INSTALLING NOVA DATA ENCRYPTION SOFTWARE
Introduction
1. Here is what you will need to do to install the college’s data encryption software on your
computer, laptop, or USB storage device. The encryption software lets you create a
secure folder where you can store documents safely.
2. Download the folder with the encryption software to your computer or USB device.
3. Run the software to create the secure folder on your computer or USB device.
4. When you want to use the secure folder:
•
•
•
•
•
Click on the shortcut
Select the name of the secure file
Tell the computer to “MOUNT” the secure file
Enter your password
Use the secure file just like any other drive or USB device to save your documents
5. Even though it looks complicated, the process is actually easy if you follow the steps.
Background
Northern Virginia Community College (NOVA) processes and stores many types of sensitive
and private information that if lost or stolen could result in significant financial damage to
students and the college.
All faculty and staff should only handle or store sensitive information if absolutely necessary for
their jobs. All sensitive information must be stored and disposed of in a secure
manner. PERSONAL INFORMATION (especially social security numbers or other private
information) SHOULD NEVER BE STORED ON A PORTABLE DEVICE.
Scope
These guidelines apply to all mobile data storage media; laptops, flash or thumb drives, and CD
or DVDs. PDAs and cell phones should never be used to store sensitive information
because they are harder to protect and easily lost or stolen.
Requirement
Virginia Community College System (VCCS) requires that all critical and sensitive
information stored on mobile data storage media, including laptops, must be encrypted in
accordance with ISO/IEC 27002:2005(E).
Responsibilities
Data owners and data handlers are responsible for storing and transmitting the sensitive data to
maintain the confidentiality, integrity and availability of the data.
The software outlined in this document will be Truecrypt. An open source software used by
many colleges throughout the country. The recommended method will be to create a virtual disk
that will automatically encrypt files as they are added to the disk. The virtual disk is
automatically unmounted when the laptop is logged off or put into power saver mode. An
encrypted disk, which is really an encrypted file, can be copied to DVD or CD and later
remounted for access. The same process is used to load the software and create a secure folder
(called a virtual disk) on both computers and USB devices.
Install Directions for Windows
Go to http://www.truecrypt.org/downloads to download Truecrypt. Double click on the
downloaded file to start the installation procedure. You can copy the folder to a new USB device
or computer to create a secure folder (virtual disk).
Open the folder and click on TrueCrypt.exe (be sure to pick the correct file).
Click the check box to accept the license terms and click Next.
Leave the default option of Install and click Next.
Leave the default install path and click Install.
Click OK to finish the installation.
Click Exit to close the setup screen.
On the desktop you will see an icon like the one above. Double click this icon to open the
TrueCrypt console.
This is the main console window for TrueCrypt. From here you can create virtual drives, encrypt
whole drives or partitions (not recommended) and mount and dismount virtual drives. To create
a new secure file (virtual drive), click on Create Volume. The following screen will appear.
On this screen you select the type of volume you wish to create. We will be creating a standard
volume, so you can leave the defaults and click on Next.
Here you select what you are going to encrypt. For creating a standard volume, click on Select
File.
Navigate to the place you want to store the secure file(volume) and type in a name for the
file. Use a name that makes sense to you. It is recommended you don't use spaces to make sure
there are no compatibility problems if the file is moved to a CD or DVD. Once you have typed
in a file name, click on Save to continue.
Leave the checkbox next to Never save history checked and click Next to continue.
On this screen you choose the type of encryption algorithms you want to use. It is suggested you
use the default options that are shown above. Once you have selected the encryption options,
click on Next to continue.
Next you must choose how big you want your volume to be. If you plan on moving the files to
CD later, make the file size 700 MB. You can create more than one volume if you need more
space. After you have entered the volume size, click Next.
Here you need to choose the password you will use to mount the volume. We recommend you
use one of the password strategies listed at the end of this document so we can help you
remember it if it is forgotten even though it is not as rigorous as TrueCrypt recommends.
Remember the encryption is only as good as the password used to mount the volume. Do not use
words or simple names. Choose passwords with Upper and Lower case, numbers and special
characters. TrueCrypt recommends passwords greater than 20 characters, but there is no
minimum. If you choose something shorter than 20 characters, there will be a warning that pops
up. If you are satisfied with your password, Click Next to continue.
Click Yes to continue.
Once the volume is created, it must be formatted. For Filesystem, you can choose FAT or
NTFS. The only limitation is that if you choose NTFS and move the file to DVD, it cannot be
mounted as a Read Only drive. So it is suggested you choose FAT as the Filesystem type. Click
Format to format the new volume.
Once the volume is formatted, click OK.
The new volume is created and ready for use. To create another volume, click Next and follow
the same procedures as above. If you don't want to create another volume, click Exit (you can
create additional volumes at any time).
To actually use the secure folder (volume) you need to mount the volume to make it available to
store files. Under Volume, select the drive letter you wish to use for you new volume. Then
click on Select File and navigate to and select your secure folder (volume). Finally, click
Mount.
You will now be prompted for the password you selected earlier. Enter the password and click
OK.
You will now see your secure folder’s name next to the drive letter when it is mounted. Once
you have mounted all you volumes you want to use, click Exit to close the console
window. You can reopen this window from the Start Menu or by clicking on the little icon on
the lower right hand of your screen.
If you click My Computer, you will see the mounted drive appear just as any local drive. In the
example above it is drive S. You can double click on the drive to open it. Files that are saved or
moved to that drive are automatically encrypted and secrure. Files moved from this drive are
automatically unencrypted. It works just like any USB storage device or folder.
Tips
The TrueCrypt program must be available to mount the encrypted volumes. You do not have to
copy the TrueCrypt folder to a USB device, disk, CD or DVD to protect the files in your secure
folder. However, to open that folder on a machine, you must have TrueCrypt installed so you
can click on the icon to open the TrueCrypt console. If the folder is on a USB device, you can
open the console from there.
When encrypting a flash/thumb drive use caution. You can either create a secure folder
(volume) as described above or you may select the entire device. To select the entire device,
instead of selecting a file, you would select the flash drive device. HOWEVER, If you choose
to encrypt the device, everything that is currently on the flash drive will be lost, because the
drive must be formatted. It is recommended you do not use device encryption AND JUST
CREATE A SECURE FOLDER INSTEAD.
DO NOT LOOSE PASSWORDS, they cannot be recovered.
Password Strategies
If you use one of the following rubrics to create your password, it will be hard for someone to
guess or to hack if the portable device gets lost. At the same time, we could remind you of this
rubrics so you could figure out your password if you forget it. These are all items you should
know by heart but would be hard for someone else to know or to even find easily on the Internet.
They also would be hard for the hacking programs to figure out easily.
FOR ALL PASSWORDS: Start them with the capital letter A. Every few months when it is
time to change passwords, you can update it by going to the next letter in the alphabet
1. Mother’s middle name spelled backwards, 2-digit month and 2 digit year of her birthday.
(Example only -- remember to start it with the letter A to make changing it later easier:
Martha born Nov. 16 – would become as a password AahtraM1116). If the middle name
is less than 5 letters, duplicate the first letter of her name to make it at least 5 letters long,
including the capital A used to start the password. (Example only: Mae born Dec. 4 –
would become as a password AeaMM12040.
If you want this to be even more secure, add one of the following punctuation marks to
the end of your password: ! or $ or &
2. Father’s middle name spelled backwards, 2-digit month and 2 digit year of his birthday.
(Example only -- remember to start it with the letter A to make changing it later easier:
Charles born Feb. 8 – would become as a password AselrahC0208). If the middle name
is less than 5 letters, duplicate the first letter of her name to make it at least 5 letters long,
including the capital A used to start the password. (Example only: Sam born Oct. 14 –
would become as a password AmaSS1014.
3. Make of your first car (spelled backwards), 2-digit year of the car plus one of the
punctuation marks ! or $ or &.
4. The initials (first, middle, last) of the children in your family from youngest to oldest
from when you were growing up), 2-digit month and 2-digit day of your mother’s
birthday (Example only: Emily Ann Smith, George Randall Smith, and Paul Alexander
Smith, Jr. (you) with a mother whose birthdate was April 25 – would become the
password that starts with an A as above AEASGRSPAS0425).
If you want this to be even more secure, add the punctuation mark (! or $ or &) at the end
of your password.
5. The initials (first, middle, last) of the children in your family from youngest to oldest
from when you were growing up), 2-digit month and 2-digit day of your mother’s
birthday (Example only: Emily Ann Smith, George Randall Smith, and Paul Alexander
Smith, Jr. (you) with a father whose birthdate was Sept. 14 – would become the password
that starts with an A as above AEASGRSPAS0914).
If you want this to be even more secure, add the punctuation mark (! or $ or &) at the end
of your password.
How to create a shortcut
Once you have created your encrypted volume, you can create a shortcut on your desktop
to automatically mount and open your encrypted volume.
To create a shortcut on your desktop, right click an open area of the desktop and choose
New then Shortcut.
The Create Shortcut dialog box will appear. In the box labeled “Type the location of the
item:” you will be entering the location of the TrueCrypt executable along with the
options for automatically mounting and opening your encrypted volume.
In this example, you first point to the location of the TrueCrypt executable (use quotes as
in the example below). Next the /v switch tells it where the volume is to be mounted, in
this case c:\myvolume, where my volume is the actual name of the volume, replace
myvolume with whatever name you gave your volume. The next switch, /l t: tells it
which drive letter to use to mount the drive, use any free drive letter you want. The next
switch /q tells TrueCrypt to work in quiet mode (the TrueCrypt window will not open).
Next the /e switch opens the mounted drive in an explorer window.
Enter this entire line, replacing your volume name and drive letter.
"C:\Program Files\TrueCrypt\TrueCrypt.exe" /v c:\myvolume /l t: /q /e
Next you will give your shortcut a name. Use any name that makes sense to you, then
click Finish.
Now you will have a shortcut on your desktop similar to the picture below.
Double click on the shortcut and you will be prompted to enter your password. After
entering your password and clicking OK, the box will close and an explorer window will
open.