AW: File Encryption - Laptop

[Meidinger Chris <chris.meidinger () badenit de>]

EFS only encrypts specific files and folders. Also the keys are local on the
hard drive (silly thing that). EFS ist not considered secure (at least not
by anyone that i know.) It is designed for transparent encryption to prevent
one user of a computer from accessing files from another. If you should
decide to use it make sure to designate a recovery agent. Otherwise the
files are lost should you delete or lose the profile.

I recently was looking for a similar solution, though i needed something
more complicated (search this group for my posts with title Secure Boot
Manager if interested) and found 2 excellent products:

Safe Boot Pro/Enterprise from www.safeboot.com
Drive Crypt from SecurStar GmbH www.drivecrypt.com

Of those two i preferred safe boot. It is also a true enterprise solution,
allowing you to remotly manage machines, create groups, install the
software, and change settings from a central console. We did not end up
buying it, but i would have recommended it had it fit my peculiar needs (was
trying to hide 2 OS's from one another)

Hope this was a help,

Chris Meidinger

badenIT GmbH
System Support

Tel. +49 761 279 2280
Fax. +49 761 279 2200

Tullastrasse 70
79108 Freiburg
Deutschland 

-----Ursprüngliche Nachricht-----
Von: Sean Earp [mailto:smearp () mac com] 
Gesendet: Samstag, 13. September 2003 03:11
An: Ethan Harris
Cc: security-basics () securityfocus com
Betreff: Re: File Encryption - Laptop


Ethan-

Windows 2000 (and XP Pro) have this functionality built in (It's called  
EFS - or Encrypting File System), and it is designed for EXACTLY the  
reason you specify.  It requires that the hard drive be formatted as  
NTFS, and one of the previously mentioned Operating Systems.  Microsoft  
has written up a decent overview of the functionality and setup at  
<http://www.microsoft.com/windows2000/techinfo/planning/security/ 
efssteps.asp>.

Windows 98 is NOT a secure operating system by ANY stretch of the  
imagination and you can not use EFS with it.  Even password protecting  
the machine offers you NO protection, as you can bypass the password by  
simply hitting the escape key.  You could upgrade these machines to  
Windows 2000 or XP, or someone else on the list may know of a third  
party utility that may provide the functionality you are looking for.   
Good luck,

-Sean

On Friday, September 12, 2003, at 07:53 AM, Ethan Harris wrote:

> Hi all,
>
>
>
> I'm fairly new to the secuirty world, but have been recently asked by
> my company to find a product that will be able encrypt files on a PC  
> (mostly Win98 and Win2k based), especially on laptops.  They want an  
> extra layer of security in case any of these machines get stolen.   
> Thanks in advance for the input.


---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Captus Networks
Are you prepared for the next Sobig & Blaster?
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Precisely Define and Implement Network Security
 - Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------