Continuing the discussion about securing your backup media in transit, here is a tutorial on how to create a very secure media for public transport.
The target is to create a CD/DVD media that will contain a highly protected sensitive information. For this example, the sensitive information is a System State Backup of a Domain Controller, as per the example in http://www.shortinfosec.net/2008/06/6-steps-to-securing-your-backup-media.html
The process is as follows
- Create a Truecrypt encrypted volume. Use dual encryption with different algorithms. The example uses Twofish-AES combination.
- Name the volume file using a non-descript name, and protect the volume using a strong password.
- Repeat steps 1 and 2 two more times, creating volumes of similar or same size as the first one, with similar file names.
- The process in the example creates the files aws.ade, asq.dew and awd.adss
- Mount one of the volumes (the example uses aws.ade volume) and save the sensitive file inside the volume.
- Dismount the volume and burn all three files aws.ade, asq.dew and awd.adss to a CD
- Place the CD inside a tamper-evident envelope with non-repeatable serial number and record the serial number.
- Send the CD by courier. Call the recipient via a cell phone call and dictate the decrypting password and the file name containing the encrypted data.
Risk of losing backup media - real example
8 Tips for Securing from the Security expert
TrueCrypt Full Disk Encryption Review
5 rules to Protecting Information on your Laptop
Talkback and comments are most welcome