This project has moved. For the latest updates, please go here.

Whoaaa...I don't know where to begin!

Topics: Technical Issues, Users Discussion
Apr 12, 2016 at 3:10 AM
OK, first let's just correctly assume that I am for the most part computer illiterate. Now, let me present you with the task that I am trying to accomplish with VeraCrypt. I have practice management software for my dental practice. I need to be able to encrypt the data that is stored on my computer in case it is ever stolen. Currently, the software is running in Windows 8.1 (it is NOT compatible with Windows 10), and it is installed over a basic Windows 8.1 network over three computers. The software is installed on all three computers, but the main computer has the data file that contains all patient information. The other computers simply share that same file over the office network. I’ve read through the VeraCrypt tutorial, and I kinda/sorta understand about the VC Container files. My first thought was to create a container file inside the main program file, and copy the data file into that. However, will the other computers be able to access that file if the data is encrypted, or is it only encrypted after Windows is shut down or restarted? Would it be better to encrypt the entire C drive where the program has been installed? One point to make is that the software cannot be copied and pasted to a different location or computer. It must be installed and activated with a key code in order to work. Another point to make is that I back-up the data daily by simply copying that data file onto a flash drive. That drive would also need to be encrypted. Any suggestions as to how I should proceed would be GREATLY appreciated!
Apr 12, 2016 at 7:29 PM
Edited Apr 12, 2016 at 7:32 PM
My recommendation for your small business environment would be to use Microsoft's BitLocker for your security needs since it guides you to create a backup key on Microsoft's servers to prevent being unable to access the encrypted drive. You need to be using Windows 8.1 Pro edition to get the BitLocker functionality which you can purchase as an upgrade from Microsoft. You need to use a Windows password on each PC to prevent unauthorized access.

You can Google search how to configure and use BitLocker. If the articles are too technical or sound like Martian, you can hire a computer consultant to setup BitLocker on all your devices including the USB flash drive to keep it encrypted.

You can review the postings on the VeraCrypt forums to see the technical issues that have caused people to lose access to their data due to they did not take the time to read the manual or they did not comprehend the subject matter.

I would recommend that the entire disk drive is encrypted to avoid data leakage either by the OS, application software or the staff storing notes outside of the software you mention in your post.

To me, TrueCrypt/VeraCrypt software are for home user disk encryption software and is not built for a business environment.

If you still want to use VeraCrypt, I am assuming that the other computers have their drive's mapped to the main PC which contains your software's database file. You can read the VeraCrypt pros/cons at the link below.

https://veracrypt.codeplex.com/wikipage?title=Sharing%20over%20Network

https://veracrypt.codeplex.com/wikipage?title=Security%20Requirements%20and%20Precautions
Apr 13, 2016 at 2:23 PM
Edited Apr 13, 2016 at 2:26 PM
I extensively use veracrypt (previously truecrypt for many years) in several companies, even to encrypt patients data in a dentist office. It runs stable and fine with variety of software vendors like dr suni for x-ray scans, sharing a database over network is not a problem, you won't notice any difference.

Being on your place, I'd play with veracrypt for a while at home, just to get used to it, and then install in your bussiness without worries. If you are not tech guru, you can encrypt the whole system, or at least encrypt partition and move your data there. Some vendors need to store their application data only in c:, so it is usually needed to make a symlink.

Be sure to backup. I can recommend external drive or ms one drive, google drive was unreliable with large amount of xray files. One drive has now only 5GB, so I'm going to test mega, how reliably will it work with many files. You should encrypt your data first before sending patient data to a cloud (normally they would upload unencrypted, even if you will have your system encrypted with veracrypt), so external drive is probably easier to use.
Apr 13, 2016 at 2:34 PM
Edited Apr 13, 2016 at 2:35 PM
It seems that many of the options that a normal person might use to store data in the cloud require each file to be a small file (depending on file type and service), even if the total storage is much larger.

I wouldn't trust Mega for data storage; but I do agree with encrypt everything before you send it anywhere. You used to be able to create zip files with multiple volumes for floppies. Today, I would suggest using 7-zip to create a bunch of small files that can be re-assembled later; each file can be encrypted and then when you have your files ready, you can upload them to a cloud service.
Apr 13, 2016 at 7:47 PM
Edited Apr 13, 2016 at 7:54 PM
I'm using encfswin on a place, where real time data sync using cloud service is needed, but big down side in a business enviroment is, that every user has to be administrator, otherwise encfs does not work. It has some annoyances so for serious business I'd recommend to spend some dough on commercial solution (in which you will have to trust).

For regular backups we are using mostly 7zip, because it is easy to use from command line, can encypt filenames and has quite good encryption, but for sensitive data I'd recommend gnupg. I'm encrypting all my photos and videos using gpg prior to backing them up online, now I have automatic batch script working, but it was not easy task to do on windows.

Btw. I wouldn't trust any cloud storage, period. But unlike others Mega claim to encrypt your data prior uploading, without password they cannot see your data, they have open api and I think their client has open source. Every thing you can't do by yourself is a matter of trust. Mega offers 50GB for free and that's the only thing sure ;-)

For example one drive actively sniffs your data and even delete them if they don't like it (porn etc), so privcy-wise it sucks. But as encrypted storage it was good, when it had 15GB for free
Apr 14, 2016 at 3:44 AM
Edited Apr 14, 2016 at 3:51 PM
Even Kim Dotcom doesn't trust Mega these days..... he is no longer running the show.

Don't run Winblows with admin rights, it is asking for trouble. There are FAR TOO many times that one or more critical security updates are required to patch "known" vulnerabilities... .that is EVERY month, every single month (usually without exception). That is how broken Windows is. Any programs that require admin rights should be nuked and replacements should be found ASAP.
Apr 14, 2016 at 2:46 PM
Thanks guys for all of your helpful information!
Apr 15, 2016 at 9:04 AM
Affinity, you are right, but when you run a bussiness, you don't have much of a choice. You need your things to work, so you can concentrate on what you do. That's why a lot of people solved their trouble simply by disabling UAC, when vista and 7 come, because nothing worked after upgrade to the new os.

I wish there would be more security aware people like gthutchens. Not a single doctor I attended encrypted his data, at least not until we started to talk and I mentioned truecrypt. Now I do recommend veracrypt of course :)
Apr 15, 2016 at 10:54 AM
testoslav -- you do have a choice, unless you have difficult users whom don't care enough about security and then are allowed to bring down the whole business, placing it under more risk that they should.

Leave UAC on, get programs that work under non-privileged users; you cannot trust many users not to open the next crypto locker file....