Re: Do I need to use the SysKey utility to enhance the security?
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 05/02/05
- Next message: Adam Welker [MSFT]: "Re: New MSSecure.XML Version 2005.04.01.0 Now Available"
- Previous message: Steven L Umbach: "Re: Root CA Certificate vs Client Cert Expiration"
- In reply to: cc: "Do I need to use the SysKey utility to enhance the security?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 2 May 2005 10:52:52 -0500
Syskey is used to protect the local sam on a computer. It is enabled by
default in Windows 2000 and above. It makes it very difficult for an
"offline" attack on the sam file. Methods other than default such as
password at boot up or floppy disk to access the operating system at start
up can further secure the sam file. If an attacker has access to the whole
computer however there are tools that can disable syskey and allow access to
the sam or to reset passwords. An account password is what you use when you
are prompted to enter your name and password. A bios password protects the
computer from booting into ANY operating system until the password is
entered. Again there are ways to discover cmos passwords. That however does
not mean that these measures should not be implemented in some situations as
extra barriers to entrance that may buy you time.
None of the above will stop an attacker from accessing your data if they
have physical access to your computer. They can simply remove the hard drive
and place into another computer to access the data, boot from a cdrom that
has another operating system on it [knoppix, Windows PE] or even install a
parallel operating system. The only way to protect data is with encryption.
Encryption has its own pitfalls and application being used to encrypt the
data must be well understood or data may still be accessible to an attacker
when you believe it is sage or you may end up being denied access to your
own data if you do not take precautions like having backups of you
certificate/private key. --- Steve
"cc" <anonymous@disscussion.microsoft.com> wrote in message
news:%23AX0DirTFHA.2532@TK2MSFTNGP10.phx.gbl...
> For the Syskey, please refer to
> http://support.microsoft.com/kb/310105/
>
> Do I need to use the utility?
>
> What is the difference between Startup Password & Account Password & the
> password of BIOS?
>
>
>
- Next message: Adam Welker [MSFT]: "Re: New MSSecure.XML Version 2005.04.01.0 Now Available"
- Previous message: Steven L Umbach: "Re: Root CA Certificate vs Client Cert Expiration"
- In reply to: cc: "Do I need to use the SysKey utility to enhance the security?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
