Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Force file encryption upon shutdown

Posted on 2003-03-24
Medium Priority
Last Modified: 2013-12-04
The situation is that we have laptop PC's each with it's own local Oracle database. The application that modifies the data is not allowed to be changed. Anything internal to Oracle such as processes and tables, and even the names of physical database files are not allowed to be changed. The laptop is considered to be a Medical Device and the database contains sensitive medical data about people. We are concerned that a laptop could be stolen and that the medical information exposed.

The only solution I can think of is that we have some kind of automated script that the user must trigger just prior to shutting off the laptop. The script would 1)Shutdown the database, 2) create encrypted copies of the physical database files, and 3) delete the original physical database files.
When the laptop is started back up, the reverse process would need to take place: decrypt and start up database. So, I have two (2) questions ......

1) Is there a better way to accomplish my intended goal? If so, what.

2) Assuming I am required to implement my own proposed solution, what tools, 3rd party programs, techniques etc would you suggest?

Question by:mmoore
  • 4
  • 2
LVL 33

Accepted Solution

Dave Howe earned 1600 total points
ID: 8199283
store the database files on an encrypted volume; EFS, E4M or DriveCrypt are all suitable candidates, particuarly Drivecrypt as its Pluspack (http://pages.infinit.net/belier/) would allow you to encrypt the entire hard drive (OS and all) for which a password would then need to be supplied at bootup.
E4M is the only one of the above whose source can be reviewed though.

Expert Comment

ID: 8199487
I wouldn't use EFS, since you would only need to "hack" the user or admin account to get access. On a stand alone system this would be very easy to do. (unless you exported and imported the keys during shutdown/startup and the user removed the storage media for safekeeping. Not very managable IMHO.)

Frankly, I have no experince working with HIPA, so can't offer any good suggestions.

Author Comment

ID: 8203606
Dave was in first so he gets the points, but thanks for your input Ghost Hacker ... definately something to consider. I only learned about EFS shortly after posting the question. I have done some experimentation with mixed results. In one failed case, user A encrypts a file but user B can still view it. I don't have good documentation on EFS so I am not sure under what conditions a user is denyed access and what condition a user is allowed. Ghost Hacker's comment would make me suspect that anybody with Administrator privilege is allowed. Hopefully I can find some clear documentation on the subject.

I am wondering if DriveCrypt can encrypt the drive after everything is installed. Guess I will find out when I check out the web site.

Additional comments are very welcome.
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!


Expert Comment

ID: 8204992
Well,when you encrypt a file with EFS. Windows uses 2 types of keys to do it, the first type of key is symmetric(called a FEK) and is used to encrypt/decrypt the file, the second type is asymmetric (called either a DDF for the user or a DRF for recovery agents) and is used to encrypt/decrypt the first key.

On a standalone computer the local admin is by default the recovery agent. So when a user uses EFS his "key" AND the admin's is used to encrypt the FEK which is itself used to encrypt the file. In other words anyone who can decrypt the FEK can also decrypt the file. This is by design and can't be disabled without disabling EFS itself.

The private/public keys used in the DRF/DDF process are stored in the profiles of all concerned (you can use delegation for remote access , but a second set of "keys" would still need to be stored on the remote computer). So the key, on a standalone system, must be stored in the local profile before you can get access to an EFS encrypted file. Anyone who can "hack" the account will therefore have access to that user's profile and access to his "key". (unless you have exported and DELETED the key before hand.)

Here are some links for more info:




Hope this helps :)

LVL 33

Expert Comment

by:Dave Howe
ID: 8206804
I could be wrong, but I thought the asymmetric key was encrypted separately with the owner's key - so you would need to break the password, not just replace it. Of course, *any* closed source crypto is suspect, which is therefore true of Drivecrypt too.....

Expert Comment

ID: 8207976
The master key ,which is used to encrypt the user's private key, is itself encrypted using some of the user's information including the password. But there is a second backup encryption  that protects againest account password changes which the Protected Storage service can't "see". It uses this second encrpytion to rebuild the first when a password changes.

As long as only the password changes the key would still work. So I only need to "blank out" the admin password to gain access.

However, none of this really matters because if I have access to the sam I can then  take my time cracking the sam for the real password to the owner's account.

Expert Comment

ID: 8207999
The only thing I'm not sure of is what it uses to creat the "backup" protect file on a standalone computer.

In a domain it uses info from a domain controller.

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses
Course of the Month10 days, 18 hours left to enroll

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question