Drive Encryption: Methods and Tips

The World Wide Web hardly seems to anyone a safe place to store data. Every year there are a couple of high-profile cases in which cyber fraudsters are accused. And this is not at all surprising, since the security problems on the Internet are acute: someone voluntarily takes risks and uploads personal data, and someone becomes a victim of cyber attacks. Disk encryption is not a panacea for all such problems, but a good way to protect it.

What is it for

Of course, everyone wants to acquire personal space. To do this, you can set passwords on your smartphone and instant messengers. And many do so even if they have nothing to hide. Just everyone wants to protect their interests and have at least something personal, even if it’s not scary to share with your loved ones.

But if smartphones have long acquired various encryption methods, from passwords to fingerprints, then things are different with computers. Of course, you can put the code into the system. But the situations are different.

Suppose that you worked at a personal computer, but were distracted, and you left the workplace. Now it is becoming vulnerable: anyone who passes by will be able to access personal documents.

In this case, disk encryption will help to protect data stored in the system, but you will need to configure it correctly. Also, this method of protecting your own information will help if several people use the computer at once.

But the most dangerous thing in this situation is malware. It is because of it that a data leak often occurs. After downloading or viewing an unwanted file, you can "merge" all your personal data to scammers.

And it’s not scary if it will be a picnic photo, worse if cybercriminals recognize your logins or bank payment data. Therefore, if such information is stored on your computer, it is better to protect it with disk encryption. There are several available methods for this.

What is encryption?

This is the process of converting data that is stored in storage. In this case, all files become unreadable for very curious users. For encryption, special utilities or hardware can be used.

Thanks to applications, you can encrypt every bit on the disk. At the same time, only a professional who, in principle, does this can decrypt it. Inexperienced users of the same malware will not be able to overcome the encryption of the hard drive.

Encryption methods

Naturally, the number of document protection methods on the hard drive is quite large. Some of them can only be implemented by an experienced user or specialist. Although some are available to other users.

Encryption Types:

• transparent
• at the file system level;
• with a crypto processor.

Transparent encryption

Transparent encryption is an option to protect personal documents on the hard drive using any of the existing special utilities. In this case, the encryption is automated, so the data is either available or not available for interaction.

This method can encode partitions or work at the file level. For example, in the first case, you can "hide" the entire disk, and in the second, the selected file system.

At the file system level

This is another way to encrypt a drive. It can be considered a subsection of the previous version. It helps to “hide” every file, and access is obtained through authentication. This option can be briefly called FLE.

Some operating systems have a built-in tool for working with this encryption. In the event of a shortage of hardware utilities, you can use third-party projects. In this case, anyone who can study the file system can also find out the metadata and names of the encrypted documents.

Encoding the file system differs from protecting the entire disk in that in the second case, you need to go through a simple download and in this case you can get data from the archive. The first case involves authentication and receipt of each file that is encrypted.

Work with cryptoprocessor (TPM)

This is another way to encrypt your hard drive. You need to use a special crypto processor called Trusted Platform Module. This component is usually integrated into the motherboard, but not into each. It is an authenticator to hardware devices.

Working with him, you will need to install a special program. But not everyone is compatible and supports a crypto processor. Therefore, you have to choose the right utility. Best in this case is BitLocker.

Software Protection Methods

Hardware encryption methods do not always help and are not always available. Therefore, most often install other utilities. If you want to encrypt a drive in Windows 7 or any other version, you can download a special program.

The most popular is BitLocker. It functions along with a crypto processor, if any. But the crypto processor can not be found on every device, so otherwise you can use the programs VeraCrypt, TrueCrypt, CipherShed and Symantec Endpoint Encryption.

How to check for TPM?

Before choosing any of the above programs, you will have to figure out if there is a crypto processor on your personal computer. There are several ways to do this.

For example, if you have a laptop, you can find the specifications for it in the kit or on the Internet. Usually, support for such a technology is indicated there, so you do not have to install programs at random.

Also, in some cases, you can go to the "Device Manager". To do this, select "Control Panel", then - sort by large or small icons. In the new window there will be a list in which we are looking for the menu we need.

In the "Device Manager" the presence of the crypto processor can be seen in the list. It can be described as a “Security Device” or “Unknown Device”.

Finally, if you are still not completely sure that there is a crypto processor, try installing BitLocker, which only works with this technology. In the process of setting up encryption, the utility will indicate that there is no TPM.

Most popular way

BitLocker Drive Encryption is the most common way. Rather, due to the simplicity of the interface and the overall setup.

But the program is quite demanding, so it does not work with all variations of the system. For example, if you use Windows Vista, it should be the "Maximum" or "Corporate" version. The same situation with Windows 7.

You can find the program in the "Professional" or "Corporate" version of Windows 8, 8.1 and 10.

To start the program, you need to click on "Start" and enter its name in the search. This tool is preinstalled on the system, so it does not need to be installed on Windows 10.

BitLocker Drive Encryption is an English process, but if you follow the instructions, you won’t be mistaken anywhere:

1. In the window that opens, select the “Turn On BitLocker” command. This label will be opposite the drive that you want to encrypt.
2. You can run the program through the "My Computer" menu. It is enough to click RMB on the desired drive and select the appropriate option.
3. If you do not have TPM, then the program will hang on the process, and a message about the lack of technology will appear at the bottom.
4. If everything is correct, then you can continue to configure - click "Next" (or Next) three times.
5. The program will ask for a validation method. It’s better not to write the code to the USB flash drive, it is recommended to select “Require PIN at every startup”.
6. In a new window, you need to set a pin code. Of course, you need to write it down somewhere and not lose it. Below you need to repeat the password, and then press Set PIN.
7. Now click on “Next” and select “Continue”.
8. The system will ask you to restart your computer. We agree and enjoy the protected data.

What if there is no TPM?

Disk encryption in Windows 10 can be done without a hardware key storage module, as well as without a third-party program. To do this, you will have to configure the system:

1. In the Windows search, you need to enter "Group Policy" and go to the appropriate menu.
2. Click on "Change Group Policy", and in the new window continue the configuration.
3. We use the transition under the sections "Administrative Templates" - "Windows Components" - "BitLocker Drive Encryption" - "Operating System Disks".
4. In the list, you will find the line "This policy setting allows you to configure additional authentication at startup." You need to double-click on it and turn it on.
5. You need to check the box “Allow the use of BitLocker without a compatible trusted platform module” and save the changes.
6. Now go to the system disks and click on the one that you want to encrypt with the right mouse button. In the list, select encoding using BitLocker.
7. Then you just have to complete all the steps that were described in the previous section.

Using VeraCrypt for protection

Not every PC has a cryptographic module, but system disk encryption can be done using other programs that do not require this option. For example, VeraCrypt utilities.

First you need to download it from the Internet and install. The program has an English interface, so you have to follow the instructions:

• Run the utility.
• Go to the System tab and select "Encrypt System Partition / Drive".
• The program can make a fake section in which there will be nothing important. If attackers require your password, you can give a code from such a section. To do this, you need to further select "Hidden".
• If you do not need a hidden partition, then select the Normal setting.
• Next, you need to choose the full encryption of the hard drive or hide individual files. It is safer to “hide” the entire disk, so select “Encrypt the whole disk”.
• In the next paragraph, it is better to refuse encryption of the Host protected area, since the program does not always do this correctly.
• If only one operating system is installed on the PC, select “Single”.
• Next, configure the type of encryption. Better opt for AES. In this case, the decrease in performance will be insignificant.
• We enter the twice-invented password, which will need to be entered at each boot of the PC.
• In the next window, you just need to move the cursor randomly until the bottom bar is completely filled.
• After we click “Next” and you need to put a check mark at the very bottom if your PC does not have a recorder on which you could record the image.
• The image can be uploaded to the specified address, for example, a couple of flash drives or in the cloud.
• You can skip the next item and proceed to testing, during which the computer will reboot. After that it will be possible to complete the encryption process.

During a new boot, the system will ask for the password that you configured.

Working with Linux: Winchester Protection

Linux disk encryption is a similar process. Here, of course, there are several ways. For example, you can use the TrueCrypt program. You need to configure it in the same way as VeraCrypt. They even have a similar interface, since TrueCrypt has become the basis for creating VeraCrypt.

You can also use protection using LUKS. This technology is standard for encrypting a hard drive in a Linux system. You need to work with teams.

If you have never used them, you will still have to do this using the program, because for the command line you need to know special commands.

External drives and their protection

Encryption of external drives, in principle, is no different. The only thing in this case is that BitLocker is unlikely to be available to you, so you will have to use the other programs described earlier. It is important to understand that it is desirable to encrypt all flash drives and external drives, especially if you plan to upload important data there.

For protection, you can use TrueCrypt or VeraCrypt. The programs are configured the same way, so no questions should arise.

Disable protection

How to disable disk encryption? Sometimes laptops or PCs come immediately with encrypted drives. In this case, in “My Computer” you can see the corresponding icon. To get rid of the protection and reduced performance of the hard drive, you need to disable this option.

To do this, go to the system settings, select the "About the system" section, and disable encryption in it. This option is suitable if you have BitLocker running.

If you used a third-party program, you just need to open it and select the appropriate item. Usually in programs it can be called "unmount", etc.

Finally

Disk protection is important, especially when it comes to a working computer. Not everyone will be happy if their personal data is also made public. To prevent this from happening, it is better to use disk encryption.

In general, this point is especially important when it comes to external drives, which you can not only leave with friends, but simply lose. So that no one digs into your files, it is better to protect them with a password. If the disk falls into the hands of a hacker, he may be able to get to your data, but such a development is unlikely. Nevertheless, vigilance is never superfluous.

Encryption can be different, but if you are looking for easy ways, it is better to use the hardware method with the help of the built-in BitLocker utility. To do this, you do not need almost any additional settings and application installation.

But remember that this method only works if there is a cryptographic module on the motherboard. Otherwise, you will have to use third-party programs. Although working with them is not as difficult as it seems.