Consider me completely new to encryption applications I have always avoided disk encryption utilities because I know that if I get a virus, I can't pull the drive and retrieve my files (perhaps this is my ignorance showing? I'm sure it is.). To be honest, I try not to keep sensitive data anyways.... Long story short, I have some customers that have asked me to keep their credit card numbers on file.
Ideally I need some type of a program that would store sensitive data in an encrypted file or database, but a quick google turned up "True Crypt" which says it can do a virtual encrypted disk. This would seem like an easy solution?
What are you using, and would you be willing to share why you like it? I'd appreciate any other tips on whats out there and available. My only experience in windows has been withh windows EFS and repeated annoying balloon notifications telling me to backup my key. Surely there's a better way.
My work computers are primarily Windows, but I also run Ubuntu as well. A solution that could be used on both platforms might be the best way to go.
Encryption Software Application
Moderator: General Moderators
- flying_circus
- Forum Regular
- Posts: 732
- Joined: Wed Mar 05, 2008 10:23 pm
- Location: Sunriver, OR
Re: Encryption Software Application
This isn't necessarily an answer to your question, but you should be aware of the Payment Card Industry Data Security Standard (PCI DSS):
http://en.wikipedia.org/wiki/PCI_DSS
https://www.pcisecuritystandards.org/se ... tarted.php
http://en.wikipedia.org/wiki/PCI_DSS
https://www.pcisecuritystandards.org/se ... tarted.php
- flying_circus
- Forum Regular
- Posts: 732
- Joined: Wed Mar 05, 2008 10:23 pm
- Location: Sunriver, OR
Re: Encryption Software Application
Hmm I hadn't given any thought to the PCI DSS standards, though I guess they would apply.André D wrote:This isn't necessarily an answer to your question, but you should be aware of the Payment Card Industry Data Security Standard (PCI DSS):
http://en.wikipedia.org/wiki/PCI_DSS
https://www.pcisecuritystandards.org/se ... tarted.php
A typical scenario would be a customer calling to pay an invoice and they give me (or a co-worker) their credit card info. Typically it gets written on a yellow sticky note until the card is processed (manually), and then the sticky note is run through the paper shredder. We don't accept payment on our website, but it has happened in the past where an out of country customer has emailed their payment info, which makes me uncomfortable, for them, just thinking about it.
I'm sure anyone who takes security seriously is cringing right now, but that's how small businesses do it. I'm trying to improve it a little
I think I might give truecrypt a try unless anyone has a more educated opinion than I do.
Re: Encryption Software Application
Correct. I've been using TrueCrypt myself for years and I can HIGHLY recommend it. It can create 'container files' which contain an encrypted virtual drive, but it can also encrypt entire partitions, including your system / boot drive (in that case you have to enter a password before booting windows/linux/whatever).flying_circus wrote:Ideally I need some type of a program that would store sensitive data in an encrypted file or database, but a quick google turned up "True Crypt" which says it can do a virtual encrypted disk. This would seem like an easy solution?
It works absolutely great, it's fast, secure, user friendly, extremely reliable, easy, and very convenient (besides entering a password I don't even notice it's there). I never had any trouble with drives becoming inaccessible or anything (*see below). But even in case of viruses or whatever, you could always attach the disk to another machine and mount it with TrueCrypt (to get access to your files without executing anything).
* this shouldn't be a point of concern in the first place, because if you're storing such important data, you should have backups anyway (preferably automated, every day). Not on the same drive of course, I mean remote backups (stored on an external drive or server), also encrypted of course. Harddrives can crash, break down and fail on you any day, you know
Always consider this: if your harddrive crashes RIGHT NOW and becomes completely inaccessible, not a single byte can be recovered, how screwed will you be? Take care of that first
- flying_circus
- Forum Regular
- Posts: 732
- Joined: Wed Mar 05, 2008 10:23 pm
- Location: Sunriver, OR
Re: Encryption Software Application
Thanks for the response. It sounds like the container file is exactly what I am looking for.
I'm not as concerned with a drive failure/data loss, especially with sensitive data. I'd sooner call my customer and ask for their info again, rather than to call and explain why they should call their bank. All of my "work" stuff is backed up. If I did lose a drive, I'd be upset, but not screwed. I've been using microsoft windows since 3.1, so I've gotten in the habit of having backups in anticipation of the annual reformat. I have about a dozen unmarked hard drives scattered around the office with a directory called "backup", each a different snap shot in time.... Yeah, I would be upset, it would be rebuildable but I should be more organized with my backups.
Thanks again
I'm not as concerned with a drive failure/data loss, especially with sensitive data. I'd sooner call my customer and ask for their info again, rather than to call and explain why they should call their bank. All of my "work" stuff is backed up. If I did lose a drive, I'd be upset, but not screwed. I've been using microsoft windows since 3.1, so I've gotten in the habit of having backups in anticipation of the annual reformat. I have about a dozen unmarked hard drives scattered around the office with a directory called "backup", each a different snap shot in time.... Yeah, I would be upset, it would be rebuildable but I should be more organized with my backups.
Thanks again