A few weeks ago, I wrote about PortableApps and their application portability framework.  With a sufficiently large USB thumb drive, it is possible to store most (if not all) of your day-to-day applications.  And if those apps are “portable” (i.e., they do not store anything on the local machine), then you have the start of an even more secure system.  And as I’ve begun to use this portable device as the hub of my applications and my data, the need for strong security practices is also increasing.
So what have I done to make my portable environment more secure?

  1. I’ve implemented a “traveler configuration’ of Truecrypt on my primary USB device.  This allows me to store important and private files in a secure/encrypted container.  This container has a lot of important files – including a private key that I need for identifying myself when I use remote access services.
  2. I have installed Putty Portable so that I can access my main systems from any remote computer that I might access.  Note: In order to authenticate to my home systems, I must mount the Truecrypt container that holds the private key that is required to access those systems.
  3. I use a secure, VNC-based system that requires multi-factor authentication.
  4. I’ve deployed portable browsers onto my USB drive.  I use these portable instances to ensure that private browsing data is never available on the local systems that I visit.
  5. I use tools like Toucan to sync my portable device to my central system.  This ensures that I have a copy of key files (like certs and private keys) – just in case.

Are these steps wholly sufficient?  Hardly.  Do theses steps provide me a small measure of assurance when I go portable?  Maybe.  But I am glad that more and more tools are becoming available all the time.  I just can’t wait until I can implement self-destruct technologies to remotely disable a USB device.  That technology does exist for the most expensive USB drives.  But I can’t wait until it becomes available for the average user.
-Roo