Page 1 of 1

Encryption Software Application

Posted: Thu Jun 30, 2011 5:40 pm
by flying_circus
Consider me completely new to encryption applications I have always avoided disk encryption utilities because I know that if I get a virus, I can't pull the drive and retrieve my files (perhaps this is my ignorance showing? I'm sure it is.). To be honest, I try not to keep sensitive data anyways.... Long story short, I have some customers that have asked me to keep their credit card numbers on file.

Ideally I need some type of a program that would store sensitive data in an encrypted file or database, but a quick google turned up "True Crypt" which says it can do a virtual encrypted disk. This would seem like an easy solution?

What are you using, and would you be willing to share why you like it? I'd appreciate any other tips on whats out there and available. My only experience in windows has been withh windows EFS and repeated annoying balloon notifications telling me to backup my key. Surely there's a better way.

My work computers are primarily Windows, but I also run Ubuntu as well. A solution that could be used on both platforms might be the best way to go.

Re: Encryption Software Application

Posted: Thu Jun 30, 2011 7:40 pm
by André D
This isn't necessarily an answer to your question, but you should be aware of the Payment Card Industry Data Security Standard (PCI DSS):
http://en.wikipedia.org/wiki/PCI_DSS
https://www.pcisecuritystandards.org/se ... tarted.php

Re: Encryption Software Application

Posted: Fri Jul 01, 2011 12:57 am
by flying_circus
André D wrote:This isn't necessarily an answer to your question, but you should be aware of the Payment Card Industry Data Security Standard (PCI DSS):
http://en.wikipedia.org/wiki/PCI_DSS
https://www.pcisecuritystandards.org/se ... tarted.php
Hmm I hadn't given any thought to the PCI DSS standards, though I guess they would apply.

A typical scenario would be a customer calling to pay an invoice and they give me (or a co-worker) their credit card info. Typically it gets written on a yellow sticky note until the card is processed (manually), and then the sticky note is run through the paper shredder. We don't accept payment on our website, but it has happened in the past where an out of country customer has emailed their payment info, which makes me uncomfortable, for them, just thinking about it.

I'm sure anyone who takes security seriously is cringing right now, but that's how small businesses do it. I'm trying to improve it a little :?

I think I might give truecrypt a try unless anyone has a more educated opinion than I do.

Re: Encryption Software Application

Posted: Fri Jul 01, 2011 4:58 am
by Apollo
flying_circus wrote:Ideally I need some type of a program that would store sensitive data in an encrypted file or database, but a quick google turned up "True Crypt" which says it can do a virtual encrypted disk. This would seem like an easy solution?
Correct. I've been using TrueCrypt myself for years and I can HIGHLY recommend it. It can create 'container files' which contain an encrypted virtual drive, but it can also encrypt entire partitions, including your system / boot drive (in that case you have to enter a password before booting windows/linux/whatever).

It works absolutely great, it's fast, secure, user friendly, extremely reliable, easy, and very convenient (besides entering a password I don't even notice it's there). I never had any trouble with drives becoming inaccessible or anything (*see below). But even in case of viruses or whatever, you could always attach the disk to another machine and mount it with TrueCrypt (to get access to your files without executing anything).

* this shouldn't be a point of concern in the first place, because if you're storing such important data, you should have backups anyway (preferably automated, every day). Not on the same drive of course, I mean remote backups (stored on an external drive or server), also encrypted of course. Harddrives can crash, break down and fail on you any day, you know :)
Always consider this: if your harddrive crashes RIGHT NOW and becomes completely inaccessible, not a single byte can be recovered, how screwed will you be? Take care of that first :)

Re: Encryption Software Application

Posted: Fri Jul 01, 2011 2:19 pm
by flying_circus
Thanks for the response. It sounds like the container file is exactly what I am looking for.

I'm not as concerned with a drive failure/data loss, especially with sensitive data. I'd sooner call my customer and ask for their info again, rather than to call and explain why they should call their bank. All of my "work" stuff is backed up. If I did lose a drive, I'd be upset, but not screwed. I've been using microsoft windows since 3.1, so I've gotten in the habit of having backups in anticipation of the annual reformat. I have about a dozen unmarked hard drives scattered around the office with a directory called "backup", each a different snap shot in time.... Yeah, I would be upset, it would be rebuildable but I should be more organized with my backups.

Thanks again :)