Creating secure CD/DVD media for transport usingTruecrypt

Continuing the discussion about securing your backup media in transit, here is a tutorial on how to create a very secure media for public transport.

The target is to create a CD/DVD media that will contain a highly protected sensitive information. For this example, the sensitive information is a System State Backup of a Domain Controller, as per the example in http://www.shortinfosec.net/2008/06/6-steps-to-securing-your-backup-media.html

The process is as follows

  1. Create a Truecrypt encrypted volume. Use dual encryption with different algorithms. The example uses Twofish-AES combination.
  2. Name the volume file using a non-descript name, and protect the volume using a strong password.
  3. Repeat steps 1 and 2 two more times, creating volumes of similar or same size as the first one, with similar file names.
  4. The process in the example creates the files aws.ade, asq.dew and awd.adss
  5. Mount one of the volumes (the example uses aws.ade volume) and save the sensitive file inside the volume.
  6. Dismount the volume and burn all three files aws.ade, asq.dew and awd.adss to a CD
  7. Place the CD inside a tamper-evident envelope with non-repeatable serial number and record the serial number.
  8. Send the CD by courier. Call the recipient via a cell phone call and dictate the decrypting password and the file name containing the encrypted data.
Here is a video clip demonstrating the process of creation of secure media, using Truecrypt




Related posts
Risk of losing backup media - real example
8 Tips for Securing from the Security expert
TrueCrypt Full Disk Encryption Review
5 rules to Protecting Information on your Laptop

Talkback and comments are most welcome

1 comment:

Anonymous said...

DiskCryptor is doing the same thing but it's easier because you can encrypt an .iso file (and then burn it and mount CD/DVD with DC).

Designed by Posicionamiento Web