INSTALLING NOVA DATA ENCRYPTION SOFTWARE

Introduction

1. Here is what you will need to do to install the college’s data encryption software on your computer, laptop, or USB storage device. The encryption software lets you create a secure folder where you can store documents safely.

2. Download the folder with the encryption software to your computer or USB device. 3. Run the software to create the secure folder on your computer or USB device. 4. When you want to use the secure folder:

5. Even though it looks complicated, the process is actually easy if you follow the steps.

Background

Northern Virginia Community College (NOVA) processes and stores many types of sensitive and private information that if lost or stolen could result in significant financial damage to students and the college.

All faculty and staff should only handle or store sensitive information if absolutely necessary for their jobs. All sensitive information must be stored and disposed of in a secure manner. PERSONAL INFORMATION (especially social security numbers or other private information) SHOULD NEVER BE STORED ON A PORTABLE DEVICE.

Scope

These guidelines apply to all mobile data storage media; laptops, flash or thumb drives, and CD or DVDs. PDAs and cell phones should never be used to store sensitive information because they are harder to protect and easily lost or stolen.

Requirement

Virginia Community College System (VCCS) requires that all critical and sensitive information stored on mobile data storage media, including laptops, must be encrypted in accordance with ISO/IEC 27002:2005(E).

Responsibilities

• Click on the shortcut • Select the name of the secure file • Tell the computer to “MOUNT” the secure file • Enter your password • Use the secure file just like any other drive or USB device to save your documents

Data owners and data handlers are responsible for storing and transmitting the sensitive data to maintain the confidentiality, integrity and availability of the data.

The software outlined in this document will be Truecrypt. An open source software used by many colleges throughout the country. The recommended method will be to create a virtual disk that will automatically encrypt files as they are added to the disk. The virtual disk is automatically unmounted when the laptop is logged off or put into power saver mode. An encrypted disk, which is really an encrypted file, can be copied to DVD or CD and later remounted for access. The same process is used to load the software and create a secure folder (called a virtual disk) on both computers and USB devices.

Install Directions for Windows

Go to http://www.truecrypt.org/downloads to download Truecrypt. Double click on the downloaded file to start the installation procedure. You can copy the folder to a new USB device or computer to create a secure folder (virtual disk).

Open the folder and click on TrueCrypt.exe (be sure to pick the correct file).

Click the check box to accept the license terms and click Next.

Leave the default option of Install and click Next.

Leave the default install path and click Install.

Click OK to finish the installation.

Click Exit to close the setup screen.

On the desktop you will see an icon like the one above. Double click this icon to open the TrueCrypt console.

This is the main console window for TrueCrypt. From here you can create virtual drives, encrypt whole drives or partitions (not recommended) and mount and dismount virtual drives. To create a new secure file (virtual drive), click on Create Volume. The following screen will appear.

On this screen you select the type of volume you wish to create. We will be creating a standard volume, so you can leave the defaults and click on Next.

Here you select what you are going to encrypt. For creating a standard volume, click on Select File.

Navigate to the place you want to store the secure file(volume) and type in a name for the file. Use a name that makes sense to you. It is recommended you don't use spaces to make sure there are no compatibility problems if the file is moved to a CD or DVD. Once you have typed in a file name, click on Save to continue.

Leave the checkbox next to Never save history checked and click Next to continue.

On this screen you choose the type of encryption algorithms you want to use. It is suggested you use the default options that are shown above. Once you have selected the encryption options, click on Next to continue.

Next you must choose how big you want your volume to be. If you plan on moving the files to CD later, make the file size 700 MB. You can create more than one volume if you need more space. After you have entered the volume size, click Next.

Here you need to choose the password you will use to mount the volume. We recommend you use one of the password strategies listed at the end of this document so we can help you remember it if it is forgotten even though it is not as rigorous as TrueCrypt recommends. Remember the encryption is only as good as the password used to mount the volume. Do not use words or simple names. Choose passwords with Upper and Lower case, numbers and special characters. TrueCrypt recommends passwords greater than 20 characters, but there is no minimum. If you choose something shorter than 20 characters, there will be a warning that pops up. If you are satisfied with your password, Click Next to continue.

Click Yes to continue.

Once the volume is created, it must be formatted. For Filesystem, you can choose FAT or NTFS. The only limitation is that if you choose NTFS and move the file to DVD, it cannot be mounted as a Read Only drive. So it is suggested you choose FAT as the Filesystem type. Click Format to format the new volume.

Once the volume is formatted, click OK.

The new volume is created and ready for use. To create another volume, click Next and follow the same procedures as above. If you don't want to create another volume, click Exit (you can create additional volumes at any time).

To actually use the secure folder (volume) you need to mount the volume to make it available to store files. Under Volume, select the drive letter you wish to use for you new volume. Then click on Select File and navigate to and select your secure folder (volume). Finally, click Mount.

You will now be prompted for the password you selected earlier. Enter the password and click OK.

You will now see your secure folder’s name next to the drive letter when it is mounted. Once you have mounted all you volumes you want to use, click Exit to close the console window. You can reopen this window from the Start Menu or by clicking on the little icon on the lower right hand of your screen.

If you click My Computer, you will see the mounted drive appear just as any local drive. In the example above it is drive S. You can double click on the drive to open it. Files that are saved or moved to that drive are automatically encrypted and secrure. Files moved from this drive are automatically unencrypted. It works just like any USB storage device or folder.

Tips

The TrueCrypt program must be available to mount the encrypted volumes. You do not have to copy the TrueCrypt folder to a USB device, disk, CD or DVD to protect the files in your secure folder. However, to open that folder on a machine, you must have TrueCrypt installed so you can click on the icon to open the TrueCrypt console. If the folder is on a USB device, you can open the console from there.

When encrypting a flash/thumb drive use caution. You can either create a secure folder (volume) as described above or you may select the entire device. To select the entire device, instead of selecting a file, you would select the flash drive device. HOWEVER, If you choose to encrypt the device, everything that is currently on the flash drive will be lost, because the drive must be formatted. It is recommended you do not use device encryption AND JUST CREATE A SECURE FOLDER INSTEAD.

DO NOT LOOSE PASSWORDS, they cannot be recovered.

Password Strategies

If you use one of the following rubrics to create your password, it will be hard for someone to guess or to hack if the portable device gets lost. At the same time, we could remind you of this rubrics so you could figure out your password if you forget it. These are all items you should know by heart but would be hard for someone else to know or to even find easily on the Internet. They also would be hard for the hacking programs to figure out easily.

FOR ALL PASSWORDS: Start them with the capital letter A. Every few months when it is time to change passwords, you can update it by going to the next letter in the alphabet

1. Mother’s middle name spelled backwards, 2-digit month and 2 digit year of her birthday. (Example only -- remember to start it with the letter A to make changing it later easier: Martha born Nov. 16 – would become as a password AahtraM1116). If the middle name is less than 5 letters, duplicate the first letter of her name to make it at least 5 letters long, including the capital A used to start the password. (Example only: Mae born Dec. 4 – would become as a password AeaMM12040.

If you want this to be even more secure, add one of the following punctuation marks to the end of your password: ! or $ or &

2. Father’s middle name spelled backwards, 2-digit month and 2 digit year of his birthday. (Example only -- remember to start it with the letter A to make changing it later easier: Charles born Feb. 8 – would become as a password AselrahC0208). If the middle name is less than 5 letters, duplicate the first letter of her name to make it at least 5 letters long,

including the capital A used to start the password. (Example only: Sam born Oct. 14 – would become as a password AmaSS1014.

3. Make of your first car (spelled backwards), 2-digit year of the car plus one of the punctuation marks ! or $ or &.

4. The initials (first, middle, last) of the children in your family from youngest to oldest

from when you were growing up), 2-digit month and 2-digit day of your mother’s birthday (Example only: Emily Ann Smith, George Randall Smith, and Paul Alexander Smith, Jr. (you) with a mother whose birthdate was April 25 – would become the password that starts with an A as above AEASGRSPAS0425).

If you want this to be even more secure, add the punctuation mark (! or $ or &) at the end of your password.

5. The initials (first, middle, last) of the children in your family from youngest to oldest

from when you were growing up), 2-digit month and 2-digit day of your mother’s birthday (Example only: Emily Ann Smith, George Randall Smith, and Paul Alexander Smith, Jr. (you) with a father whose birthdate was Sept. 14 – would become the password that starts with an A as above AEASGRSPAS0914).

If you want this to be even more secure, add the punctuation mark (! or $ or &) at the end of your password.

How to create a shortcut

Once you have created your encrypted volume, you can create a shortcut on your desktop to automatically mount and open your encrypted volume. To create a shortcut on your desktop, right click an open area of the desktop and choose New then Shortcut.

The Create Shortcut dialog box will appear. In the box labeled “Type the location of the item:” you will be entering the location of the TrueCrypt executable along with the options for automatically mounting and opening your encrypted volume.

In this example, you first point to the location of the TrueCrypt executable (use quotes as in the example below). Next the /v switch tells it where the volume is to be mounted, in this case c:\myvolume, where my volume is the actual name of the volume, replace myvolume with whatever name you gave your volume. The next switch, /l t: tells it which drive letter to use to mount the drive, use any free drive letter you want. The next switch /q tells TrueCrypt to work in quiet mode (the TrueCrypt window will not open). Next the /e switch opens the mounted drive in an explorer window.

Enter this entire line, replacing your volume name and drive letter.

"C:\Program Files\TrueCrypt\TrueCrypt.exe" /v c:\myvolume /l t: /q /e

Next you will give your shortcut a name. Use any name that makes sense to you, then click Finish.

Now you will have a shortcut on your desktop similar to the picture below.

Double click on the shortcut and you will be prompted to enter your password. After entering your password and clicking OK, the box will close and an explorer window will open.