Solved

Some Defficult questions with 500 points

Posted on 2004-09-07
6
263 Views
Last Modified: 2013-12-04
Q1.When I run a Trojan hourse on my XP pro that formatted with NTFS and some hacker want to view my encrypted documents , can he do ? can he copy any file ?

Q2.If the hacker log in my machine from Internet , which Account will he use ? Can he success to grant him self Administrative rights ?

Q3.If my laptop was stolen and I have some encrypted documents and the password were very strong , can any body read my docs ? (NTFS 5.0 and EFS) ? what will occure if HD stolen ?


thanks experts !!
0
Comment
Question by:nader alkahtani
6 Comments
 
LVL 15

Expert Comment

by:mattisflones
Comment Utility
1: Yes if he cracks your encryption. To get into the filesystem is simple...
2: Whatever account he can get ahold of.. Generally youre quite safe if you have only the nessecary accounts on your system, and use passwords witch is "secure" Ie: A993bQf!rBz or something...
3:Yes, not anybody.. but if someone would spend time on it they could...
In most cases where Laptops are stolen its just sold on and reformatted.. Thus the chance of stuff getting into wrong hands is small.. Thats if the thief was not after something that he knew you had and he wanted..
0
 
LVL 5

Assisted Solution

by:webtrans
webtrans earned 100 total points
Comment Utility
Q1.When I run a Trojan hourse on my XP pro that formatted with NTFS and some hacker want to view my encrypted documents , can he do ? can he copy any file ?

when u run a torjan horse on ur pc the hacker is the same as urself
he will use the machine the same way u do
beside even if u have password protected documents he can log ur keystrokes and know ur passwords

Q2.If the hacker log in my machine from Internet , which Account will he use ? Can he success to grant him self Administrative rights ?

when the hacker logs in to ur machine from the internet
he will be running under ur account most probably or a priviliged account
it all depends on which method he did use to breakin, wether it is by trojan or some exploit

Q3.If my laptop was stolen and I have some encrypted documents and the password were very strong , can any body read my docs ? (NTFS 5.0 and EFS) ? what will occure if HD stolen ?

mainly if u have a lap top
i guess u need a document hiding and encrypting program above ur document encryptian and efs
so for ur laptop to be very highly inappropriate to spend time cracking it
1-setup a bios power on password that is different from the setup pawword
2-make a encrypted filesystem
3-use a encrypted document stucture (like PW protect ur files)
4-use a document hiding and encryption file that needs a passord to run

in my opinion that would make it very hard to crack ur notebook that it wouldn't be worth all the triouble
0
 
LVL 1

Assisted Solution

by:jonathan6587
jonathan6587 earned 100 total points
Comment Utility
Q1.When I run a Trojan hourse on my XP pro that formatted with NTFS and some hacker want to view my encrypted documents , can he do ? can he copy any file ?

Depends on how the trojan is started.  If, for example, the trojan starts after a successful login - the trojan will probably run with the privileges of the user logging on.  However, if the trojan is started at startup (without a user logging in - like services) then the trojan will most likely run with system privileges (which have more rights than a normal Administrator on a stand alone machine), in which case NTFS and Microsofts EFS is useless.  

Q2.If the hacker log in my machine from Internet , which Account will he use ? Can he success to grant him self Administrative rights ?

Again depends what you mean by "log in."  Generally, you can only log into a machine if you know a valid username and password and you have access through the firewall to the port allowing a remote login (ie. 445 ).  If, however, the "hacker" uses a remote buffer overflow then normally the "hacker" will have system level privileges.  If that is the case, then yes the "hacker" will be able to do anything they want.  It is actually a trivial process to obtain Administrator privileges once you have system level privileges.

Q3.If my laptop was stolen and I have some encrypted documents and the password were very strong , can any body read my docs ? (NTFS 5.0 and EFS) ? what will occure if HD stolen ?

Again depends.  What are the documents encrypted with?  If you are using Microsoft EFS - passwords would be useless. NTFS is irrelevent.  Anyone with enought knowledge could read your files - They would simply reset your administrator password.  Then log into the computer as Administrator - where EFS and NTFS would be useless.   Setting a BIOS password would only delay the inevitable there are ways around that - for example, take the Hard-drive and put it into another computer without a BIOS password then reset the Administrator password.

To Reset the password on file that you have local access to check out this link:
http://home.eunet.no/~pnordahl/ntpasswd/

Buy or download a free 3rd party encryption application that doesn't depend on Window's user accounts.  

-Cheers

Jonathan
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 
LVL 1

Expert Comment

by:jonathan6587
Comment Utility
By the way.  

I am assuming we are talking about a stand-alone machine.  Things are quite different in a distributed computing environment (ie. Domain).  

Jonathan
0
 
LVL 5

Accepted Solution

by:
burningmace earned 300 total points
Comment Utility
You can install ZoneAlarm Pro and Kaspersky Anti-virus to help prevent attacks such as these. Make sure you install all the latest Windows Updates from Microsoft.

If you're really paranoid, check out Advanced File Encryptor (AFE) or ABI Coder. If you recursively encrypt files with a really good password, a hacker's cracking software will take possibly 5000 years to crack the password. When I say a "really good password", I mean like a58âdf:d1*$ßã. You can type wierd characters by holding Alt and typing numbers on your keypad, then letting go of Alt. These numbers should be 4 digits long, starting with a 0. For example: Alt-0223 is ß. My password is over 30 characters long, random alphanumeric with other characters like ~ and á. If you don't have too good a memory, make a password like this:

1) Take a word/part-word like your current password. It's better mis-spelled or if you switch letters for numbers (like E becomes 3 and I becomes 1). Non-english words are good too.
2) Put your phone number on the end.
3) Get your date-of-birth in the format of DDMMYY or MMDDYY etc (make it 6 nums long), and split it up so you have 2 x 3 numbers. Use these as Alt Characters.
4) Choose a random number like your credit-card pin or alarm code.
5) Stick them together in any random order.

For example, for me it could be 1988w1b8le9171234–Ü or 5551234ݼfir3kil7429

There are many other ways of making passwords, and many encryption programs out there. A few support "This Computer Only" encryption, which takes a load of "non-changeable data" from your computer such as the BIOS version, computer name and OS install date, then uses it to encrypt the file. This means that even if the data is stolen, it's a bugger to crack the encryption.

The best  encryption programs support the following:
1) Salting (Embedding the password in a huge amount of jargon and encrypting it. Don't use an encryption program that doesn't use salting)
2) Recursive Encryption (Encrpyting the data over and over again, ie encrypting the encrypted data)
3) This Computer Only encryption (Explained above)
4) Multiple Algorithms (Encrypt the data with one encryption algorithm, then another)
5) MD5/CRC Check (A "hash" of the file is kept to stop somebody tampering with the file)
6) Compression (A lot of encryption methods can increase the size of the file, some programs compress the data to recuce the amount of space taken up. Also, whilst compressed, the file is much harder to decrypt)
7) Tried and Tested algorithms (Encryption Algorithms that the program uses should be tested thoroughly. CryptoDES, TripleDES, Blowfish, Twofish, AES and DES are some examples of common powerful algorithms)

Here's an article on encryption, advising you on what (not) to use, and how stuff works:
http://www.abisoft.net/documents/HowSafeSecuritySoftware.pdf

Hope this has been useful.
0
 
LVL 1

Expert Comment

by:jonathan6587
Comment Utility
>> To Reset the password on file that you have local access to check out this link:

What I meant to say:

To Reset the password on a computer (running W2K or XP) assuming you have local access to the machine check out this link:
http://home.eunet.no/~pnordahl/ntpasswd/

Jonathan

0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now