Security of the Windows XP SP2 Boot Process

[Guest]

Hi

How secure is the Windows XP SP2 starting / booting process? Can I modify
the boot process so that I can disable the Windows XP SP2 firewall or access
any data during?

Thanks and Regards
Dominik

 

[Carey Frisch [MVP]]

Your PC is secure during booting with the Windows Firewall enabled.
You must wait until reaching the desktop before accessing your data
or turning-off the Windows Firewall, which is not a good idea.

--
Carey Frisch
Microsoft MVP
Windows - Shell/User
Microsoft Community Newsgroups
news://msnews.microsoft.com/

-------------------------------------------------------------------------------------------

"Dominik" wrote:

| Hi
|
| How secure is the Windows XP SP2 starting / booting process? Can I modify
| the boot process so that I can disable the Windows XP SP2 firewall or access
| any data during?
|
| Thanks and Regards
| Dominik

 

[Guest]

Hi

Thanks for your answer...but, I should explain a little bit more..

The hard disk of my notebook is encrypted. I know that my system is only as
safe as the operating system, because I have deactivated the boot
authentication from the hard disk encryption application.
I ask me now, which security problems are present during the starting
procedure. For example, a hacker who steals my notebook could modify the boot
process, deactivate the firewall, ...

Regards
Dominik

 

[Carey Frisch [MVP]]

You would be best served by using a strong BIOS password
if you fear physically losing your notebook computer. Without
knowing the BIOS password, no one can even start the
Windows operating system.

Setting a BIOS Password
http://www.lockdown.co.uk/?pg=biospsw&s=articles

Securing Mobile Computers with Windows XP Professional
http://www.microsoft.com/technet/prodtechnol/winxppro/evaluate/mblsecxp.mspx

--
Carey Frisch
Microsoft MVP
Windows - Shell/User
Microsoft Community Newsgroups
news://msnews.microsoft.com/

-------------------------------------------------------------------------------------------

:

| Hi
|
| Thanks for your answer...but, I should explain a little bit more..
|
| The hard disk of my notebook is encrypted. I know that my system is only as
| safe as the operating system, because I have deactivated the boot
| authentication from the hard disk encryption application.
| I ask me now, which security problems are present during the starting
| procedure. For example, a hacker who steals my notebook could modify the boot
| process, deactivate the firewall, ...
|
| Regards
| Dominik

 

[Guest]

Yes, that's true. But the bad guy can remove the hard disk and put it in his
computer. And when the hard disk is not encrypted, he has full access to the
data!

So, that's why I encrypt my hard disk.

But I'm searching only for security holes during the startup process. If a
security problem can be present when starting, which the bad guy (hacker)
could use, I will look for another solution. That's why I ask about known
security problems during the startup process of Windows XP SP2!

 

[Kerry Brown]

Yes, that's true. But the bad guy can remove the hard disk and put it in
his
computer. And when the hard disk is not encrypted, he has full access to
the
data!

So, that's why I encrypt my hard disk.

But I'm searching only for security holes during the startup process. If a
security problem can be present when starting, which the bad guy (hacker)
could use, I will look for another solution. That's why I ask about known
security problems during the startup process of Windows XP SP2!

If the hard drive is encrypted then it doesn't matter what someone does they
would have to break the encryption to access it. This is only as good as
whatever program you used to encrypt the drive. If you are really that
worried and the data is really that sensitive then you shouldn't have it on
a laptop in the first place. The only really secure data is behind a
physical barrier, i.e. locked up with an armed guard. Other than that a
determined thief with sufficient resources could eventually get at the data.
If the data is not sensitive enough to require an armed guard then all you
can do is encrypt it, use strong passwords, and keep the laptop as
physically secure as possible. The EFS built in to XP is accessible by
anyone who has physical access and can guess your password. In your case you
should use third party software that requires a password every time the data
is accessed.

Kerry

 

[Guest]

I use a third party software who encrypts the whole disk!
But, I have deactivated the boot protection (pre boot authentication) from
this third party software and now, every person who has my notebook can start
the operating system (the reason why I have deactivated the boot protection
is our software deployment application)!

That's the reason why I asked about the security of the startup process.
Because, my system is now only as safe as the Windows XP SP2 startup
process!!! When the bad guy could modify the boot process, deactivate the
firewall during the boot process, ... he could have access to the data which
are unencrypted when the operating system is running!

What I think is:
- A Brute-Force attack at the logon is not really possible.
- Also, when the bad guy starts the system with a Linux live cd or
WindowsPE, he can't access the data (for example the SAM), because the disk
is encrypted!
- Also, an attack over the network should not be possible, because the
firewall is enabled and there are no exceptions configured!

But evenly: how secure is the startup process??

 

[Steven L Umbach]

If a hacker steals your notebook deactivating the Windows Firewall will be
the least of your problems. "I know that my system is only as safe as the
operating system" is wrong. Your data is only potentially secure if A - an
attacker can never get physical access to your computer or B - the data is
properly encrypted with a strong algorithm and access to the private key is
not possible. An attacker may not try to gain access through your operating
system. They will simply try to access the data from their own or use a
utility to reset the administrator password on your operating system to be
able to logon as an administrator which takes less than five minutes if the
computer can be booted from floppy or cdrom.

If you must protect your data then you can use something like EFS
encryption. If you export/delete your EFS private key when done with your
files and then run cipher /w on your computer no one is going to access that
data since EFS in the current SP of XP uses AES 256 encryption. If you leave
your EFS certificate/private key on your computer then your data is only as
safe as your password. If you use weak passwords it can be fairly easy to
crack your user password in the local SAM. Strong passwords, particularly
when used with cached logons, can greatly increase your chances of your
password never being cracked. I would consider a strong password to be
greater than 15 characters in length and use lower and upper case, numeric,
and punctuation characters. A password or pass phrase of at least 15
characters will also make sure no LM hash of the password is stored.---
Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;223316&sd=tech ---
EFS best practices

 

[Kerry Brown]

If you are that worried why is this data on a laptop? You have taken more
than reasonable precautions. Someone would have to be very determined to
access the data but given enough resources it can theoretically be done. In
the real world how much is this data worth to a potential hacker? A casual
thief wouldn't bother. They may try to turn it on but even that is unlikely.
Whoever buys it from the thief would likely spend a few minutes then format
it so they can use it. Thieves and the people who buy from them are
generally lazy. If they can easily get at the data they may take a look to
see if there is any personal information they could use. If it takes more
than a few minutes they will move on to something easier. If the thief is
targeting you specifically to get the data then again, why is the data on a
laptop?

Kerry