Netbook Security

I have become a little paranoid of late about the security of my Netbook. There is nothing of value on my machine and I would have thought that most petty thieves would simply wipe the drive before fencing the goods but I still have an uncom­fortable feeling about someone raking through my stuff.

At the end of the day though, I don’t want to compromise the performance of my machine for the sake of some­thing that hope­fully won’t happen. On top of that, I really don’t want to change the way I use the machine, so anything I put in place would have to be stream­lined and non invasive.

Encryption

I soon found that there are a few ways to achieve my purpose. The top options are to either encrypt a portion of the available space on the machine and create a “secure container” or simply encrypt the whole machine. To me, it seemed less intrusive just to encrypt the whole lot and be done.

The two main programs I found to do this job for me were TrueCrypt and DiskCryptor. TrueCrypt appears to have an honourable pedigree. It is very much held to be the benchmark others are measured against.

On the other hand, DiskCryptor has many fans as well. It appears to score well in the reviews and claims that its “Open Source” creden­tials are more “Open” than its rivals.

Are They The Same?

There is actually a difference between these two programmes that separates them slightly. Although they are both able to encrypt the whole device the way I want to, TrueCrypt was originally designed to create an encrypted container. Its ability to encrypt the whole disk has been added at a later stage. In addition to this, there are a number of comments on the Netbook forums that suggest TrueCrypt has a slightly noticeable effect on performance whilst DiskCryptor does not. It should be stressed though that this is only the case with Netbooks and their lower performance chips.

So the research that I did pointed me more in the direction of DiskCryptor.

At this point, I found another rather signi­ficant difference in the two programs. Documentation. The TrueCrypt website is really good. It goes a long way to explain how the software works, how to set it up and how to use it to its best advantage.

Unfortunately this is not the case for DiskCryptor. There is a Wiki of sorts and a forum. The site is presented in both English and Russian but I don’t think the developers first language is either of these. As far as set up or feature descrip­tions there is virtually nothing, even after trans­lating the whole forum!

So, this left me a little stuck. There were reasons not to install TrueCrypt but even a web trawl failed to produce any kind of install­ation tutorial for DiskCryptor. I suppose I should have given up at this point! Nah!

[DiskCryptor is Windows only. TrueCrypt is cross platform]

What Next?

Well, I thought I should recount my exper­ience so that others don’t make the same mistake.

For Info, I’m running an Asus EeePC 1008HA. I applied the settings as I thought best. If you follow in my foot­steps you do so at your own risk. I would also appre­ciate comments if I have not inter­preted the features of this program properly.

My Netbook comes with two parti­tions on a single hard drive. Initially I thought it safest to ‘practise’ on the D drive. If this worked, I intended to progress to the C drive.

I had gleaned from the forum that it is necessary to configure the “Bootloader” correctly. If this is not done correctly it can leave you with major problems. Well, guess what? Yep. I got it wrong!!

The Bootloader has to be installed on the disk that boots the system. It is this file that tells the software what type of pass-​code to look for (either password, file or both), and then tell the system where to boot Windows from. So, the config­ur­ation that worked for me was:

• I selected the C drive on the main config­ur­ation page. Then selcted Tools > Config Bootloader
• Bootloader Place: HDD Master Boot Record.
• Then, click the drive and ‘Change Config’
• Main Tab

• Keyboard Layout – QWERTY
• Booting Method – First Partition with Appropriate Password [The System asks for a password when powered up. Windows does not load without this password]

After sorting out the Bootloader I moved on to encrypting the drives. I started with the C drive and followed with the D. There is a wizard to help you through the process so it’s quite straight­forward. Just remember to use the same password for all drives. You can then go to the settings section and configure auto mount/​unmount of drives and the pass­words can be cached meaning that you only have to enter the one password when you start up the computer.

Result

I now have a Netbook that is fully encrypted. When you hit the power button, you are presented with a black screen, empty but for a flashing cursor in the top left hand corner. There is a password required but no hint. The cursor does not move when you input the password and the screen does nothing if you get it wrong [This is purely my pref­erence settings].

After the system boots, I have not noticed any change in the performance of the Netbook. I’m sure I would see a difference if I really tried but for normal usage, it’s fine.

Conclusion

Initially I made the mistake of config­uring the Bootloader wrongly. This effect­ively locked me out of the system. I had to use the built in system restore to gain access. This meant the system was returned to factory settings and all data wiped.

After using the config­ur­ation above, I have managed to set up the system the way I wanted but this could be down to the unique config­ur­ation of my machine. If you want to try it yourself, be careful!!

References:

TrueCrypt — http://​www​.truecrypt​.org

DiskCryptor – http://​diskcryptor​.net/​w​i​k​i​/​M​a​i​n​_​P​a​g​e​/en

Sorry for the over long post but I did not want people rushing into this process lightly! Comments?