The need for Full Disk Encryption (FDE) / System Encryption

With the increasing number of mobile computing devices the fixed desktop PC in the home has been on the decrease, in favour of a mix of mobile platforms. Whilst a number of people use their mobile or tablet devices for browsing the web, there is a large number of laptops in use which do not feature the common mobile ‘switch on’ storage encryption.

The need

The need full disk encryption to protect data at rest on laptop (and desktop) devices has never been so important. The largest concern for most security aware users, is the risk to their personal data through opportunistic theft of their device. Whether this be on a train, from a car or even their home.

You can protect against data loss through failure or device theft through good backups, however protecting the confidentiality of stored data requires Full Disk Encryption and strong passwords.

What is FDE / System Encryption?

“Disk encryption is a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. Disk encryption prevents unauthorized access to data storage.

Expressions full disk encryption (FDE) or whole disk encryption often signify that everything on disk is encrypted – including the programs that can encrypt bootable operating system partitions – when part of the disk is necessarily not encrypted. On systems that use a master boot record (MBR), that part of the disk remains non encrypted. Some hardware-based full disk encryption systems can truly encrypt an entire boot disk, including the MBR.” Wikipedia, 29 Dec 2015

Encryption Options

To encrypt a Windows 10 system you have 2 choices, BitLocker or 3rd party encryption software. BitLocker is made by Microsoft and included with Windows 10 Pro, therefore if your a home user you would need to pay to upgrade from home to pro. There are a number of 3rd party software options, and I am not going to attempt to cover them all, however they fall in to two broad categories. Free (as in beer), some of which are also Free as is (Freedom, Free and Open Source Software FOSS), and commercial where you would need to part with your hard earned cash.

Truecrypt

I will mention Truecrypt first… A favourite no-cost solution for a large number of users was Truecrypt, however recently the project has been shelved by the developers and is no longer being maintained. Therefore it is advisable lo look at alternatives.

VeraCrypt

The VeraCrypt project describe the protect as: “VeraCrypt is a free disk encryption software brought to you by IDRIX (https://www.idrix.fr) and that is based on TrueCrypt 7.1a.”. They have taken the truecrypt source code and have continued to develop it, resolving issues identified during the Truecrypt audit, and are looking to continue building features.

The GPT problem

One of the core problems with some of these encryption solutions today is the lack of support for GPT, its likely if you are a Windows 8, 8.1 or 10 user, that you have a GUID Partition Table (GPT).

Solutions like VeraCrypt will not currently work for you on a system with a GPT drive (correct at time of writing, Dec 15). However there are some options….

See my next blog item: VeraCrypt Full Disk Encryption on Windows 10 (Coming soon)

Please feel free to comment below.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published. Required fields are marked *