Re: recovering NTFS volumes
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 06/09/04
- Next message: Steven L Umbach: "Re: removing viruses"
- Previous message: Bryan: "removing viruses"
- In reply to: Parhez Sattar: "recovering NTFS volumes"
- Next in thread: Parhez Sattar: "Re: recovering NTFS volumes"
- Reply: Parhez Sattar: "Re: recovering NTFS volumes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 08 Jun 2004 23:57:56 GMT
Ntfs by itself is not secure protection outside of the original operating system and
yes someone who could restore the tape to another operating system would be able to
access those files [assuming the backup process does not encrypt, as some can is my
understanding]. They may or may not need to take ownership. My guess is that if
administrators group or administrator have full permissions, they would have no
problem since built in administrator and administrators group have the same sid on
every operating system. EFS files would deny access to any users who does not have
access to the private keys used for EFS for either the user or recovery agents as
shown in efsinfo. Those private keys are stored in the user profiles, so if the
backups did not include those user profiles they would not be able to access the EFS
files themselves unless they obtained them from another backup [keep them separate]
and were able to guess or crack users/recovery agent's password, though they could
delete the data. I have little experience with backup programs other than built in
ntbackup or Ghost, but it is my understanding that not all backup programs support
backing up of encrypted files and it is not that the files would be decrypted, but
that they would be backed up and restored as gibberish which is something to
consider. XP Pro SP1 and W2003 EFS uses AES [strong stuff] which if restored to a W2K
computer and then imported the recovery agent EFS private key to decrypt the files
would not work because W2K does not support AES. --- Steve
http://support.microsoft.com/default.aspx?kbid=243330 -- well known sids
http://www.microsoft.com/resources/documentation/windows/2000/server/reskit/en-us/distsys/part2/dsgch15.mspx
--- efs info
"Parhez Sattar" <pxs01@grh.org> wrote in message
news:1a0f201c44da4$993f6320$a001280a@phx.gbl...
> We have this debate going in the office about NTFS and how
> it protects files from falling in the wrong hands.
> Basically, the questions are:
> -What are the risks if a backup tape, that was used to
> backup an NTFS volume on a machine (W2K/XPpro)that was
> part of a corporate domain/AD, falls into the hands of a
> person who is curious (but not very savvy to know hacking
> tools) and has a tape drive on their home machine. Can
> this person just restore the tape onto their computer and
> gain full access to the files (mind you that they were
> protected via NTFS 5.0 on the original partition) without
> taking any additional steps (such as taking ownership,
> bypassing the original ACL, etc.)?? Add EFS to the
> scenario above. What changes? Thanks in advance.
>
>
- Next message: Steven L Umbach: "Re: removing viruses"
- Previous message: Bryan: "removing viruses"
- In reply to: Parhez Sattar: "recovering NTFS volumes"
- Next in thread: Parhez Sattar: "Re: recovering NTFS volumes"
- Reply: Parhez Sattar: "Re: recovering NTFS volumes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
