This article will be useful to any owner of a PC or laptop. Have you ever wondered how big your losses could be if your information falls into the wrong hands? Some of you back up important data to removable drives or to the cloud, but this does not protect against loss or theft of equipment. I started encrypting data right after my friend's laptop was stolen twice in a year. At the same time, I am an “Old Believer”, today I do not use a laptop and work exclusively on a PC, and I exclude risks for myself like “I forgot my bag with a laptop in a cafe”.

Think about what the most paranoid use of your data could be. Will your customer base be taken away? Will they steal money from the "webmoney" wallet? Get access to dozens of client projects for which you are in charge? Will you become a YouTube star?

Start encrypting your data.

An important point. I am not an information security professional. And the article is written based on my experience and preferences, and it describes methods that are suitable for personal use or small businesses, in the format "It is better to secure information this way than nothing."

If you are constantly using mobile devices- you can find useful applications in an article about free mobile applications for business.

Why encrypt data and be paranoid about passwords?

Here are cases from the life of the inner circle over the past few years:

• From a stolen laptop, they asked for a loan from friends in social networks and instant messengers for more than $1,000 in total;
• Leaked the client base, which has been accumulated over the years, to the forum of mailing lovers;
• The cost of a new foreign car was removed from the webmoney keeper;
• They took away domains with a good history and traffic.

More unpleasant options are also possible - if the equipment was "taken away" purposefully. The fundamentals of data security are being neglected everywhere. These are passwords saved in services and on sites, and passwords on the desktop in the “passwords.txt” file.

Most services are tied to mail, many receive mail either through mail clients (Outlook, Thunderbird and the like), or read in the browser, of course, saving the password. Often also the main mail was started 15 years ago, without linking the mobile. In this case, you can lose all access to services to which a phone number is not associated.

If you in a hurry began to rewrite passwords on a piece of paper and google "how to remove the password from the browser forever" - stop. Further in the article there will be some simple encryption options for residential and commercial use for small businesses.

Data encryption options, in what cases is it better to use them for life and business?

Here are three of the simplest, most cost-effective, and relatively reliable data storage options. Even if your equipment falls into the wrong hands, you will not be able to access the information.

The first option is encryption on removable media

Removable HDD or a flash drive, when connected, require you to enter a digital password on the media itself, in addition, the data itself is encrypted on the memory chip. This is how it looks like:

I see only 2 advantages of this option:

1. Compatible with different operating systems (it's just a flash drive).
2. Ability to enter a super secret password to delete all data, instead of a decryption password.

Well, another dubious plus - every time you connect the device, you will look like a bad parody of Tom Cruise in the Mission Impossible movie series.

1. Price.
2. Work speed. External drives(and especially flash drives) are slower.
3. Chance to get an additional headache when one of the numbers sinks or breaks.

My opinion is for those who like to play spies. Can be used as storage important information(write down all passwords and hide in a jar of cereal or a box of socks), but nothing more.

We are against purchased links, spam mailings and cheating. Only complex "white" promotion gives a long-term result.

The second option is to use programs to encrypt data on the disk

Since I use a lot of "Windows" programs for collecting and processing data in my work, I am limited in my choice operating system and I work on Windows. Like over 80% of PC and laptop users:

I settled on two data encryption implementations for Windows (BitLocker and VeraCrypt) because of the weighty advantages:

1. In the case of Windows from Vista version and higher, there is a standard tool for encrypting a disk or part of it - Bitlocker;
2. You can encrypt an entire disk partition, regardless of its size;
3. You can create a separate encrypted container of several gigabytes, which will look like a regular file, and you can get the data only by knowing what program the data was encrypted with and having received the password. As an example, an encrypted section in the .mp4 format may be in the "Movies" folder, and it is unlikely that anyone would think of trying to open a "broken" movie with the VeraCrypt program;
4. In the case of using VeraCrypt, when installing the appropriate software, the encrypted disk can be read both under MacOS and under the most common Linux distributions.
5. VeraCrypt allows you to create an additional encrypted partition inside an encrypted partition, sorry for the tautology. This allows you to create a cache within a cache, in simple terms. I did not use this function, but suddenly it will be useful for you to know.

Of the shortcomings discovered over several years of use:

1. Bitlocker is not a cross platform option. Neither under Mac OS nor under popular Linux distributions can a partition or disk encrypted by Bitlocker be opened. I accidentally found out about this when I needed to transfer it to a laptop with ubuntu data from an encrypted removable drive. Interestingly, under Windows XP there is the official Bitlocker To Go program from Microsoft, which allows you to read encrypted partitions.
2. A partition encrypted with VeraCrypt can only be opened using a computer with the program installed. True, there is an option to create a portable version of the decryption program along with an encrypted partition. But this immediately catches the eye and it is clear that there is encrypted data on the disk, partition or flash drive.

The third option is secure password storage.

Sometimes the protection of information is limited by the need to securely store passwords, for example, from:

• Cloud storage with data.
• remote server where all the work is done.
• Mail, social media accounts, etc.

In this case, there is no point in using a specialized software to store passwords. At the end of this article, I will tell you how you can store passwords even written on the monitor, and at the same time secure them.

Personal experience. How to encrypt a drive with Bitlocker

Bitlocker I use on home computer for three reasons:

1. I am a realist and I understand that I do not have any super-secret data for which it would be worth using any complex schemes for storing and encrypting data.
2. Bitlocker allows you to encrypt an already used disk partition. That is, it is enough to save critical data separately just in case, and you can start encrypting the disk.
3. This data does not require regular access from computers with a different OS, so instead of piling up third party programs it was easier and more logical to use the standard capability of the operating system.

How to enable BitLocker on Windows?

BitLocker can be run from next versions OS:

• Microsoft Windows Vista Maximum/Corporate;
• Windows 7 Ultimate or Enterprise;
• Windows Server 2008R2;
• Windows 8 Professional or Enterprise;
• Windows 8.1 Professional or Enterprise;
• Windows 10 Professional, Education, or Enterprise.

If you have a different OS version - most simple option will connect the disk to the computer with desired version Windows. One of the above versions is not required to work with an encrypted disk. For example, you can encrypt a disk partition by connecting it to a Windows 7 Ultimate computer and use it on a Windows 7 Home Basic computer.

BitLocker in Windows 7, Windows 8 and Windows 10 - Compatibility

There is a compatibility issue between drives encrypted in versions 7 and 8 and in version 10. Windows 7 and Windows 8 use AES algorithms for encryption, while Windows 10 uses XTS-AES algorithms. The developers say that this is not a bug, but a feature. Although, as for me, the incompatibility of encryption systems for operating systems released with a difference of 5 years (2009 and 2014) is not a good idea. The official Microsoft forum recommends using a different computer in such a situation. Which is at least strange, because even for the ancient Windows XP (released in 2001), they released the BitLocker To Go program, which allows you to connect a drive encrypted in Windows 7 and 8.

How to set up BitLocker?

Everything related to the encryption settings is stored in the editor of the local group policy. To get into it, click "Start", in the search bar, enter:

In the window that opens, go to the sections "Computer Configuration" - "Administrative Templates" - " Windows Components» – «Encryption bitlocker data»:

From useful to ordinary user I can highlight 2 settings in the local group policy editor.

The first is the choice of encryption method and the strength of the cipher.

The most reliable option available to choose from is AES with a 256-bit diffuser key. But to complete the task “an outsider will not get access to your data if they find your bag with a laptop”, any of the settings is enough. I did not notice a significant difference in the speed of work "by eye", so you can use the most advanced option.

The second setting that may be useful is the ability to encrypt the system drive (usually drive C) without the presence of a TPM module. TPM - Trusted Platform Module - a cryptoprocessor that allows you to encrypt data on the system drive. This module is not installed on most PCs and laptops, so without additional settings BitLocker encrypt G system disk will not work.

You can check if the TPM module is installed on your computer or laptop in the BIOS security settings.

If it is not installed, but you still want to encrypt the system drive, you will need to go to "Computer Configuration" - "Administrative Templates" - "Windows Components" - "BitLocker Data Encryption" - "Operating System Drives":

In the window that opens, you can allow the use of BitLocker without TPM:

Before encrypting a system drive, answer yourself 3 questions:

1. Does your laptop or computer support booting from a flash drive? If not, the system disk will not be encrypted.
2. Do you really have important data stored on the system drive? It's usually good practice to have multiple partitions (C, D) and store important information on the D drive.
3. What is the chance that the flash drive will break or be lost?

In my personal opinion, it's much easier to partition a disk into multiple partitions (or in the case of a computer, use multiple disks) and encrypt the data disk. There is only one drawback - it will be possible to turn on the computer and load the operating system.

There are many advantages:

1. Even in the event of a computer breakdown, you can simply remove the disk and decrypt it on another computer.
2. I already expressed my opinion on the daily connection and disconnection of the USB key at the beginning of the article - after 3 days you will get tired of pulling it back and forth, and it will always be connected.
3. Even expensive flash drives break. According to the law of meanness, this will happen at the most inopportune moment.

For me, the best answer to the question “Why not encrypt the system disk just because it is possible” was a week of monitoring unsuccessful attempts to decrypt the disk when the USB key was lost.

Therefore, the best option for personal use is to encrypt data on a separate drive, stop worrying and start living.

To be fair, it is no longer a problem to buy a laptop or motherboard with a TPM module:

What's the catch? If your computer or laptop supports TPM, but something happens with motherboard, you can say goodbye to your data on the system drive. The only way to avoid this is to make some USB dongles and hope that the flash drive with the dongle and motherboard laptops will not fail at the same time.

And an additional nuance - Windows is quite a capricious system. If your 2017 laptop burns out in 2020, and there is accounting for 3 years on the system disk, you will most likely have to look for a laptop of a similar configuration. Because even with a USB key, the operating system may not start on another hardware.

Again, for home use, it is enough to simply store important data on a separate drive or partition encrypted with BitLocker. Then, in the event of a computer breakdown, they can be decrypted on any other computer with a suitable OS version.

Let's move on to the practical part.

Encrypting a drive or flash drive with BitLocker

Practice is easier than theory. In the drop-down menu of the disk or flash drive, select the item "Enable Bitlocker":

An important point. Do backup sensitive data before encryption. In case something goes wrong (the light “blinks” in the middle of the process, for example), this is the best option. A 2 TB removable drive costs 5,000 rubles, which is several times cheaper than data recovery if encryption is interrupted in the middle of the process.

After encryption, in addition to the password, you will receive a key with which you can also decrypt the disk if you forget the password.

After selecting one of the options, encryption will begin.

A 16 GB flash drive was encrypted for about 1.5 hours. I left a two-terabyte disk overnight, so I didn’t accurately time it, but 6 hours was enough.

Precisely because the process itself can take 3-6 hours, I recommended making a backup on a separate disk. If your lights are turned off during disk encryption, neither the UPS nor the laptop battery will most likely be enough for the entire process.

When opening an encrypted disk, it is enough to enter the password:

After unlocking the drive works in normal mode. After unlocking, in the drop-down menu in the "BitLocker Management" item, you can:

• change the password to unlock the disk;
• remove disk password;
• add the need to connect a smart card to unlock;
• save or print the BitLocker recovery key;
• automatically unlock the current computer (never use this item).

How to use VeraCrypt? Installation and configuration instructions

The portable version (no installation required) is only available for Windows. Its use is advisable in the case when really secret data is encrypted, and even the presence installed program may suggest that there is an encrypted partition on a computer or laptop. I am using the regular version.

I will omit the installation process, it is unremarkable (according to license agreement, adding a shortcut to the desktop and start menu, installing for all users). During installation, you can select the Russian language for the program interface.

How to encrypt a disk or flash drive with VeraCrypt

Actually, the encryption process itself. We start the program:

Click "Create Volume":

1. Create an encrypted file. The most "spy" option. If you create a file “Zvezdnle.W0yny.Khan.s0l0-fullHD.mp4” weighing 9–12 GB and put it in the “movies” folder among 15 other films, then it will not be easy to guess that this particular file is the encrypted container.
2. Encryption of a disk, flash drive or partition completely. The disadvantage is that you can immediately see that the disk is encrypted. Although improvised means to decrypt it still does not work.
3. Encryption system partition disk.

We use the first option, the rest do not fundamentally differ, except for the time required to fully encrypt the disk.

Before encrypting any important information, make a copy of it. In any case, this will be cheaper than recovering data from a semi-encrypted disk.

Next option:

The second option allows you to create another encrypted partition inside the first encrypted partition. The current option, if you admit the possibility that the first password will be decrypted with the help of you and a soldering iron. I'll choose the first option:

Please note that you need to specify the name of the file, and not the existing file, because if the file exists, it will be deleted, and an encrypted partition will be created in its place.

We choose AES encryption with SHA-512 hashing - this is enough to decrypt the password on a regular computer using the selection method was unrealistic. The next step sets the size of the encrypted partition:

And set the password for the section:

In the next step, you will be prompted to select the file system of the encrypted partition. To do this, you need to answer the question - are you going to store files larger than 4 GB in it. And let's move on to encryption:

Now we move the cursor inside the window until the progress bar is filled, and then click "Mark".

This completes the encryption process. For the uninitiated person, there is a movie on the flash drive:

To use an encrypted partition, you must:

1. Launch the VeraCrypt program;
2. Select the drive letter on which the encrypted volume will be mounted;
3. Select the file of the encrypted partition;
4. Click "Mount";
5. Enter the password, wait 3-10 seconds.
6. The explorer will show new disk, which is the encrypted partition.

That's it, you can work with an encrypted partition as with a regular disk. Before you end work with an encrypted partition, you must close all applications that used files from this partition. After that, click "Unmount all" and the encrypted partition turns into a regular file again.

As you can see, there is nothing complicated in data encryption at the household level. But the probability of losing nerve cells is sharply reduced along with the loss of a laptop with confidential data.

Other disk encryption software for Windows and Mac OS

In addition to the options described above, you can use other solutions:

TrueCrypt

At first I wanted to use this program instead of VeraCrypt. Its capabilities are more than enough for both domestic and professional use. TrueCrypt can:

• Encrypt containers. You can encrypt only the information you need to use small media.
• Encrypt disk partitions.
• Encrypt an entire disk or flash drive.

In 2014, support and development of TrueCrypt was discontinued, the latest version of the program only allows you to decrypt data, without the possibility of encryption. The official website has a recommendation to switch to BitLocker. Since TrueCrypt has been one of the most popular free programs to encrypt data - this gave rise to many rumors about the pressure on software developers. Indirectly, this confirms the fact that an independent security audit, for which more than $60,000 was collected, did not find critical vulnerabilities in the latest versions of the program.

Today, the unofficial site is the https://truecrypt.ch project.

Conspiracy theorists are in doubt - which is better? Don't use BitLocker because it's too suspicious that the former official site is referring to it? Or not to use TrueCrypt, all of a sudden the special services specially made a new "rebel" website and stuffed it into source"Bookmarks" that allow you to decrypt encrypted data?

However, TrueCrypt for Windows, MacOS, Linux can be downloaded from the site:

The site has an English-language support forum, where newbie questions are regularly answered.

I confess that my choice was influenced by a common household factor - I do not want to re-encrypt several disks if TrueCrypt suddenly stops updating or becomes incompatible with latest versions Windows OS (in the screenshot above, you can see that Windows 10 is no longer listed in the download list).

Therefore, I chose VeraCrypt, as in my opinion, the most promising offshoot of TrueCrypt. The project is constantly evolving:

But I think you will agree with me - it doesn't matter, does it all look suspicious? Who could write on Wikipedia that VeraCrypt is more resistant to possible NSA attacks if not an NSA officer on duty?

FireVault and FireVault 2 for MacOS

laptop owners and Apple computers can be used for encryption official program FireVault. In fact, this is an analogue of BitLocker, only for MacOS. The disadvantage of the first version, used in OS versions up to and including Mac OS X Snow Leopard, is the ability to encrypt only the user's home folder. The second version of the program is used since OS X Lion and allows you to encrypt the entire disk.

Detailed Russian-language instructions for encryption boot partition given on the official website.

If your Mac version The OS only allows you to encrypt your home folder -- you can use TrueCrypt or VeraCrypt and create an encrypted partition.

CipherShed

However, you may have a different opinion. Write in the comments if the article was useful to you? Do you use encryption? Maybe you have a simple and proven way to protect data that I didn't mention?

Data encryption is extremely important to protect privacy. In this article, I will talk about various types and encryption methods that are used to protect data today.

Did you know?
Back in Roman times, Julius Caesar used encryption to make letters and messages unreadable to the enemy. It played an important role as a military tactic, especially during wars.

As the possibilities of the Internet continue to grow, more and more of our businesses are being recruited online. Among these, the most important are Internet banking, online payment, e-mails, exchange of private and official messages, etc., which involve the exchange of confidential data and information. If this data falls into the wrong hands, it can harm not only the individual user, but the entire online system business.

To prevent this from happening, some online security measures have been put in place to protect the transmission of personal data. Chief among these are the processes of encrypting and decrypting data, which is known as cryptography. There are three main encryption methods used in most systems today: hashing, symmetric, and asymmetric encryption. In the following lines, I will talk about each of these types of encryption in more detail.

Encryption types

Symmetric encryption

In symmetric encryption, normal readable data, known as plain text, is encoded (encrypted) such that it becomes unreadable. This data scrambling is done using a key. Once the data is encrypted, it can be securely transferred to the receiver. At the recipient, the encrypted data is decoded using the same key that was used for encoding.

Thus it is clear that the key is the most important part of symmetric encryption. It should be hidden from outsiders, since anyone who has access to it will be able to decrypt private data. This is why this type of encryption is also known as a "secret key".

AT modern systems ah, the key is usually a string of data that comes from a strong password, or from a completely random source. It is fed into symmetric encryption software, which uses it to secure the input. Data scrambling is achieved using a symmetric encryption algorithm such as Data Encryption Standard (DES), Advanced Encryption Standard (AES), or International Data Encryption Algorithm (IDEA).

Restrictions

The weakest link in this type of encryption is the security of the key, both in terms of storage and transmission of the authenticated user. If a hacker is able to get his hands on this key, he can easily decrypt the encrypted data, destroying the whole point of the encryption.

Another drawback is due to the fact that the software that processes the data cannot work with encrypted data. Therefore, to be able to use this software, the data must first be decoded. If the software itself is compromised, then an attacker can easily get the data.

Asymmetric encryption

An asymmetric encryption key works similarly to a symmetric key in that it uses a key to encrypt the messages being sent. However, instead of using the same key, it uses a completely different one to decrypt this message.

The key used for encryption is available to any and all network users. As such it is known as the "public" key. On the other hand, the key used for decryption is kept secret and is meant to be used privately by the user himself. Hence, it is known as the "private" key. Asymmetric encryption is also known as public key encryption.

Since, with this method, the secret key needed to decrypt the message does not have to be transmitted every time, and it is usually known only to the user (receiver), the likelihood that a hacker will be able to decrypt the message is much lower.

Diffie-Hellman and RSA are examples of algorithms that use public key encryption.

Restrictions

Many hackers use "man in the middle" as a form of attack to bypass this type of encryption. In asymmetric encryption, you are given a public key that is used to secure exchange data with another person or service. However, hackers use deception networks to trick you into communicating with them while making you believe you are on a secure line.

To better understand this type of hacking, consider the two interacting parties Sasha and Natasha, and the hacker Sergei with the intention of intercepting their conversation. First, Sasha sends a message over the network meant for Natasha, asking for her public key. Sergei intercepts this message and obtains the public key associated with her and uses it to encrypt and send a fake message to Natasha containing his public key instead of Sasha's.

Natasha, thinking this message came from Sasha, now encrypts it with Sergey's public key and sends it back. This message was again intercepted by Sergey, decrypted, modified (if desired), encrypted again using the public key that Sasha had originally sent, and sent back to Sasha.

Thus, when Sasha receives this message, he has been led to believe that it came from Natasha and continues to be unaware of the foul play.

Hashing

The hashing technique uses an algorithm known as a hash function to generate a special string from the given data, known as a hash. This hash has the following properties:

• the same data always produces the same hash.
• it is not possible to generate raw data from a hash alone.
• It's not worth trying different combinations input to try to generate the same hash.

Thus, the main difference between hashing and the other two forms of data encryption is that once the data is encrypted (hashed), it cannot be retrieved in its original form (decrypted). This fact ensures that even if a hacker gets their hands on the hash, it will be useless to him, as he will not be able to decrypt the contents of the message.

Message Digest 5 (MD5) and Secure Hashing Algorithm (SHA) are two widely used hashing algorithms.

Restrictions

As previously mentioned, it is nearly impossible to decrypt data from a given hash. However, this is only true if strong hashing is implemented. In the case of a weak implementation of the hashing technique, using enough resources and brute force attacks, a persistent hacker can find data that matches the hash.

Combination of encryption methods

As discussed above, each of these three encryption methods suffers from some disadvantages. However, when a combination of these methods is used, they form a reliable and highly effective system encryption.

Most often, private and public key techniques are combined and used together. The secret key method allows fast decryption, while the public key method offers a safer and more convenient way to transmit the secret key. This combination of methods is known as the "digital envelope". Encryption program Email PGP is based on the "digital envelope" technique.

Hashing finds use as a means of checking the strength of a password. If the system stores the hash of the password instead of the password itself, it will be more secure, because even if the hash falls into the hands of a hacker, he will not be able to understand (read) it. During verification, the system will check the hash of the incoming password, and see if the result matches what is stored. This way, the actual password will only be visible in the brief moments when it needs to be changed or verified, greatly reducing the chance of it falling into the wrong hands.

Hashing is also used to authenticate data with a secret key. The hash is generated using the data and this key. Therefore, only the data and the hash are visible, and the key itself is not transmitted. This way, if changes are made to either the data or the hash, they will be easily detected.

In conclusion, these techniques can be used to efficiently encode data into an unreadable format that can ensure that it remains secure. Most modern systems typically use a combination of these encryption methods along with a strong implementation of algorithms to improve security. In addition to security, these systems also provide many additional benefits, such as verifying the user's identity and ensuring that the data received cannot be tampered with.

Nowadays, small businesses often neglect the protection of information. Large corporations usually have their own IT divisions, powerful technical support and advanced hardware.

Smaller companies typically rely on consumer software, which can have significant data security flaws. However, information in small organizations is also very important and needs to be fully protected.

Data encryption- an excellent tool for maintaining the security of valuable information when transferring data via the Internet, backing up to cloud servers or when storing information on a laptop that will be checked at the airport.

Data encryption prevents anyone other than you and your legal representative from viewing sensitive information. Most programs used in offices and home computers have built-in data encryption tools. In this article, we will look at where to find them and how to use them.

A little about passwords

Any discussion of encryption methods should start with a very different topic - password complexity. Most data encryption methods require you to enter a password for later encryption and decryption on replay. If you use a weak password, an attacker will be able to pick it up and decrypt the file, and this will negate the whole point of encryption.

A complex password should be at least 10 characters, 12 characters is much better. It must include a random sequence capital letters, lowercase letters, numbers, and symbols. If it's much more convenient for you to remember letters, use a password of 20 characters or more and it will be secure in this case.

If you are not sure about the security of your password, use the online Secure Password Check utility from Kaspersky to check it.

Full encryption of logical drives

Most Windows users protect their account with a password. This action will not protect your data if your computer is stolen or hard drive. An attacker will be able to directly access the data on the hard drive through another OS. If you store a large amount of important sensitive data, it is wiser to use full-disk encryption to protect against device theft.

A toolkit from Microsoft called BitLocker makes it very easy to encrypt an entire hard drive if two conditions are met:

1. You are an Ultimate or Enterprise license holder Windows systems 7 or Vista or Pro licenses or Enterprise in the case of Windows 8

2. Your computer is equipped with a TRM (Trusted Platform Module) chip, a special crypto processor that contains cryptographic keys to protect

To check for TRM, run BitLocker. Windows will automatically inform you if there is no this module when trying to enable encryption. To activate BitLocker follow Control Panel -> System and Security -> Encryption BitLocker drive or search for "Bitlocker" on Windows 8.

From the Bitlocker main menu, select the "Enable BitLocker" option next to the drive you want to encrypt. If your PC does not meet the BitLocker requirements, you can still use programs or DiskCryptor to encrypt entire partitions (for more information about encryption methods using TrueCrypt, see the second part of the article).

Encryption of external hard drives and USB drives

For full encryption of flash drives and portable hard drives, you can use the Bitlocker To Go tool, which is specially designed for portable devices. To work, you also need Pro and Enterprise licenses of the operating system, but the TRM module is no longer required.

To successfully complete encryption, simply insert the device, navigate to the BitLocker menu and at the bottom of the window select the "Enable BitLocker" option next to the icon of the desired storage medium.

Internet traffic encryption

Sometimes you need to encrypt incoming and outgoing Internet traffic. If you are working with unsafe wireless connection Wi-Fi (for example, at the airport), an attacker can intercept confidential data from your laptop. To prevent this possibility, you can use VPN encryption technology.

A VPN creates a secure "tunnel" between your computer and a secure third-party server. Data passing through this "tunnel" (both outgoing and incoming information) are encrypted, which will make it safe even in case of interception.

A large number of VPNs are now available with low monthly usage fees (such as Comodo TrustConnect or CyberGhost VPN). You can also customize your own private network for personal or business needs. The selection process and VPN settings quite long, we will not dwell on it in more detail.

Data encryption on cloud servers such as Dropbox

If you use Dropbox or SugarSync, we hasten to please you - these services have built-in tools for automatically encrypting data to protect it while it is being moved or stored on servers. Unfortunately, these services also contain keys for decrypting data, this need is dictated by law.

If you keep confidential information in online services, use an extra layer of encryption to protect your data from prying eyes. The most efficient method is to use TrueCrypt to create an encrypted volume directly inside your Dropbox account.

If you want to be able to access data from other computers, simply upload the portable version of TrueCrypt to your Dropbox storage. For these purposes, when installing TrueCrypt, select the “Extract” option in the TrueCrypt program menu and specify the location in your online storage.

Based on the materials of the Internet portal PCWorld

How to encrypt any data. Part 2...

Found a typo? Select and press Ctrl + Enter

We live in a time when every child has his own computer. And the whole personal life of a person is often located in this plastic box, which is, or iron, which is called the SYSTEM UNIT.

And as you understand, although we live in an age of high technology, people who want to know other people's secrets have not decreased. And since it's become so accessible, even more so. Therefore, the issue of the safety of our data is more acute than ever.

How to encrypt data in Linux?

Users of Ubuntu Linux can relax, because in this system (at the request of the user) the entire home directory is encrypted.

Thus, even if your laptop falls into the wrong hands, no one will be able to see your data and use it for their own selfish purposes. So don't forget to tick the Tick to make the disk encrypted!

How to encrypt data in Windows?

But here Windows users less fortunate, there is no such thing. No, there is something related to encryption, but have you ever used it? And is this feature available in the home version?

One way or another, but in view of the fact that there is a need for this, more than one program has already been created to solve this problem -

What can this program do? Here is what the authors of this software say:

The program supports these encryption types: AES, OpenPGP, 3DES, Crypto-Pro, MS CSP, GOST, BlowFish, RSA, S/MIME.

Create encrypted virtual volumes for data storage. It is more convenient when you store data not on a USB flash drive, but on the computer itself.

Hides protected data so that it is not even visible that you are encrypting something on your computer. This will help protect you from even trying to decrypt your data.

Outlook mail encryption - if you use this mail program. Mail is a very private matter, so keeping your mail private is very important.

I myself personally tried to install the program only, but I didn’t seriously use it because of not a strong need, I wrote more for you.

If you used this program, then tell us what are the pros and cons of it? But how can you still encrypt data on a hard drive, are there any more convenient and at the same time free programs?

If you want to store files on the Internet, then here you can read about . How to encrypt data on a flash drive? This is a topic for a future article, the topic is also interesting, since flash drives are lost, and the data on them can be VERY valuable!

The main features of the Folder Lock program are as follows:

• AES encryption, key length 256 bits.
• Hiding files and folders.
• File encryption (by creating virtual disks - safes) on the fly.
• Online backup.
• Create secure USB/CD/DVD discs.
• Encryption of email attachments.
• Creation of encrypted "wallets" that store information about credit cards, accounts, etc.

It would seem that the program has enough opportunities, especially for personal use. Now let's look at the program at work. At the first start, the program asks to set a master password, which is used to authenticate the user in the program (Fig. 1). Imagine this situation: you hide files, and someone else runs the program, sees which files are hidden, and gains access to them. Agree, not very good. But if the program asks for a password, then this “someone” will not succeed - at least until he picks up or finds out your password.

Rice. 1. Setting a master password on first start

First of all, let's see how the program hides files. Go to section Lock Files, then either drag files (Fig. 2) and folders to the main area of ​​the program or use the button Add. As shown in fig. 3, the program allows you to hide files, folders and drives.

Rice. 2. Drag the file, select it and click the button lock

Rice. 3. Button Add

Let's see what happens when we press the button lock. I tried hiding the C:\Users\Denis\Desktop\cs.zip file. The file has disappeared from Explorer, Total Commander and others file managers, even if display is enabled hidden files. The hide file button is called lock, and the section Lock Files. However, these UI elements should be named Hide and Hide Files respectively. Because in fact the program does not block access to the file, but simply “hides” it. Look at fig. 4. I, knowing the exact file name, copied it to the cs2.zip file. The file copied smoothly, there were no access errors, the file was not encrypted - it unpacked as usual.

Rice. 4. Copy a hidden file

By itself, the hiding function is stupid and useless. However, if you use it together with the file encryption function - to hide the safes created by the program - then the effectiveness of its use will increase.
In chapter Encrypt Files you can create safes (Lockers). A safe is an encrypted container that, once mounted, can be used as normal disk- Encryption is not simple, but transparent. The same technique is used by many other encryption programs, including TrueCrypt, CyberSafe Top Secret, and others.

Rice. 5. Encrypt Files Section

Click the button Create Locker, in the window that appears, enter a name and select the location of the safe (Fig. 6). Next, you need to enter a password to access the safe (Fig. 7). The next step is to choose the file system and size of the safe (Figure 8). The size of the safe is dynamic, but you can set a maximum limit. This allows you to save disk space if you do not use the safe "to the eyeballs". You can optionally create a fixed size safe, which will be shown in the Performance section of this article.

Rice. 6. Name and location of the safe

Rice. 7. Password to access the safe

Rice. 8. File system and safe size

After that, you will see the UAC window (if it is enabled), in which you will need to click Yes, then a window with information about the created safe will be displayed. In it, you need to click the Finish button, after which the Explorer window will open, displaying the mounted container (media), see fig. 9.

Rice. 9. Virtual disk created by the program

Return to section Encrypt Files and select the created safe (Fig. 10). Button Open Locker allows you to open a closed safe, Close Locker- close open, button Edit Options calls up a menu containing commands for deleting/copying/renaming/changing the password of the safe. Button Backup Online allows you to back up the safe, and not just anywhere, but to the cloud (Fig. 11). But first you have to create an account Secure Backup Account, after which you will get up to 2 TB disk space, and your safes will be automatically synchronized with the online storage, which is especially useful if you need to work with the same safe on different computers.

Rice. 10. Operations on the safe

Rice. 11. Create a Secure Backup Account

Nothing just happens. You can find storage fees for your safes at secure.newsoftwares.net/signup?id=en . For 2 TB you will have to pay $ 400 per month. 500 GB will cost $100 per month. To be honest, it's very expensive. For $50-60, you can rent a whole VPS with 500 GB "on board", which you can use as storage for your safes and even create your own website on it.
Note that the program can create encrypted partitions, but unlike PGP Desktop, it cannot encrypt entire disks. In chapter Protect USB/CD you can protect your USB/CD/DVD drives as well as email attachments (Figure 12). However, this protection is carried out not by encrypting the media itself, but by writing a self-decrypting safe to the appropriate media. In other words, a truncated portable version of the program will be written to the selected media, allowing you to “open” the safe. As such, this program does not have support for mail clients either. You can encrypt an attachment and attach it (already encrypted) to an email. But the attachment is encrypted normal password, not PKI. I don't think it's worth talking about reliability.

Rice. 12. Protect USB/CD section

Chapter Make Wallets allows you to create wallets containing information about your credit cards, bank accounts, etc. (Fig. 13). All information, of course, is stored in encrypted form. With all responsibility, I can say that this section is useless, since there is no function for exporting information from the wallet. Imagine that you have many bank accounts and you have entered information about each of them into the program - account number, bank name, account owner, SWIFT code, etc. You then need to provide account information to a third party to transfer money to you. You will have to manually copy each field, paste it into a document or email. The presence of the export function would greatly facilitate this task. As for me, it is much easier to store all this information in one common document, which must be placed on the virtual disk created by the program - safe.

Rice. 13. Wallets

Benefits of Folder Lock:

• Attractive and clear interface, which will appeal to novice users who speak English.
• On-the-fly transparent encryption, creating virtual encrypted disks that can be handled like regular disks.
• Possibility of online backup and synchronization of encrypted containers (safes).
• Ability to create self-extracting containers on USB/CD/DVD drives.

Program disadvantages:

• There is no support for the Russian language, which will complicate the work with the program for users who are not familiar with English.
• Questionable functions Lock Files (which just hides, not "locks" files) and Make Wallets (ineffective without exporting information). To be honest, I thought that the Lock Files function would provide transparent encryption of a folder / file on a disk, as CyberSafe Top Secret does or file system EFS.
• Inability to sign files, verify digital signatures.
• When opening the safe, does not allow you to select the drive letter that will be assigned to the virtual drive that corresponds to the safe. In the program settings, you can only choose the order in which the program will assign a drive letter - ascending (from A to Z) or descending (from Z to A).
• No integration with mail clients, there is only the option to encrypt the attachment.
• The high cost of cloud backup.

PGP Desktop

Symantec's PGP Desktop is a suite of encryption software that provides flexible, multi-level encryption. The program differs from CyberSafe TopSecret and Folder Lock in tight integration into the system shell. The program is built into the shell (Explorer), and access to its functions is carried out through the Explorer context menu (Fig. 14). As you can see, the context menu has the functions of encryption, file signing, etc. Quite interesting is the function of creating a self-extracting archive - on the principle of a self-extracting archive, only instead of unpacking the archive is also decrypted. However, Folder Lock and CyberSafe also have a similar feature.

Rice. fourteen. Context menu PGP Desktop

Also, access to the program functions can be obtained through the system tray (Fig. 15). Team Open PGP Desktop opens the main program window (Fig. 16).

Rice. 15. System tray program

Rice. 16. PGP Desktop window

Program sections:

• PGP Keys- key management (both own and imported from keyserver.pgp.com).
• PGP Messaging- management of messaging services. During installation, the program automatically detects your Accounts and automatically encrypts AOL Instant Messenger communications.
• PGP Zip- management of encrypted archives. The program supports transparent and non-transparent encryption. This section just implements opaque encryption. You can create an encrypted Zip archive (PGP Zip) or a self-extracting archive (Figure 17).
• PGP Disk is an implementation of the transparent encryption function. The program can either encrypt an entire hard disk partition (or even an entire disk) or create a new virtual disk (container). There is also a Shred Free Space feature that allows you to overwrite free disk space.
• PGP Viewer- here you can decrypt PGP messages and attachments.
• PGP NetShare- a tool for "sharing" folders, while the "balls" are encrypted using PGP, and you have the ability to add / remove users (users are identified based on certificates) that have access to the "ball".

Rice. 17. Self decrypting archive

As for virtual disks, I especially liked the ability to create a dynamically sized virtual disk (Figure 18), as well as choosing a non-AES algorithm. The program allows you to select the drive letter to which the virtual disk will be mounted, and also allows you to automatically mount the disk at system startup and unmount it when idle (by default, after 15 minutes of inactivity).

Rice. 18. Create a virtual disk

The program tries to encrypt everything and everything. It monitors POP/SMTP connections and offers to secure them (Figure 19). The same goes for instant messaging clients (Figure 20). It is also possible to protect IMAP connections, but it must be separately enabled in the program settings.

Rice. 19. SSL/TLS connection detected

Rice. 20. PGP IM in action

It's a pity that PGP Desktop doesn't support popular modern programs like Skype and Viber. Who uses AOL IM now? I think there are few of them.
Also, when using PGP Desktop, it is difficult to set up mail encryption, which works only in interception mode. But what if the encrypted mail has already been received, and PGP Desktop was launched after receiving the encrypted message. How to decrypt it? You can, of course, but you have to do it manually. In addition, already decrypted letters in the client are no longer protected in any way. And if you configure the client for certificates, as is done in the CyberSafe Top Secret program, then letters will always be encrypted.
The interception mode does not work very well either, since the message about mail protection appears every time for every new mail server, and gmail has a lot of them. You will get tired of the mail protection window very quickly.
The program also does not differ in stability (Fig. 21).

Rice. 21. PGP Desktop stuck...

Also, after installing it, the system worked slower (subjectively) ...

Benefits of PGP Desktop:

• A complete program used to encrypt files, sign files, and verify electronic signature, transparent encryption (virtual disks and whole partition encryption), email encryption.
• Keyserver support keyserver.pgp.com.
• The ability to encrypt the system hard drive.
• PGP NetShare feature.
• The possibility of overwriting free space.
• Tight integration with File Explorer.

Program disadvantages:

• Lack of support for the Russian language, which will complicate the work with the program for users who do not know English.
• Unstable operation of the program.
• Poor program performance.
• There is support for AOL IM, but no support for Skype and Viber.
• Emails that have already been decrypted remain unprotected on the client.
• Mail protection works only in interception mode, which you will quickly get tired of, since the mail protection window will appear every time for each new server.

CyberSafe Top Secret

As in the previous review, detailed description there will be no CyberSafe Top Secret program, since our blog has already written a lot about it (Fig. 22).

Rice. 22. CyberSafe Top Secret Program

However, we still pay attention to some points - the most important. The program contains tools for managing keys and certificates, and the presence in CyberSafe of its own key server allows the user to publish his public key on it, as well as receive public keys other employees of the company (Fig. 23).

Rice. 23. Key management

The program can be used to encrypt individual files, which was shown in the article “Electronic signature: practical use of the CyberSafe Enterprise software product in an enterprise. Part one" . As for encryption algorithms, the CyberSafe Top Secret program supports GOST algorithms and a certified CryptoPro provider, which allows it to be used in government agencies and banks.
Also, the program can be used to transparently encrypt a folder (Fig. 24), which allows it to be used as a replacement for EFS. And, given that the CyberSafe program turned out to be more reliable and faster (in some scenarios) than EFS, then it is not only possible, but also necessary to use it.

Rice. 24. Transparent encryption of the C:\CS-Crypted folder

The functionality of the CyberSafe Top Secret program resembles that of the PGP Desktop program - if you notice, the program can also be used to encrypt e-mail messages, as well as to electronically sign files and verify this signature (section Email digital signature, see fig. 25).

Rice. 25. Section Email digital signature

Like PGP Desktop, CyberSafe Top Secret can create virtual encrypted disks and encrypt entire hard disk partitions. It should be noted that CyberSafe Top Secret can only create virtual disks of a fixed size, unlike Folder Lock and PGP Desktop. However, this shortcoming is neutralized by the possibility of transparent encryption of the folder, and the size of the folder is limited only by the amount of free space on the hard disk.
Unlike the PGP Desktop program, the CyberSafe Top Secret program cannot encrypt the system hard drive, it is limited to encrypting external and internal non-system drives.
But CyberSafe Top Secret has the ability to cloud backup, and, unlike Folder Lock, this feature is absolutely free, or rather, the cloud backup function can be configured for any service - both paid and free. You can read more about this feature in the article Encrypting backups on cloud services.
It is also necessary to note two important features of the program: two-factor authorization and a system of trusted applications. In the program settings, you can either set up password authentication or two-factor authentication (Fig. 26).

Rice. 26. Program settings

On the tab Allowed. applications you can define trusted applications that are allowed to work with encrypted files. By default, all applications are trusted. But for more security, you can specify applications that are allowed to work with encrypted files (Figure 27).

Rice. 27. Trusted Applications

Benefits of the CyberSafe Top Secret program:

• Support for GOST encryption algorithms and a certified CryptoPro provider, which allows the program to be used not only by individuals and commercial organizations, but also by government agencies.
• Support for transparent folder encryption, which allows you to use the program as a replacement for EFS. Given that the program provides the best level of performance and security, such a replacement is more than justified.
• Ability to sign files electronically digital signature and the ability to verify the signature of a file.
• A built-in key server that allows you to publish keys and access other keys that have been published by other employees of the company.
• Ability to create a virtual encrypted disk and the ability to encrypt the entire partition.
• Ability to create self-decrypting archives.
• The possibility of free cloud backup that works with any service - both paid and free.
• Two-factor user authentication.
• A system of trusted applications that allows you to restrict access to encrypted files only to certain applications.
• The CyberSafe application supports the AES-NI instruction set, which has a positive effect on program performance (this fact will be demonstrated later).
• The driver of the CyberSafe program allows you to work over the network, which makes it possible to organize corporate encryption.
• Russian-language interface of the program. For English-speaking users, it is possible to switch to English.

Now about the shortcomings of the program. The program has no particular shortcomings, but since the task was set to honestly compare the programs, the shortcomings still have to be found. If you really find fault, sometimes in the program (very, very rarely) non-localized messages like “Password is weak” “slip through”. Also, while the program does not know how to encrypt the system disk, but such encryption is not always necessary and not for everyone. But all this is trifles compared to the PGP Desktop freeze and its cost (but you don't know about it yet).

Performance

When working with PGP Desktop, I got the impression (already immediately after installing the program) that the computer began to work more slowly. If not for this "sixth sense", then this section would not be in this article. It was decided to measure the performance with CrystalDiskMark. All tests are carried out on a real machine - no virtual machines. Notebook configuration is as follows - Intel 1000M (1.8 GHz)/4 GB RAM/WD WD5000LPVT (500 GB, SATA-300, 5400 RPM, 8 MB buffer/Windows 7 64-bit). The machine is not very powerful, but what is.
The test will be done as follows. We launch one of the programs and create a virtual container. The container options are as follows:

• The virtual disk size is 2048 MB.
• File system - NTFS
• Drive letter Z:

After that, the program closes (of course, the virtual disk is unmounted) - so that nothing interferes with the test of the next program. The next program is launched, a similar container is created in it, and the test is performed again. To make it easier for you to read the test results, we need to talk about what the CrystalDiskMark results mean:

1. Seq - sequential write/sequential read test (block size = 1024KB);
2. 512K - random write/random read test (block size = 512KB);
3. 4K - the same as 512K, but the block size is 4 KB;
4. 4K QD32 - random write/read test (block size = 4KB, Queue Depth = 32) for NCQ&AHCI.

During the test, all programs except CrystalDiskMark were closed. I chose a test size of 1000 MB and set 2 passes so as not to force my hard drive once again (as a result of this experiment, its temperature increased from 37 to 40 degrees).

Let's start with a regular hard drive, so that there is something to compare with. The performance of the C: drive (and this is the only partition on my computer) will be considered a reference. So, I got the following results (Fig. 28).

Rice. 28. Hard drive performance

Now let's start testing the first program. Let it be Folder Lock. On fig. 29 shows the parameters of the created container. Please note: I'm using a fixed size. The results of the program are shown in fig. 30. As you can see, there is a significant decrease in performance compared to the benchmark. But this is normal - after all, the data is encrypted and decrypted on the fly. Performance should be lower, the question is how much.

Rice. 29. Folder Lock Container Options

Rice. 30. Folder Lock Results

The next program is PGP Desktop. On fig. 31 - parameters of the created container, and in fig. 32 - results. My feelings were confirmed - the program really works more slowly, which was confirmed by the test. That's just when this program "slowed down" not only the virtual disk, but even the entire system, which was not observed when working with other programs.

Rice. 31. PGP Desktop Container Options

Rice. 32. PGP Desktop Results

It remains to test the CyberSafe Top Secret program. As usual, first - the parameters of the container (Fig. 33), and then the results of the program (Fig. 34).

Rice. 33. CyberSafe Top Secret Container Options

Rice. 34. Results of the CyberSafe Top Secret program

I think the comments will be superfluous. The performance rankings were as follows:

1. CyberSafe Top Secret
2. Folder Lock
3. PGP Desktop

Price and conclusions

Since we were testing proprietary software, another important factor to consider is price. The Folder Lock app will cost $39.95 for one installation and $259.70 for 10 installations. On the one hand, the price is not very high, but the functionality of the program, frankly, is small. As already noted, the functions of hiding files and wallets are of little use. The Secure Backup feature requires an additional fee, so paying almost $40 (if you put yourself in the place of an ordinary user, not a company) just for the ability to encrypt files and create self-decrypting safes is expensive.
The PGP Desktop program will cost $97. And remember, this is just the starting price. The full version with a set of all modules will cost about $180-250 and this is only a license for 12 months. In other words, each year you will have to pay $ 250 for using the program. As for me, this is overkill.
The CyberSafe Top Secret program is the golden mean, both in terms of functionality and price. For an ordinary user, the program will cost only $50 (special anti-crisis price for Russia, for other countries full version cost $90). Please note, this is how much the most complete version of the Ultimate program costs.
Table 1 contains a comparison table of the functions of all three products, which can help you choose your product.

Table 1. Programs and functions

Function	Folder Lock	PGP Desktop	CyberSafe Top Secret
Virtual encrypted disks	Yes	Yes	Yes
Whole partition encryption	Not	Yes	Yes
System Drive Encryption	Not	Yes	Not
Convenient integration with email clients	Not	Not	Yes
Email Encryption	Yes (limited)	Yes	Yes
File encryption	Not	Yes	Yes
EDS, signing	Not	Yes	Yes
EDS, verification	Not	Yes	Yes
Transparent folder encryption	Not	Not	Yes
Self decrypting archives	Yes	Yes	Yes
Cloud backup	Yes (paid)	Not	Yes (free)
Trusted Application System	Not	Not	Yes
Support of a certified crypto provider	Not	Not	Yes
Token support	Not	None (ended)	Yes (when installing CryptoPro)
Own key server	Not	Yes	Yes
Two-factor authentication	Not	Not	Yes
Hiding individual files	Yes	Not	Not
Hiding hard drive partitions	Yes	Not	Yes
Wallets for storing payment information	Yes	Not	Not
GOST encryption support	Not	Not	Yes
Russian interface	Not	Not	Yes
Sequential Read/Write (DiskMark), MB/s	47/42	35/27	62/58
Price	40$	180-250$	50$

Given all the factors outlined in this article (functionality, performance and price), the winner given comparison is the CyberSafe Top Secret program. If you have any questions, we will be happy to answer them in the comments.

Tags: Add tags