New Fun Blog – Scott Bilas

In a previous post I talked about how I keep my data physically secure, based on the guidelines I had laid out. Now, let’s assume that physical security has failed. How can this problem be minimized?

Data Security

Data security for me is two main things: protection and recovery.

First, if the hardware holding the data disappears, I don’t want to have a chance of anyone being able to use it. Whether it’s email, passwords, financial statements, code, SDK’s protected by NDA, or whatever.

And second, I’ve got to be able to restore what was lost so I’m back up and running in as little time as possible.

Data Protection

So first let’s hit the data protection: keeping my private bits out of someone else’s hands (har har).

Protecting My Hardware

This is relatively easy: use TrueCrypt. It’s free, really easy to set up, and doesn’t noticeably affect system performance. Well, except for large file writes where the kernel CPU time goes up some. Depends on hardware setup. On my notebook it hasn’t been an issue for me at all.

TrueCrypt has a huge advantage over Vista’s BitLocker: it works on the entire system drive, and encrypts in-place. And it works on all versions, not requiring the overpriced Super Ultimate Deluxe Vista. I looked into using BitLocker anyway (I got a free copy of Ultimate from Microsoft for working on the Vista in-box games), but it requires a special partition, and looks like it will be a pain in the ass to set up. Other than the poor GUI, TrueCrypt is better than Microsoft’s stuff in every possible way.

TrueCrypt is super easy to set up. You install it, then tell it to encrypt the system drive. After some setup, burning and testing a recovery disk and some compatibility tests, TrueCrypt converts your system drive while you are using Windows. You can even shut down and restart and it will pick up where it left off. Really neat.

So I did the full system drive. If someone gets it, I’m safe.

I also did half of my USB backup disk as a single TrueCrypt file and set up some shortcuts to mount/dismount easily. The other half is used for Ghost backups, which has its own encryption so it’s stored in the clear area of the drive. I wanted to keep the route to restoring from backup as simple as possible.

If you don’t typically want a Recycle Bin on your encrypted USB drive, set the TrueCrypt default mount options for “removable”.

Some Misdirection

There’s one extra TrueCrypt feature I use worth mentioning. I’m hoping this will avoid potential irritation when I reenter the States. I’ve heard plenty about our idiot government forcing citizens to type in their passwords so they can search their hard drives, maybe even making full copies to search later. Say no and the thugs will impound the equipment (note: this is not the TSA, it’s our glorious U.S. Customs). This massive invasion of privacy is being fought by the ACLU and EFF and many others (one small reason I give them money every year).

Until the customs regulations are fixed, how about we protect ourselves with some misdirection?

TrueCrypt lets you change the boot-up screen to show a short bit of text instead. Let’s use a nasty sounding error like “Drive failure detected”. It makes no indication that the machine is encrypted and asking for a password (keystrokes are not echoed to screen).

Now if they say “turn it on and type your password” I’ll say it broke when we were in the jungle or whatever and hasn’t worked since. Look, see? Hard drive failure, poor me, I’m so very sad!

I like this solution a lot better than the hidden OS idea, which is more of a pain to maintain and will waste a lot of my time at the border. And if they impound it anyway, well, I’ll have already backed up everything I really care about to my NAS sitting in the States.

Working With Their Hardware

Ideally I’m on my own network with my own equipment. But too often I’m forced to go to the locutorio and use their equipment. How do I keep this safe? I have to assume a malicious sysadmin, or user, or virus has key loggers going. Or malware watching what I’m doing through their installed browsers.

Best case: forget the locutorio, buy a cellular modem, and run on Claro anywhere in the country. Around $60 a month or so. I regret not doing this actually, it would make it easier to work almost anywhere we go. Now it’s too late, as they have a six month minimum plan and we’re only here another four months.

Pretty good case: plug in directly to their network. I carry a network zip cord with me just in case they let me at the switch, but I’ve only been able to do this in one place so far (I used D-Link’s micro travel Wi-Fi to share it among our two notebooks and my iPod, which was awesome). Or if they have Wi-Fi, use that direct. This is super rare in Peru. Even at places that advertise Wi-Fi chances will be that it’s broken.

But even if Wi-Fi blanketed the Earth, I’d still have issues when we need to check email and I don’t have my notebook with me (like if we’re travelling light).

Grudgingly ok case: use portable and secure software of my own on a USB key. These things get bigger and cheaper every day. I use a 16GB stick which has been more than enough.

Allison has her own USB key that I manage as well. We take these everywhere with us in our wallets. They’re very small and are basically our keys to the Internet when we’re out and about travelling lightly.

Contents Of My USB Key

So what’s on it? Mainly, Portable Firefox with LastPass. And a bunch of other stuff. Here’s the contents:

• “Data” folder with a big TrueCrypt file.
  • I never end up using this at locutorios. It’s mainly for keeping ultra critical files with me and secure (like small backups of my notebook).
• “Portable” folder with all my portable apps. More on that in a bit.
• “Recovery” folder with…
  • LastPass client app
  • Norton Ghost recovery and installer
  • TrueCrypt recovery and installer (still requires master password to work so this does not compromise security of my notebook)
  • Boot disk ISO for DOS with tools. Just in case…? Well, I’ll never use this, it gives me a warm feeling to have it.
• Autorun.ini in root pointing to Portable Apps shell
  • Autorun is disabled on my own PC but usually enabled on PC’s in locutorios, so let’s make it auto-launch the shell for convenience.
  • Note that autorun is a great target for viruses so there’s a chance this file will get screwed with once you plug it in. Check on it every once in a while to make sure it’s still got your stuff in it.
• Root folder has my email address.
  • If I lose the USB key I really doubt I’ll get it back, but maybe I’ll get lucky.

I occasionally make changes to the USB drive. Upgrade Firefox and add-ins, add a new portable app, upgrade the ClamWin database, etc. Once done, I back it up using 7-Zip for the nuke-the-entire-site-from-orbit option if I pick up something nasty at a locutorio. And I’ll propagate it over to Ally’s key. It’s good to keep things current and doesn’t take long.

It goes without saying that this is all Windows software. There are exactly zero locutorios with anything other than Windows. I’ve seen everything from Win95, 98, 2000, up to XP, plus weird heavily modded setups that make XP or 98 look like Vista. But not once ever a Mac or Linux. Always Windows.

PortableApps

The main download comes with most things I need, but I’ve had to add a few portable apps.

Here’s the full list of what I use: Firefox, 7-Zip, ClamWin, IrfanView, Notepad++, On-Screen Keyboard (for entering passwords), SpeedCrunch, TrueCrypt, Sumatra PDF, VLC Player, LastPass Pocket, and OpenOffice. I haven’t needed OpenOffice yet as all locutorios have had Microsoft Office already (most likely pirated).

Portable Firefox is already set up pretty well for running from a USB stick but it’s worth reviewing the configuration. A lot of these public machines are old and don’t have USB 2, so you want to kill as much disk activity as possible or it will run incredibly slow. This means turning off saving history, sessions, disk cache, phishing detection, and so on. You want these off anyway for better security. Test it with ProcMon to see when it touches the disk and try to turn off the appropriate option.

My Firefox includes only these Add-ons: LastPass for logins (more on this in a bit), DownThemAll for downloads, and AdBlock Plus of course. Not just to kill annoying ads, but it really speeds up internet browsing on slow locutorio shared connections. And make sure to install the Flash and Java plugins for sites that need it. For example the LAN Perú web site stupidly requires Java for their seat assignment. These need to be installed on the actual machine you’re using in order to work, but it’s good to have the Firefox side of these plugins installed and ready into the portable app so you can use them.

For a bit more privacy, have Firefox clear all saved data on exit. Now, you could put all the portable apps in a TrueCrypt partition, but you can’t guarantee that the machine will let you run TrueCrypt to mount the file as a drive (requires admin access).

And lastly, be sure to disable all auto-update features. You want to do updates manually over a trusted connection on trusted hardware after scanning the stick for viruses. I don’t trust any software downloaded on a public PC. Plus, having Firefox auto-downloading a patch in the background while browsing on a slow connection is really frustrating.

LastPass

I love LastPass. It has made web browsing so much easier and more secure for me and my lady.

LastPass is a browser add-in, web app, and portable app that uses the LastPass.com servers to synchronize passwords, secure forms and notes, and so on. The LastPass servers never see the clear text version of anything as all encryption is done client-side, which is great. It’s getting increasingly worrying that so many incredibly useful web services these days (Digsby, Mint, grr) do server-side encryption and storage of passwords.

I’ve stopped using the same four passwords for all my web sites and am instead generating unique, secure passwords for each. All synchronized across all my machines and the USB key! This is so important for stupid web sites like americanexpress.com that have silly password requirements like “no more than 8 characters”.

So when entering a locutorio, I…

1. Pop in the USB key.
2. Launch PortableApps if it doesn’t come up on its own.
3. Launch Portable Firefox and On-Screen Keyboard.
4. Hit the LastPass button on Firefox and use portable On-Screen Keyboard to enter my master password.
5. Browse away!

I can’t say enough good things about LastPass. It has completely replaced my stored passwords in Firefox and misc “password.txt” type files on my machine.

Here are some of my favorite things:

• It has an optional auto-login feature. You can just open facebook.com and it types in your username and password and hits the login button for you. I love this.
• LastPass works on all sites I’ve tried so far, including all those banks that prevent browser-based password storage.
• You can share passwords through the web service. Ally and I use this for common sites we use like Mint.com.
• It stores form data (credit card info) as well as “secure notes” that can contain whatever you want. The form data can be auto-filled in for registrations. Multiple profiles supported so I can do “Home” and “Work” etc.
  • It even detects when you’re registering for an account somewhere and offers to generate a secure password for you and store it in
    the password + confirm password fields.
• It even handles old-school web-based authentication. So I don’t have to remember the usernames and passwords for Wi-Fi routers and other primitive hardware.

LastPass is currently totally free. The team is apparently planning on making money via the enterprise route. I wish them well. If they start charging for mere humans too, I will happily pay. I love LastPass!

As a side note, this has completely fixed the problem with Ally choosing passwords like ilovemycat and allison12345. LastPass combined with the USB key makes me pretty confident that she’s not inadvertently exposing us. She has exactly one very secure gateway password to remember. It’s easier to be secure than not. Thanks LastPass!

What I Really Want

I’m still not happy trusting another machine to run applications, even ones that I can control like Portable Firefox. For the moment I’m assuming that malicious users/sysadmins/malware are all going for the easy wins: people going to public machines and typing in their passwords to use IM and mail and so on. But in the future, things are going to get bad.

So I would like to see both of the following devices invented!

USB Drive Network Device

This would be a device that plugs into USB on the public machine and is connected to my notebook.

On the public machine end, the device appears to be an ordinary USB drive. That way, there is no need to install drivers or require special admin access to use it. Then you run a special user-mode app that talks to the device with a special protocol. Perhaps a pair of virtual “files” that are written/read in streams. It would forward reads/writes to/from the network card as packets. Sort of like shared memory IPC in Windows.

On the other end, we have maybe a USB connector, or a network jack, or ideally a secure private Wi-Fi. This part would talk to your notebook or iPod or other internet-capable device. And it would look exactly like a network adapter to it.

The point is that you’d be able to use the internet on your notebook as if it was directly connected to the network switch in the locutorio. And you wouldn’t need any special access to do this.

USB Drive PC

This is a variation on the above, except more portable. Instead of requiring a notebook computer on the other end of the public PC, move your computer inside the device. Take a tiny ultra low power PC running embedded Linux on flash and stick it in the device. Hopefully powered by USB, but if not, then include a li-ion battery.

Then the client software running on the public PC handles the network emulation as before, but adds a VLC client to talk to the embedded PC. The public PC becomes a simple dumb terminal, just exchanging user input and network packets with the embedded one. No special permissions required to use. Totally secure and portable!

The two devices could be combined as well. Use the Wi-Fi if you have your computer with you, use the embedded low-power PC if not.

Does something like this exist already? Seems like there would be a good market for this kind of thing.

Data Recovery

I wrote a previous post about backups. Let’s adjust it to how I tend to travel.

Backups

Basically my remote working backup strategy works like this:

If at home in Arequipa:

• Fully automated scheduled backup to fatty USB drive with Norton Ghost 14.
  • Two system images on the drive at once, rotated.
  • Every Sunday start a new full system image backup (takes 4-5 hours including verify).
  • Back up incrementals every two hours (usually takes 1-5 minutes).
• Keep USB drive physically separate from notebook overnight, just in case.

If away from home:

• Fat USB drive stays at home locked away.
• USB key is with me as always. Stays down my pants with my passport and money in my secure wallet latched to my belt.
• Regular backups with the free Areca Backup of just my critical data to the TrueCrypt image on my USB key.
  • Not the system, but the stuff that changes. Documents, OneNote notebooks, code projects, Firefox profile, etc. Blog post drafts.
  • Why not Ghost for this? Not as configurable. My USB key is relatively small so I only want the absolute critical stuff backed up to it. No .obj or .pdb files, for example. No temp files. Areca makes it pretty easy.

Always:

• When connected to the Loose Cannon VPN
  • OneNote will sync itself to my workstation at the office (which has its own regular Ghost backup schedule going on). Nice extra copy to have. OneNote contains a ton of really valuable stuff for me that I don’t want any chance of losing.
  • Regular checkins of code to Perforce, of course. And updates to our wiki.
• Windows Live Sync set up between my notebook and Ally’s.
  • This keeps common “family” docs and all our Peru pictures mirrored. This gives us four physical copies.
  • These files are really valuable to us so I am super careful to protect it all.
  • Did you know that Live Sync detects if you’re on the same local net and switches to peer-to-peer if so? This makes syncing Ally’s many gigs of Peru pictures very fast. I heart Live Sync.

Norton Ghost

A quick word on Ghost. I went through several other shadow copy-based systems and Ghost was the only one that was stable and had the options I needed. True Image had severe problems with crashing and non-completing backups on my machine, and was very unreliable. Vista’s built-in backup is reliable but is so dumbed-down in the options available as to be useless to me.

Ghost still has problems of course…

• It occasionally does a hard system lockup on my machine during a backup.
  • Nothing corrupted, just have to do it over. Happens once every few weeks. Frustrating.
  • I have to work with their support people to figure this out, but I’m not optimistic. I have heard really bad things about their support.
• There are lots of UI bugs, particularly in its tray app.
• It has a pretty horrid and confusing interface. It’s really only good at doing system images. Try to do file/folder backup and get ready to be frustrated (which is why I use Areca here).

When I was researching which app to use, I learned not to pay attention to any opinions written online by users. It’s an exercise in frustration. Most users who post on the internet and complain about software have this weird combination of anger and ignorance that just fills the Googles with noise. Try things out yourself. It may turn out that Ghost doesn’t work for you, but True Image works great. That’s what the 30-day fully-functional eval is for. There are also other options.

As a side note, Ghost is probably the only decent thing that Symantec sells. That company has a serious problem with marketroids running the show and destroyin
g their products (much like RealNetworks).

Recovery

If something bad happens, I need to be able to get back to work as quickly as possible. Down time means I have to use up vacation days, and I need those for Colca Canyon!

There are a few reasons that I’ll need to do data recovery, in increasing severity:

• Whoops! Deleted/overwrote a file by accident. Restore file from backup.
• Serious problem on notebook. Hard drive failure, system destroyed, and so on. Restore entire system image.
• Notebook fried or stolen. Switch temporarily to Ally’s notebook while I figure out getting a replacement.

I have some strategies for dealing with each. Thankfully I haven’t had to use any yet, but I am prepared!

For simple data loss, the solution is easy. Open up Ghost or Areca and do a restore. I will have at least two copies of each file, possibly a lot more depending on how many times it changed in the past week. The rotating full system images give me a couple weeks to notice a missing file.

For critical data loss where I need to do a system restore, I have several copies of recovery disks. There’s the physical CD I burned with Ghost’s recovery software on it. I also have copies of its ISO on the various USB disks in case we need to burn a new CD.

For hardware loss where I need to switch to Ally’s or a new machine, I can’t do a system image recovery of course. It would wipe out all her data. For this, I have ISO’s of all the major software I use like Visual Studio and Maya. I can install what I need, and restore enough of my document tree into a new account on her machine to get back to work as soon as possible. When I get a new machine of my own to work on, I have my ISO of Vista to use on it to start fresh.

And of course, I keep copies of device driver installers on my USB drives in case I need to solve any issues on the road. This was useful when I was diagnosing a hardware failure (of a dying ExpressCard memory card reader) by disabling and uninstalling drivers until I figured out the problem. The internet wasn’t easily available at the time – I was on a bus – so it was great to have those drivers readily available to put back on.

Final Thoughts

In this series I’ve tried to list the things I’m doing to keep us secure. None of it is guaranteed, either. A determined and technically capable person can bypass pretty much everything I’ve written above.

What I’m relying on is that we won’t come across such a person. Instead, if we come across anyone malicious, they will be set up to broadly attack weak and easy targets en masse. A simple keylogger can get full account access to 99% of the users at any locutorio.

So there’s no point for them to figure out more advanced methods to go after LastPass users. Though as LastPass gains in popularity, an incentive appears. Perhaps in the future malware will appear that detects LastPass running and memory-lifts the clear passwords being passed into the browser. By then I hope to be using even better methods.

Previous posts in this series:

• Working Remotely
• Travelling Securely
• Keeping Physically Secure