1

I've been reading up on how to secure my data if someone has gained physical access to the machine, e.g. stolen it. And that seems like a very hard thing to do, as indicated by a number of posts.

It is certainly possible to make it harder to gain access to the data. But it has to weighed against the ease of using it. If it becomes to cumbersome, the likelihood of taking shortcuts greatly increases.

I am not storing NSA secrets or company financials. Just family photos, documents, and a few personal keys and certificates. But I'm disliking the thought of someone possibly gaining access to it.

What are some manageable ways for me to protect my data if my home computer and/or backup NAS gets stolen?

Update: Full disk encryption seems to be the answer. I have all my personal files on the D drive, is it enough to just encrypt that?

Community
  • 1
Thomas Jensen
  • 189
  • 6
  • 3
    The easiest way is to setup full disk encryption on your system. All modern OS have that capacity natively (with various level of ease of use, sometimes depending on your hardware) – Stephane Jul 10 '15 at 11:32
  • I would'n trust BitLocker or any other encryption owned by Microsoft or Apple, use a open-source software for that. Encryption + proprietary code is NEVER a good combination! – Freedo Jul 10 '15 at 16:33
  • The answer to "is it enough to...?" depends very much on the threat model. A sophisticated attacker would be trivially able to, say, replace the keyboard driver with one that logs all key strokes, thereby gaining access to the passphrase you use to unlock your second hard disk. A casual snooper likely wouldn't. So: what's your threat model? – user Aug 24 '15 at 13:45

2 Answers2

3

Disk Encryption seems like the easiest way to take care of your data in this situation, and password protecting your things is a great deterrent. Set a strong password on your laptop, and if you're using a USB thumbdrive with password capabilities I'd set that up too. The goal is really to mitigate the theft of the data, so when you think about this sort of protection don't think of it as how to keep the physical items safe, but how can I keep the data safe if someone got their hands on it, and in that respect the more hoops an attacker needs to jump through in order to view the data, the more deterred they will be. Consider a home security system as a point of reference; the system doesn't prevent someone from breaking in, but the threat of the alarms makes a thief reconsider.

One other method you may want to consider is backing up any personal data like this on to something like a portable HDD or a home server. If you take your laptop out and it gets stolen, at the very least you know the thief hasn't gotten away with much, and you have a backup of everything you want to keep to boot. Something to think about at least. Hope this helps!

Stealth_kong
  • 314
  • 1
  • 6
1

  1. Simply encrypt all disk.

  2. Use different password only for encryption.

  3. When you'll have more disks, use different passwords for each one.

  4. You can store passwords in software like KeePass, LastPass etc.

Tomasz Klim
  • 1,466
  • 12
  • 13