?
Solved

Force file encryption upon shutdown

Posted on 2003-03-24
7
Medium Priority
?
286 Views
Last Modified: 2013-12-04
The situation is that we have laptop PC's each with it's own local Oracle database. The application that modifies the data is not allowed to be changed. Anything internal to Oracle such as processes and tables, and even the names of physical database files are not allowed to be changed. The laptop is considered to be a Medical Device and the database contains sensitive medical data about people. We are concerned that a laptop could be stolen and that the medical information exposed.

The only solution I can think of is that we have some kind of automated script that the user must trigger just prior to shutting off the laptop. The script would 1)Shutdown the database, 2) create encrypted copies of the physical database files, and 3) delete the original physical database files.
When the laptop is started back up, the reverse process would need to take place: decrypt and start up database. So, I have two (2) questions ......

1) Is there a better way to accomplish my intended goal? If so, what.

2) Assuming I am required to implement my own proposed solution, what tools, 3rd party programs, techniques etc would you suggest?

Thanks,
Mike
0
Comment
Question by:mmoore
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 1600 total points
ID: 8199283
store the database files on an encrypted volume; EFS, E4M or DriveCrypt are all suitable candidates, particuarly Drivecrypt as its Pluspack (http://pages.infinit.net/belier/) would allow you to encrypt the entire hard drive (OS and all) for which a password would then need to be supplied at bootup.
E4M is the only one of the above whose source can be reviewed though.
0
 
LVL 4

Expert Comment

by:Ghost_Hacker
ID: 8199487
I wouldn't use EFS, since you would only need to "hack" the user or admin account to get access. On a stand alone system this would be very easy to do. (unless you exported and imported the keys during shutdown/startup and the user removed the storage media for safekeeping. Not very managable IMHO.)


Frankly, I have no experince working with HIPA, so can't offer any good suggestions.
0
 
LVL 3

Author Comment

by:mmoore
ID: 8203606
Dave was in first so he gets the points, but thanks for your input Ghost Hacker ... definately something to consider. I only learned about EFS shortly after posting the question. I have done some experimentation with mixed results. In one failed case, user A encrypts a file but user B can still view it. I don't have good documentation on EFS so I am not sure under what conditions a user is denyed access and what condition a user is allowed. Ghost Hacker's comment would make me suspect that anybody with Administrator privilege is allowed. Hopefully I can find some clear documentation on the subject.

I am wondering if DriveCrypt can encrypt the drive after everything is installed. Guess I will find out when I check out the web site.

Additional comments are very welcome.
Thanks,
Mike
0
Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

 
LVL 4

Expert Comment

by:Ghost_Hacker
ID: 8204992
Well,when you encrypt a file with EFS. Windows uses 2 types of keys to do it, the first type of key is symmetric(called a FEK) and is used to encrypt/decrypt the file, the second type is asymmetric (called either a DDF for the user or a DRF for recovery agents) and is used to encrypt/decrypt the first key.

On a standalone computer the local admin is by default the recovery agent. So when a user uses EFS his "key" AND the admin's is used to encrypt the FEK which is itself used to encrypt the file. In other words anyone who can decrypt the FEK can also decrypt the file. This is by design and can't be disabled without disabling EFS itself.


The private/public keys used in the DRF/DDF process are stored in the profiles of all concerned (you can use delegation for remote access , but a second set of "keys" would still need to be stored on the remote computer). So the key, on a standalone system, must be stored in the local profile before you can get access to an EFS encrypted file. Anyone who can "hack" the account will therefore have access to that user's profile and access to his "key". (unless you have exported and DELETED the key before hand.)


Here are some links for more info:


http://www.microsoft.com/windows2000/techinfo/howitworks/security/encrypt.asp

http://www.microsoft.com/windows2000/techinfo/planning/security/efssteps.asp

http://www.labmice.net/Windows2000/FileMgmt/EFS.htm


Hope this helps :)

 
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 8206804
Ghost_Hacker:
I could be wrong, but I thought the asymmetric key was encrypted separately with the owner's key - so you would need to break the password, not just replace it. Of course, *any* closed source crypto is suspect, which is therefore true of Drivecrypt too.....
0
 
LVL 4

Expert Comment

by:Ghost_Hacker
ID: 8207976
The master key ,which is used to encrypt the user's private key, is itself encrypted using some of the user's information including the password. But there is a second backup encryption  that protects againest account password changes which the Protected Storage service can't "see". It uses this second encrpytion to rebuild the first when a password changes.


As long as only the password changes the key would still work. So I only need to "blank out" the admin password to gain access.

However, none of this really matters because if I have access to the sam I can then  take my time cracking the sam for the real password to the owner's account.
0
 
LVL 4

Expert Comment

by:Ghost_Hacker
ID: 8207999
The only thing I'm not sure of is what it uses to creat the "backup" protect file on a standalone computer.

In a domain it uses info from a domain controller.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses
Course of the Month7 days, 20 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question