty of this is cross-platform (and its FOSS and works well).  There is a client for Linux,Windows Mobile (the two I use most), Windows, Mac, Blackberry,Java…  It is super portable, has a nice organization structure, and even allows the storing of documents.  I’ll elaborate more on it later - but for now, you need to get it!

- OpenVPN http://openvpn.net
Again, cross platform is the key here.  Simple on the end users to connect, and works seamlessly through firewalls.  Even supports Vista x64.

- Encrypted LVM
This isn’t a specific application but more a design process.  For me, encrypted LVM is in use on the servers (and on MY laptop and PCs).  I use Encrpted LVM, DRDB, Heartbeat, and NFS as the NAS configuration for storing the KVM Virtual Machines of ALL servers.  A nice, secure, portable server package.  I’ll elaborate more later.

- TrueCrypt http://www.truecrypt.org/
Again - cross platform FOSS is a beautiful thing.  This last application will cover your needs for those pesky Windows and Mac users

- OpenPGP for E-mail http://enigmail.mozdev.org
For encrypting or signing e-mail in Thunderbird, OpenPGP is the standard bearer here.  If you’re cool, you always sign your e-mail.

This is a short list hitting on some encryptification highlights on what I am using.  Hope you find it helpful.  Are you using any of these apps?  How? Or something different?  How’s your experience with it?

 

Oh yea, I just came across Adeona  http://adeona.cs.washington.edu/
Nothing to do with encryption, but more of a FOSS Low Jack for your laptop.  Interesting…