How To Secure A Hard Drive

The ONLY viable solution to protect your HD is to encrypt entire content of the HDD with secure encryption and use preboot authentication so that nobody can tamper it. ALL other options WILL fail, since there is always possibility to either tamper the settings, take out the HDD to read the contents of it or plant t ...

Windows Security 292 This topic was started by ,


data/avatar/default/avatar06.webp

18 Posts
Location -
Joined 2003-02-03
The ONLY viable solution to protect your HD is to encrypt entire content of the HDD with secure encryption and use preboot authentication so that nobody can tamper it. ALL other options WILL fail, since there is always possibility to either tamper the settings, take out the HDD to read the contents of it or plant trojan horse into it.
 
Couple examples of such (not-so-free) products are
- "Drivercrypt plus" http://www.drivecrypt.com/dcplus.html
- "Safeboot solo" http://www.controlbreak.net/products/sbsolo41.html
 
After that, all you have to worry about is hardware keyloggers...

Participate on our website and join the conversation

You have already an account on our website? Use the link below to login.
Login
Create a new user account. Registration is free and takes only a few seconds.
Register
This topic is archived. New comments cannot be posted and votes cannot be cast.

Responses to this topic


data/avatar/default/avatar03.webp

581 Posts
Location -
Joined 2002-04-27
Problem I see with windows native encryption, all someone has to do after stealing your HD, is crack the user account passwords, then they can read it all anyways.
 
Tying encryption to user accounts a really weak security wise IMO.
 
Unless there is somehting I am missing....
\

data/avatar/default/avatar19.webp

690 Posts
Location -
Joined 2000-05-21
Cracking the user account passwords isn't as easy as it seems. The most common way of breaking into a Windows 2000/XP machine is to delete the file containing the passwords. However, if you do this you'll never gain access to those encrypted files ever again. Since that's not an option, you'll have to try things the hard way (dictionary cracker etc) which puts it on the same level as any other kind of encryption.

data/avatar/default/avatar06.webp

18 Posts
Location -
Joined 2003-02-03
OP
Well in windows 2000 EFS can apparently by bypassed 3rd party software :
 
http://www.elcomsoft.com/aefsdr.html
 
"Advanced EFS Data Recovery (or simply AEFSDR) is a program to recover (decrypt) files encrypted on NTFS (EFS) partitions created in Windows 2000. Files are being decrypted even in a case when the system is not bootable and so you cannot log on, and/or some encryption keys (private or master) have been tampered. Besides, decryption is possible even when Windows is protected using SYSKEY. AEFSDR effectively (and instantly) decrypts the files protected under all versions of Windows 2000 (including Service Packs 1, 2 and 3)."
 
So I would prefer to using something alittle more secure
 
Second Both of these products encrypt the whole HD, so they can't use a boot disk to delete the SAM account, which is a big bonus

data/avatar/default/avatar03.webp

581 Posts
Location -
Joined 2002-04-27
CRacking the password is easy if you have the hard drive. Reset the admin password (no probleem i can do it in 2 seconds), then login and reset every other password using users and passwords applet.
 
not that mS security options like this are bad in themselves, the problem is every cracker out there works to crack it. It would seem to me that using obscure third party tools would make anything that much more secure.

data/avatar/default/avatar19.webp

690 Posts
Location -
Joined 2000-05-21
Quote:CRacking the password is easy if you have the hard drive. Reset the admin password (no probleem i can do it in 2 seconds), then login and reset every other password using users and passwords applet.

In Windows XP, if you try to change another user's password (ie. using User Management) it will warn you that if you do so, they will no longer be able to access their secure files. Like this:



Now I'm not sure if this applies to Win2k and the warning is just not there or not. But resetting the account password should not work.

Quote:Well in windows 2000 EFS can apparently by bypassed 3rd party software

Hmm, I was led to believe it was more secure than that. Ah well.

data/avatar/default/avatar06.webp

18 Posts
Location -
Joined 2003-02-03
OP
I believe that EFS itself is secure, but the way Microsoft implemented it is flawed and thus not secure.
 
About that program APK, I honestly don't know if it works over lan's or not, as I haven't used it.

data/avatar/default/avatar03.webp

581 Posts
Location -
Joined 2002-04-27
That's interesting, about chaning the password. what does this mean then? How can a user change his password safely???

data/avatar/default/avatar14.webp

155 Posts
Location -
Joined 2001-11-09
is it tied specifically just to your password? because I thought there was some sort of 'certificiate' deal.... if it is tied to your password... can't changing the password back to the original let you access the encrypted files again?
This is kinda important, cause I'm wondering what will happen to the encrypted files on my D partition if I decide to kill my C partition.. (inevitable that I will install windows again and some point)

data/avatar/default/avatar19.webp

3857 Posts
Location -
Joined 2000-03-29
From what I remember, EFS uses "keys" to access the files, and you need those keys to get to them. Now, most people leave the keys on the same drive as the encrypted files and never backup or remove them. I wonder if this software relies on that flaw in usage by the user.

data/avatar/default/avatar14.webp

155 Posts
Location -
Joined 2001-11-09
so these keys are stored hidden on the partition? So in my case it shouldn't be a problem? how do I back them up in case?

data/avatar/default/avatar04.webp

26 Posts
Location -
Joined 2003-09-21
how is a 3rd party app any less vulnerable to a dictionary attack?

data/avatar/default/avatar33.webp

686 Posts
Location -
Joined 1999-10-28
That error message 5 posts above only seems to occur when changing the password in "Manage>>Local Users & Groups". If you use the "users" applet on the control panel (as suggested) you don't seem to have this problem.
Perhaps MS used the local system account to add a quiet decrypt key to the data so when you change the password, the data is decrypted using the local system account rather than the user account.
This then points to the usual idea advocated by APK, Clutch and the like that once someone has physical access to your system, you can put your head between your knees.