Re: Securing workstations from IT guys

From: "Liam Jewell" <ljjewell@xxxxxxxxx>
Date: Tue, 27 Nov 2007 15:05:15 -0500

Anybody who has physical access to the machine becomes a
vulnerability. Even if you encrypt files under an administrator
account on the local machine, simply resetting the password with a
program like Passware, will not disable the encryption. Then an
unauthorized user can log in to the admin account with a blank
password (or a password of their choosing) and have access to all
encrypted files.

This means that in under a minute of physical access to the machine,
all local documents (encrypted or not) are now accessible.
Additionally, many programs allow you to reset it to the original
password when you are done. This means that if the event viewer were
cleared... few traces would be left on the machine, that it had even
be turned on.

What does this mean? It means you need to use a combination of
non-windows based encryption (I also use Axcrypt) for all files that
NEED to remain on the local machine, and then force all other
important documents to a secured server.

my 2 cents,
Liam Jewell

Follow-Ups:
- Re: Securing workstations from IT guys
  - From: Mark Owen

References:
- Securing workstations from IT guys
  - From: WALI
- RE: Securing workstations from IT guys
  - From: Lim Ming Wei
- RE: Securing workstations from IT guys
  - From: Depp, Dennis M.

Prev by Date: Re: hax.tor
Next by Date: Re: hax.tor
Previous by thread: RE: Securing workstations from IT guys
Next by thread: Re: Securing workstations from IT guys
Index(es):
- Date
- Thread

Relevant Pages

Re: Getting Linux to detect keyloggers?
... Anyone who has physical access to your computer can compromise it. ... go through the trouble trying to get your encryption key beforehand or ... use to monitor information such as keyboard keystrokes using highly ...
(comp.os.linux.misc)
Re: Crypted Disk Question
... > And if you had sufficient physical access to the drive to ... or because your passpharase is blank... ... >> it really depends on what kinds of reasons the encryption ...
(freebsd-hackers)
Re: Cryptographic file systems
... As long as anyone has physical access to the box, ... Anyone with access to the server also has access ... plaintext file content on the wire, making encryption on disk moot. ... or thru a Samba share that points to the encrypted file system part. ...
(FreeBSD-Security)
Re: Linux, BSD, and Unix are fundamentally insecure.
... >> Any machine is insecure if you have physical access to it. ... > encryption option enabled, mounting that hard drive on another system ... > boat loader into a shell without requiring the root password. ... > the machine in safe mode or to use the Windows 2000 to do a system ...
(comp.unix.bsd.freebsd.misc)
Re: Linux, BSD, and Unix are fundamentally insecure.
... >> Any machine is insecure if you have physical access to it. ... > encryption option enabled, mounting that hard drive on another system ... > boat loader into a shell without requiring the root password. ... > the machine in safe mode or to use the Windows 2000 to do a system ...
(comp.unix.bsd.openbsd.misc)