However, we must bear in mind that there are very few devices that incorporate security measures (such as file encryption) that allow protecting confidential information stored in them.
The devices that incorporate it use standard encryption protocols to encrypt files or folders, through the use of a password or even through the use of biometric identification (fingerprint).
These devices are not well known and have a higher price than the rest so their use is very reduced.
How then can we protect confidential information about a pendrive or disk that does not incorporate this feature?
The solution is to encrypt each of the files classified as confidential before storing them on the device using programs based on either symmetric cryptography or private/public key.
For this we can follow two approaches:
1. Individual File Encryption
For the first option (encrypt each file separately), we can use any encryption program such as AXCRYPT (http://www.axantum.com/axcrypt/Default.aspx) that once installed on our computer or executed from the pendrive itself (with the version "Axcrypt2Go") will allow us to individually encrypt each file, once entered the password that will allow its subsequent decryption.
To decrypt the file we proceed in a similar way but placing ourselves on the encrypted file (with the extension .axx) and selecting the "Decrypt" option.
2. Create a protected volume.
The second option is more comfortable and agile, since instead of having to encrypt / decrypt each file one by one, it is about creating a space on the pendrive where we will store all the files that we want to keep protected.
In this way in the same pendrive we can establish two zones, one "free" on which we will record files that do not require security and that can be accessible by any user and the other "encrypted" accessible by password in which we will store the confidential files.
To create this protected space on a pendrive that does not incorporate this function we can use a program such as TRUECRYPT (http://www.truecrypt.org/) also available in installable or "portable" version.For greater flexibility we will show the way to work with the portable version that we will have copied on the same pendrive.
1. Start the truecrypt program.exe from the pendrive and create the volume that will contain the confidential files.
Click on the "Create Volume" option accepting the options presented by default until we reach the "Volume Location" screen where we will indicate how we are going to call the file.
Click on "Select File" and move to the disk drive of the pendrive writing the name of a file (in the example "tcdata") that will act as a volume to later include the files to be protected.
After clicking on save, the next two screens confirm the path of the file, and the encryption algorithm to be used (default AES), then requesting the size of the pendrive that we need to reserve for this volume.
In our case we select 10MB and then we are asked for the password to be able to mount the encrypted volume and subsequently access the data contained in it.
This is where we must be especially careful in selecting a long, complex and unpredictable password, since it will be the only barrier to prevent access to the data stored on the volume. (Truecrypt recommends us to use a password of no less than 20 characters!)
Finally we proceed to the formatting of the encrypted volume (the 10 Mb file named tcdata in our example, Not of the entire Pendrive!)
We will check its creation on the pendrive before proceeding to its "assembly".
2. Mount the volume to save and access the confidential files.
From this moment, in order to store confidential information (or subsequently access it) we must proceed to "mount" the volume.
To do this from the Truecrypt menu we first select the disk drive letter with which we want to access the volume (virtual disk) for example the P: and locate the file (tcdata) from the "Select File" option
After entering successfully, the volume is accessible from the selected virtual disk drive (in the P: example) on which we can work in the same way as we would with another disk (creating files, folders, deleting, renaming ...)
From this moment everything we leave on the Virtual Disk Drive P: will be encrypted When disassembling the volume! (with the "Dismount" option) and will only be accessible when the volume (the "tcdata" file) is mounted again once the password has been correctly entered.
You can see how access to the pendrive itself is done from its own disk drive (in example F:) and how the virtual disk P: appears or disappears depending on whether the truecrypt (tcdata) volume is mounted or unmounted.
Author: Juan Carlos Rodriguez - Responsible S21sec university
Source: S21sec
