Re: Stolen server with Windows 2003

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 03/22/04


Date: Mon, 22 Mar 2004 14:53:25 +1100

That's pretty much impossible.

The thieves have physical access to the box - they are read the data
directly off the hard drives if they want to.

You could encrypt the data, but any encryption mechanism can be brute forced
given time and patience (and it would also make it a little difficult for
your own users to get access to the data).

There is no such thing as the perfectly secure system. Security is about
managing risk. You can have a more secure system but:
a) it costs more money
    -and-
b) it interferes with the ease of use of the system

You need to determine what point is an acceptable tradeoff. If you think
that someone physically stealing your server would be a big problem, invest
money in physical security. Have a secure room built to house the server.
Use controlled-access technologies like smartcards to access the room.
Locate the server itself in another physical barrier. Alternatively, there
are data centers you can outsource this type of hosting to.

Cheers
Ken

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Marlin Todd" <marlintodd@hotmail.com> wrote in message
news:eMLkLw7DEHA.4080@TK2MSFTNGP09.phx.gbl...
: how can we ensure that if a server is stolen again that our data is secure
: and they can't get to it?
:
: thanks
:
: "Paul Adare - MVP - Microsoft Virtual PC" <padare@newsguy.com> wrote in
: message news:MPG.1ac821fbd473a5c79898f7@msnews.microsoft.com...
: > In article <e$RTih7DEHA.2768@tk2msftngp13.phx.gbl>, in the
: > microsoft.public.windows.server.security news group, Marlin Todd
: > <marlintodd@hotmail.com> says...
: >
: > > we had an accounting server with 3 SCSI harddrives in it.
: > > We had Windows 2003 Ent Edition as a member of a DC...with a
: alpha-numeric
: > > password for the administrator account!
: > > Can we be assured that our information is safe?  Would the theives be
: able
: > > to get to the data?
: > >
: >
: > Just the opposite. You can pretty much assume that the data is now
: > completely available to the thieves.
: >
: > -- 
: > Paul Adare
: > Moral indignation is jealousy with a halo.
: > H. G. Wells, The Wife of Sir Isaac Harman
:
:


Relevant Pages

  • Re: Stolen server with Windows 2003
    ... "Given the time and patience" is the key phrase. ... Beyond physical security, encryption is ... the only real mitigation for the server theft scenario. ... > There is no such thing as the perfectly secure system. ...
    (microsoft.public.windows.server.security)
  • RE: Cracking a server without services
    ... The only truly secure system is the one that's not turned on. ... Cracking a server without services ... Hey there, ...
    (Security-Basics)
  • Re: Linspire?
    ... Ubuntu or Kubuntu are the best out there IMHO, ... maintaining a secure system is much easier. ... not even Windows ... There was a server distribution that I once saw that really did blow me ...
    (alt.os.linux)
  • Re: Linspire?
    ... maintaining a secure system is much easier. ... not even Windows ... what is so different about setting Ubuntu up as a server? ...
    (alt.os.linux)
  • Re: Stolen server with Windows 2003
    ... how can we ensure that if a server is stolen again that our data is secure ... > Just the opposite. ... > completely available to the thieves. ...
    (microsoft.public.windows.server.security)