Desktop data security

[Guest]

I am trying to develop a security plan to satisfy compliance regulators.
- I have a single-user, non-networked desktop computer.
- I have a strong user password to sign on.
- My screensaver kicks in after 15 minutes and is strong password protected.
- When I am away from my desk, I start the windows screensaver.
- I have windows firewall turned on.
- Outlook is strong password protected.
- When I backup data to DVD or CD, I use strong encryption.
- I have ATT/Yahoo which provides anti-virus, anti-spy protection.
Questions:
- Is there any value in using MS EFS encryption with this setup?
- Are there ways someone could access my data with this setup? If so, how?
- Do I need to password protect BIOS (F8 in safe mode)?

 

[Fuzzy Logic]

I am trying to develop a security plan to satisfy compliance regulators.
- I have a single-user, non-networked desktop computer.
- I have a strong user password to sign on.
- My screensaver kicks in after 15 minutes and is strong password
protected. - When I am away from my desk, I start the windows
screensaver. - I have windows firewall turned on.
- Outlook is strong password protected.
- When I backup data to DVD or CD, I use strong encryption.
- I have ATT/Yahoo which provides anti-virus, anti-spy protection.
Questions:
- Is there any value in using MS EFS encryption with this setup?
- Are there ways someone could access my data with this setup? If so,
how? - Do I need to password protect BIOS (F8 in safe mode)?

You are doing better than most!

BIOS password will only slow someone down. If they steal the computer it's usually a matter of removing the
battery or a jumper on the motherboard to reset the password. It is another level of security.

MS EFS is a good thing. Again if someone steals your computer they can just put your hard drive into another
machine and have pretty much full access to the contents unless you use EFS.

 

[Steven L Umbach]

I agree with Fuzzy Logic in that a password only protects access to the
operating system. Encryption such as EFS can go a long way to protecting
your data but as long as your EFS private key is on the computer there is a
possibility that your encrypted files can be accessed if your password can
be cracked. To mitigate that risk make sure that your password or "pass
phrase" is at least 15 characters in length and understand that a smart
attacker may place a software or hardware keyboard logger on your computer
to try and capture your password which protects your EFS private key or make
themselves a Recovery Agent if they gain administrator access. Your EFS
private key can be removed and then imported again when you need access to
your EFS files but that is such a hassle that most don't do it regularly and
then there is a problem that if you forget to and encrypt more files another
EFS certificate/private key will be generated for the new files and that
greatly increases complexity of EFS. File encryption also has the danger of
you losing access to your own files if your EFS private key becomes
corrupted or deleted and there is no Recovery Agent or backup of your EFS
private key.

Steve

http://support.microsoft.com/kb/223316/EN-US/ --- EFS best practices

 

[Guest]

Thank you for your very helpful replies.