"Everybody needs beauty as well as bread, places to play in and pray in, where nature may heal
and give strength to body and soul." - John Muir   Get Kids Outdoors - Get Active - Get Walking

skip



Security and Privacy Guide


How to Encrypt Files or Your Whole Hard Drive

If you want to keep using Windows, I strongly recommend saving your files with the fourth option below.

Options

(from next to least secure to most secure)

  1. in encrypted folders (next to least secure)(Microsoft recommends never encrypting individual files - least secure, and encrypting the folders instead. However, you may consider making an exception when sending them to someone else. After sending it, securely erase the file, or encrypt the folder it's in.)
  2. on an encrypted partition (more secure)
  3. on an encrypted hard disk drive (even more secure, especially on laptops - see note below)
  4. on encrypted removable media, and your encryption key on a separate encrypted removable medium, and encrypting your whole hard disk drive (most secure, especially on laptops - see note below)

Note: ''Normally, after you power on a computer and it goes through its memory test, the boot loader will load the OS. When you install drive encryption software [and encrypt the whole hard disk drive], it modifies the boot loader to run instead of Windows on boot. The encryption software then authenticates the user, and, on success, loads Windows.'' - NetworkComputing.com

File Encryption Hardware and Software

skip

Encrypting Your Whole Hard Disk Drive

skip

Note: I strongly recommend encrypting your real operating system, as well as your data, with one of the software programs in this section.

As mentioned earlier: skip

The alternative to these options is to encrypt your whole hard drive with full disk encryption software and save the key, or password, on an encrypted removable medium.

Warning: Encrypting a whole hard drive once in a while corrupts the data stored on it.

I strongly recommend creating an image of your hard drive with one of these disk imagers and saving it to a separate storage medium before installing any full disk encryption program.

Encrypt your single or dual-boot system's whole hard disk drive or drives with one of the following software programs.

Storing The SysKey

skip

''There are three modes in which Syskey operates. In mode one, enabled on all [Windows 2000, XP Pro and] Server 2003 computers by default, a system key is generated by the computer randomly and an encrypted version of the key is stored locally. In this mode, you can still restart the computer normally.''

''In mode 2, the system key is generated and stored in the same way as with mode 1, but an additional password, selected by the administrator, provides further protection. When you restart the computer, you must enter this system key password during startup. This additional password is not stored locally.''

''Mode 3 is the most secure method of operation. [emphasis added] The computer-generated key is stored on a floppy disk instead of locally. You can't start the computer unless you have physical possession of the floppy disk, as it must be inserted in the disk drive when you are prompted during startup.'' - article ''Securing Server 2003 Domain Controllers'' by Deb Shinder at WindowsSecurity.com

I strongly recommend storing your SysKey with mode 3, especially if you have a laptop / notebook.

Note: In Windows 2000, XP and 2003 ''Syskey mode 3 requires a floppy disk. No other type of removable media is supported for syskey storage [unfortunately].'' Windows Vista's BitLocker has a USB option. skip

ATTENTION: ''Do not store the key on an ERD [Emergency Repair Disk]. To do so would be to provide two items needed to attack your system in one location. Do make copies of the disk. Without it you cannot boot your Windows NT system.'' - article ''Protecting the SAM with Syskey'' by Roberta Bragg at Informit.com skip


Privacy Watch

For more articles on how to protect your private data, visit Privacy Watch. Few things are more valuable than your personal data. PC World Senior Associate Editor Andrew Brandt shows you how to protect it.


Security and Privacy Guide


Back to Navigation Links


Get notified when this page changes.

ChangeDetection.com
(requires free registration, has RSS option)
     It's Private


WatchThatPage.com
(requires free registration, has several options)


If you like my web site, tell your friends and family about it. (A window will appear if Javascript is enabled in your browser, and if you temporarily disable your popup blocker, if you have one.)

Recommend my web site to a friend for free.
powered by bravenet.com


Place a Pin on My Guestmap


Please read my disclaimer before visiting the following top sites.

  • Christian Top 1000
  •   Fish the Net's Top Christian Web Sites
  •   Crossmap's Christian Website Rankings
  •   Top Christian Web Sites

Brent's Place at brentsplace.info

©2000-2006 All rights reserved.

Naturalist Template provided by Designs by Darren. Released under a Creative Commons License.
Image of Half Dome provided by PD Photo and STUDIO7DESIGNS in Nautica 2.2 Template
Basic CSS Menu provided by CSS Play.