Security Basics mailing list archives
RE: File Encryption - Laptop
From: "Nero, Nick" <Nick.Nero () disney com>
Date: Tue, 16 Sep 2003 17:41:49 -0400
I recently had to set a standard on this myself. I would recommend Windows XP with SP1 and then using Encrypting File System (EFS). This is a completely free solution and very tight security. The algorithm is 256bit AES so it is practically impossible to break (you have to brute force a huge key). There is one tool out there that will break EFS on 2k (and I think recently XP SP1), but the hacks work by exploiting key management. For extra sensitive laptops, like those of executives, you may want to enable syskey in mode 3. I have recently been experimenting with storing the syskey instead of on a floppy, on a USB Jumpdrive mapped to A:. This provides paramount security - even if the laptop is stolen, there is no access to the SAM account database to try to crack the EFS. If the SAM is overwritten (new install of 2k) then all the certificate info for the EFS is also destroyed leaving the files unrecoverable. This is really a technique of last resort though. If the key is lost there is no chance of recovering that box - even from backup tape - so be forewarned. Nick Nero CISSP -----Original Message----- From: Ethan Harris [mailto:harris_ethan () hotmail com] Sent: Friday, September 12, 2003 10:53 AM To: security-basics () securityfocus com Subject: File Encryption - Laptop Hi all, I'm fairly new to the secuirty world, but have been recently asked by my company to find a product that will be able encrypt files on a PC (mostly Win98 and Win2k based), especially on laptops. They want an extra layer of security in case any of these machines get stolen. Thanks in advance for the input. ------------------------------------------------------------------------ --- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Re: File Encryption - Laptop, (continued)
- Re: File Encryption - Laptop Markus Rossi (Sep 15)
- RE: File Encryption - Laptop Marcel Janus (Sep 15)
- Re: File Encryption - Laptop Birl (Sep 15)
- RE: File Encryption - Laptop Oliver Rebollido (Sep 15)
- RE: File Encryption - Laptop Ross Wakelin (Sep 15)
- RE: File Encryption - Laptop wbradd (Sep 16)
- RE: File Encryption - Laptop Ruiz Cifuentes, Rolando Matias (CL - Santiago) (Sep 15)
- RE: File Encryption - Laptop Bill_Roswell (Sep 15)
- Re: File Encryption - Laptop Chris Berry (Sep 15)
- Re: File Encryption - Laptop Ansgar Wiechers (Sep 16)
- RE: File Encryption - Laptop Nero, Nick (Sep 16)
- RE: File Encryption - Laptop Pierre A. Cadieux (Sep 17)
- Re: File Encryption - Laptop Chris Berry (Sep 17)