Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Hard drive encryption in windows

from [Roger A. Grimes] Network Security [Permanent Link]
Subject: RE: Hard drive encryption in windows
Date: Wed, 28 Sep 2005 19:22:42 -0400 
-See below. 

-----Original Message-----
From: Rob Thompson [mailto:my.security.lists@gmail.com] 
Sent: Tuesday, September 27, 2005 2:35 PM
To: Beauford, Jason
Cc: Cesc Santasusana; <
Subject: Re: Hard drive encryption in windows

No EFS is not good.

For starters it is only encrypting the data that you tell it to.  What
if that file that you are accessing is copied over to the Swap File? 
Now you have an unencrypted copy on your computer, and a false sense of
security.
-Any files protected by EFS are encrypted in the page file, too, if the
original is encrypted.

Also, there are tools freely available on the internet, with just a VERY
SMALL amount of looking that will break into the EFS.
-None break EFS. There is only one or two tools that claim to do it, and
they both brute force the Administrator account password to recover the
Admin's EFS private key. That's the main reason why Microsoft decided
not to make the Administrator a default recovery agent (DRA) on
stand-alone XP Pro boxes. If you allow the admin password to be broken
(I can prevent ANY Windows password cracking with just four simple
steps, the easiest being to use a long password 15 characters or
bigger), recovering EFS files is the least of your worries.

Granted it is better than nothing, but if I were you, I wouldn't rely on
it strictly as a safe alternative.  It's better if you have nothing else
at the time and are in a pinch.
-It's a good alternative for people who want transparent, good file and
folder encryption on NTFS partitions.

Make sure you use it in accordance with a secure erasing system,
something like Eraser.
-EFS does its own erasing now, and they also include an EFS tool that
will zero out the blank space on the hard drive for the paranoid.

-EFS is decent file and folder encryption. It's not the best, but the
price is right, free, and it will be all that many users ever need.

-Roger

************************************************************************
***
*Roger A. Grimes, Banneret Computer Security, Consultant 
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, CHFI, TICSA
*email: roger@banneretcs.com
*cell: 757-615-3355
*Author of Honeypots for Windows (Apress)
*http://www.apress.com/book/bookDisplay.html?bID=281
************************************************************************
****
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: How to...., Craig Wright
Next by Date:  Re: Personal Firewall, Nathaniel Hall
Previous by Thread:  RE: Hard drive encryption in windows, Roger A. Grimes
Next by Thread:  DHCP replies ?, Netops
Indexes:  [Date] [Thread] [Top] [All Lists]