How To Secure A Hard Drive
The ONLY viable solution to protect your HD is to encrypt entire content of the HDD with secure encryption and use preboot authentication so that nobody can tamper it. ALL other options WILL fail, since there is always possibility to either tamper the settings, take out the HDD to read the contents of it or plant t ...
The ONLY viable solution to protect your HD is to encrypt entire content of the HDD with secure encryption and use preboot authentication so that nobody can tamper it. ALL other options WILL fail, since there is always possibility to either tamper the settings, take out the HDD to read the contents of it or plant trojan horse into it.
Couple examples of such (not-so-free) products are
- "Drivercrypt plus" http://www.drivecrypt.com/dcplus.html
- "Safeboot solo" http://www.controlbreak.net/products/sbsolo41.html
After that, all you have to worry about is hardware keyloggers...
Couple examples of such (not-so-free) products are
- "Drivercrypt plus" http://www.drivecrypt.com/dcplus.html
- "Safeboot solo" http://www.controlbreak.net/products/sbsolo41.html
After that, all you have to worry about is hardware keyloggers...
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
Cracking the user account passwords isn't as easy as it seems. The most common way of breaking into a Windows 2000/XP machine is to delete the file containing the passwords. However, if you do this you'll never gain access to those encrypted files ever again. Since that's not an option, you'll have to try things the hard way (dictionary cracker etc) which puts it on the same level as any other kind of encryption.
Well in windows 2000 EFS can apparently by bypassed 3rd party software :
http://www.elcomsoft.com/aefsdr.html
"Advanced EFS Data Recovery (or simply AEFSDR) is a program to recover (decrypt) files encrypted on NTFS (EFS) partitions created in Windows 2000. Files are being decrypted even in a case when the system is not bootable and so you cannot log on, and/or some encryption keys (private or master) have been tampered. Besides, decryption is possible even when Windows is protected using SYSKEY. AEFSDR effectively (and instantly) decrypts the files protected under all versions of Windows 2000 (including Service Packs 1, 2 and 3)."
So I would prefer to using something alittle more secure
Second Both of these products encrypt the whole HD, so they can't use a boot disk to delete the SAM account, which is a big bonus
http://www.elcomsoft.com/aefsdr.html
"Advanced EFS Data Recovery (or simply AEFSDR) is a program to recover (decrypt) files encrypted on NTFS (EFS) partitions created in Windows 2000. Files are being decrypted even in a case when the system is not bootable and so you cannot log on, and/or some encryption keys (private or master) have been tampered. Besides, decryption is possible even when Windows is protected using SYSKEY. AEFSDR effectively (and instantly) decrypts the files protected under all versions of Windows 2000 (including Service Packs 1, 2 and 3)."
So I would prefer to using something alittle more secure
Second Both of these products encrypt the whole HD, so they can't use a boot disk to delete the SAM account, which is a big bonus
CRacking the password is easy if you have the hard drive. Reset the admin password (no probleem i can do it in 2 seconds), then login and reset every other password using users and passwords applet.
not that mS security options like this are bad in themselves, the problem is every cracker out there works to crack it. It would seem to me that using obscure third party tools would make anything that much more secure.
not that mS security options like this are bad in themselves, the problem is every cracker out there works to crack it. It would seem to me that using obscure third party tools would make anything that much more secure.
Quote:CRacking the password is easy if you have the hard drive. Reset the admin password (no probleem i can do it in 2 seconds), then login and reset every other password using users and passwords applet.
In Windows XP, if you try to change another user's password (ie. using User Management) it will warn you that if you do so, they will no longer be able to access their secure files. Like this:
Now I'm not sure if this applies to Win2k and the warning is just not there or not. But resetting the account password should not work.
Quote:Well in windows 2000 EFS can apparently by bypassed 3rd party software
Hmm, I was led to believe it was more secure than that. Ah well.
In Windows XP, if you try to change another user's password (ie. using User Management) it will warn you that if you do so, they will no longer be able to access their secure files. Like this:
Now I'm not sure if this applies to Win2k and the warning is just not there or not. But resetting the account password should not work.
Quote:Well in windows 2000 EFS can apparently by bypassed 3rd party software
Hmm, I was led to believe it was more secure than that. Ah well.
is it tied specifically just to your password? because I thought there was some sort of 'certificiate' deal.... if it is tied to your password... can't changing the password back to the original let you access the encrypted files again?
This is kinda important, cause I'm wondering what will happen to the encrypted files on my D partition if I decide to kill my C partition.. (inevitable that I will install windows again and some point)
This is kinda important, cause I'm wondering what will happen to the encrypted files on my D partition if I decide to kill my C partition.. (inevitable that I will install windows again and some point)
Read the whitepaper here for a better understanding of EFS:
http://www.microsoft.com/windows2000/techinfo/howitworks/security/encrypt.asp
Check out the word doc link.
http://www.microsoft.com/windows2000/techinfo/howitworks/security/encrypt.asp
Check out the word doc link.
how is a 3rd party app any less vulnerable to a dictionary attack?
That error message 5 posts above only seems to occur when changing the password in "Manage>>Local Users & Groups". If you use the "users" applet on the control panel (as suggested) you don't seem to have this problem.
Perhaps MS used the local system account to add a quiet decrypt key to the data so when you change the password, the data is decrypted using the local system account rather than the user account.
This then points to the usual idea advocated by APK, Clutch and the like that once someone has physical access to your system, you can put your head between your knees.
Perhaps MS used the local system account to add a quiet decrypt key to the data so when you change the password, the data is decrypted using the local system account rather than the user account.
This then points to the usual idea advocated by APK, Clutch and the like that once someone has physical access to your system, you can put your head between your knees.
