We help IT Professionals succeed at work.

How to secure portableapps

Member_2_5306354
Member_2_5306354 used Ask the Experts™
on
portableapps.com

Good morning, I wanted to find out is portableapps can be somewhat secured so that if someone finds a USB key that has portableapps installed, they cannot access the data except fo the authorized user?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018

Commented:
I see what you want to do, but you're probably better off blocking USB, and making exceptions where appropriate. However, note that's going to open up a whole can of worms given that the block is *far* broader than what you're asking about.
ste5anSenior Developer

Commented:
Please rephrase you question. What are your security targets? what do you mean specially by "[..] they cannot access the data except fo the authorized user?"

It's portable apps, not data. Thus there should be no data on the stick. When the application needs some user data, then it should be encrypted by the application itself or you use an encrypted stick.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
As above, you need to password protect any data.

If the apps are unique to you, set properties to require Administrator to start them.

If apps have keys in them, do the same as above.
btanExec Consultant
Distinguished Expert 2018

Commented:
There are two level of protection which is one on the device level and another at the data or file level.

1) Device level - e.g.  PortableApps.com Carbide is a hardware encrypted flash drive where, instead of having to run an app to decrypt it, you simply enter your PIN on the side of the drive using an alphanumeric keypad. http://worldsbestflashdrive.com/

2) Data or file level - e.g. created a Veracrypt file that gets mounted as a drive and this is kept on a USB stick. To be able to mount it at any computer, copy Veracrypt portable to the USB drive with it. Some may prefer another layer to use 7zip to password encrypt the Veracrypt portable files.

The entire file system within a VeraCrypt volume is encrypted (including file names, folder names, and contents of every file). This applies to both types of VeraCrypt volumes – i.e., to file containers (virtual VeraCrypt disks) and to VeraCrypt-encrypted partitions/devices.

That said, Veracrypt will require admin rights on every PC you use. You can also use a hardware encrypted drive like the PortableApps.com Carbide as that will not require admin rights.

Author

Commented:
portableapps.com, please look this up
The goal is to install software on a USB key and then access and portable applications that were installed on that KEY.
Is there a way to protect the USB key so that any data on that Key cannot be accessed unless a password is entered?
Distinguished Expert 2018

Commented:
If you would like to prevent that people use portable apps that are present on USB sticks, you can either

-disallow using all but whitelisted USB sticks altogether
-setup software restriction policies that allow only whitelisted applications

Both steps will need to be adapted to and will require extensive testing.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
You would need to encrypt anything and everything on it so you need a password to access any apps or information but no one else can
Just encrypt the whole drive/filesystem with a password
Distinguished Expert 2018

Commented:
He is talking about usb sticks that someone brings with him.
@mcknife, was that for me ? Is there anything preventing from encrypting remote drives ? Afaik, the only problem is windows will support bitlocker and the likes while unices will support geli so having something that workw with both might be a little challenging. Then i assume a portable app is usually compiles for a specific os
kevinhsiehNetwork Engineer

Commented:
I believe that the OP is trying to protect the contents of the USB stick. OP is not asking how to protect computer from random USB stick.
Distinguished Expert 2018

Commented:
Ok... I think I was misunderstanding, sorry.
So it's your stick and you want to protect it against unauthorized access in case you lose it - that's a simple request and solution.

What OS' are these portable apps used on? Please name them as in "win7, Linux, mac, Win10...".
Encrypting a stick so that it works anywhere you like is possible and that was a project of mine some years ago.
@mcknife : did the same, and i m interested in your findings. I ended up with multiple workable solutions but never found something that was natively supported on a wide range of OSes. Did you ?
Distinguished Expert 2018

Commented:
Securstick works on windows, Mac and Linux. But let's hear what OS Mr. Anonymous has in mind.
nociSoftware Engineer
Distinguished Expert 2018

Commented:
Usbguard on linux is a workable solution.
Veracrypt also works in bsd, linux, OS X, and Windows.
and bsd... thanks for the intel. in my case i was looking for something that would work without additional software so veracrypt was not an option.

it seems that they did the job, though :
the below link allows to create a portable veracrypt-encrypted drive : the veracrypt software is installed in a partition that is not encrypted but the rest of the drive is.

never tried it so i do not vouch for anything, including veracrypt itself which i do not trust in any way.

https://www.veracrypt.fr/en/Portable%20Mode.html

never tried securstick either, but from what i understand ( my german is really poor ), the encrypted data cannot be decrypted without installing securedisk
Distinguished Expert 2018

Commented:
Securstick is a single executable, no installation needed, no admin permissions needed.
"my german is really poor" - I linked the english translation, didn't I?
Veracrypt, for example, requires administrative rights unless the application is already installed, which makes it not-really-portable.
nociSoftware Engineer
Distinguished Expert 2018

Commented:
Actualy there was a link to google translate for the page. The images are still german.
https://www.veracrypt.fr/en/Portable%20Mode.html

Veracrypt runs in portable mode and you can put that on the stick with the encrypted container.  Whether or not you trust veracrypt is another matter.  It's the same with any other encryption tool that you did not develop yourself.
Distinguished Expert 2018

Commented:
Again: Veracrypt, for example, requires administrative rights unless the application is already installed, which makes it not-really-portable.
If you can assume to have administrative rights on all target systems, then this is an alternative, else not.
Good point. when portable drives are required, admin access wont allways be granted. Will securestick work on unices ?
Distinguished Expert 2018

Commented:
Yes, see the documentation.