Re: How secure are my files?

From: Drew Cooper [MS] (dcoop@online.microsoft.com)
Date: 08/30/02 

From: "Drew Cooper [MS]" <dcoop@online.microsoft.com>
Date: Fri, 30 Aug 2002 13:54:05 -0700

Assuming someone sophisticated, or at least as sophisticated as a script
kiddie, the ONLY protection the OS can offer against an attacker with
physical access to a drive is EFS. This means a protracted brute-force
attack to get the data. Without EFS, there are any number of utilities to
read the disk disregarding ACLs (NTFSDOS for example).
-->Yes, sorry for repeating you, Jupiter, but it can't be stressed enough -
if you use EFS, back up EFS cert/key pairs.

Also note that once an intruder has had physical access to the machine, any
further activity on that machine may be compromised unless it's scorched and
rebuilt. 

--
Drew Cooper [MS]
This posting is provided "AS IS" with no warranties, and confers no rights.
"Jupiter Jones" <jones_jupiter@hotnomail.com> wrote in message
news:unV9uKGUCHA.3764@tkmsftngp08...
> Password your profile as well as the Administrator in Safe Mode.
> Make all others Limited Users as any Administrator can do and undue
> anything including taking ownership of someone else's files.
> Be sure you take measures to remember the passwords such as hints
> (others can see the hint) and password recovery disk.
> You could also Encrypt the file, but read up on it first especially
> the part about backing up encryption keys and Recovery Agents.
> If you are considering encryption, read this first:
> http://www.microsoft.com/windowsxp/pro/techinfo/administration/recover
> y/default.asp
> There is software that can break thru passwords.
> The most important point is "There is no security without physical
> security"
> If they have control of the hard drive, they eventually could have
> everything on the drive.
>
> --
> Jupiter Jones
> Please respond to newsgroup only, so everyone can benefit
>
>
>
> "Rob" <steel29@msn.com> wrote in message
> news:a63c01c2505b$72662ce0$3aef2ecf@TKMSFTNGXA09...
> > I am wondering if it is possible to access files on the HD
> > without being logged into XP Pro.  How easy is will it be
> > for someone to get around my password?  I am not talking
> > about trojan horses or viruses/hackers.  I'm talking about
> > someone physically at my computer trying to read my local
> > files without permission.  Thx if anyone replies.
>
>

Relevant Pages

  • Re: Do I have to set another password in the CMOS setting to enhance the security of OS?
    ... one of the "ten immutable laws" is that physical access beats ... Even using encryption is a kind of a gamble, ... useless to me as an attacker. ... Software Design Engineer, Internet Information Server ...
    (microsoft.public.security)
  • Re: Do I have to set another password in the CMOS setting to enhance the security of OS?
    ... Alun Jones wrote: ... Physical access risks can be mitigated - through secure ... > Even using encryption is a kind of a gamble, ... > useless to me as an attacker. ...
    (microsoft.public.security)
  • Re: Win2k3 Web Edition - Usage of EFS
    ... with physical access an administrator. ... And the data will be unreadable even to an attacker ... If you use EFS, *please* back up those users' encryption certificates (and ...
    (microsoft.public.security)
  • Re: EFS file recovery on Win2k
    ... I thought your EFS files are pretty safe as long as ... > Since EFS is tied to the user account, EFS is compromised if the account ... > SAM file can be manipulated to allow an intruder with physical access to ...
    (microsoft.public.win2000.security)
  • Re: boot -s - can i detect intruder
    ... I know that if someone have physical access to my servers can penetrade into ... > attacker is at all sophisticated, but if the attacker is really clueless, ... the user could select a shell of his own. ...
    (FreeBSD-Security)