hd security

[Gabriel Smit]

hi
have an external hd running ntfs which i use with my xp pro os.
how can i secure the hd for my access only?
gg

 

[Tin]

the only secure way is not to put any data on it!

well to answer your question, you have to go with third-party software to
encrypt your system. NTFS and EFS alone ain't gonna secure your data now a
day.

with NTFS, someone can just attach your hdd to their system and take over
ownership.
with NTFS & EFS = after taken over ownership, they can use tool like this
http://www.lostpassword.com/efs.htm to decrypt it.

You See?

 

[Opti_mystic_69]

Tin,

Strictly speaking, this is not accurate.
From http://www.lostpassword.com/efs.htm:

"From EFS Key retrieves EFS-encrypted files from NTFS
partitions. To retrieve the files, the encryption password
must be known or SAM database must be present."

And also from http://www.lostpassword.com/efs.htm:

"Requirements:
Encryption password must be known or SAM database must be
present (Windows 2000)
User must have administrator privileges"

If these things are true, i.e., encryption password is
known or User's local account can be subverted, then
anyone can decrypt the EFS files. This depends on the
user's password being subverted, not on a product
like "EFS Key". Microsoft's EFS is quite strong (though
not perfect) and utilizes a combination of symmetrical and
asymmetrical keys to provide security. Subverting the
user's key by guessing or changing the user's password
will not get you very far if the user has followed the
recommendations of Microsoft and many many others in this
newsgroup, and exported / deleted the Certificate used to
encrypt the FEK, and exported / deleted the DRA account's
Certificate. Additionally, Microsoft provides "syskey" to
provide some additional security to some EFS
implementations. The product "EFS Key" simply puts a UI on
an existing functionality.


HTH.

Opti_mystic

 

[Opti_mystic_69]

Gabriel Smit,

EFS (Microsoft's Encrypting File System) may provide some
or all of the functionality you desire. *Please* throughly
research and understand the risks and advantages of EFS
before using it, or you may lose access to your files
permanently. The most important things are to securely
back up your user certificate and to securely backup and
delete the DRA certificate. Syskey (Microsoft utility to
strengthen registry security) also helps.

Additionally, perhaps setting NTFS permissions may be of
some value. However, if someone can gain physical access
to your computer (i.e., remove the hard drive and put it
into another computer), then NTFS permissions will not be
of much value

If you are not *very* confident in your skills to set up
EFS, please post back and there are many smart people here
who can help you.

See these links: (urls may wrap)

http://cert.uni-
stuttgart.de/archive/forensics/2003/06/msg00010.html

http://securityadmin.info/faq.htm#efs

http://securityadmin.info/faq.htm#encryption

http://www.beginningtoseethelight.org/efsrecovery/

Hope this helps. Post back and let us know.

Opti_mystic_69

 

[Tin]

let see what you have to say about this software
http://www.crackpassword.com/products/prs/otherms/efs/features.php

like i said, ntfs, efs and syskey ain't gonna safe your data.

 

[Guest]

Tin,

It is considered impolite to respond in a confrontational
manner. This newsgroup is here to provide a forum (forum =
open discussion) of issues, features, and capabilities of
Microsoft security products, and to provide a resource for
people to find answers to questions or to resolve problems.

While the product you mentioned will provide some
additional capabilities over "EFS Key", the fact of the
matter is that EFS has withstood some very concentrated
cryptanalysis, including my own modest efforts.

If it were true that the EFS protocol had been subverted,
and that it was possible to recover the plaintext from the
ciphertext without the appropriate keys, that fact would
have been widely reported in the information security and
cryptological communities.

The product you have listed this time
(http://www.crackpassword.com/products/prs/otherms/efs/upda
tes.php) is similiar to the "EFS Key" product, in that is
atttempts to recover the key that is used to encrypt the
FEK, which in turn allows the ciphertext to be decrypted
in the standard way. If the user's key and the DRA key
have been removed from the computer completely, this
product will also fail. While Microsoft's EFS is not
perfect, so far it has withstood the real test of any
encrytpion protocol, and that test is years of research by
cryptoanalysts who have not yet subverted it. Microsoft's
EFS is secure enough for most users. With proper key
management it provides a layer of security which will
allow users to keep their data private and recoverable.

Thank you. Hope this helps.

Please remember that this is my opinion, and another
cryptologist may have a different or opposing opinion.

Opti_mystic_69