28 October 2009

How to protect your notebook data while on the go

Leaving your notebook unattended is a security risk. All the information on your hard drive can be copied by persons which have physical access to the notebook.

So I always recommend using Truecrypt or some other encryption software to encrypt the data on the notebook. Only the right password gives you access to the encrypted data. This practice is considered safe, until now. Enter the 'Evil Maid'.

Rootkit-expert Joanna Rutkowska has written a tool to steal passwords from systems encrypted with Truecrypt. A person (the attacker) could install this tool to the notebook (without the owner knowing). The tool records the Truecrypt password. The attacker can come by a second time and retrieve the Truecrypt password.

The solution to this kind of attack is to use two-factor authentication on your Truecrypt configuration. 'Two factor' means you must have in your possesion:
  1. something you know (password)
  2. something you have
in order to gain access to the encrypted data.
The 'something to have' gets a little tricky. The easiest option is to have a file containing some data on an USB stick.  Truecrypt will use this file to verify the password. But files can be copied.

So, if you are really paranoid, you use a smart card as 'something to have'. This is not easy to copy (but can be stolen of course).

Even better: Do not give persons unattended access to your notebook. Store it in a safe place when you do not want to keep it with you.

No comments:

Post a Comment