XP Synchronization File Security

Posted on 2005-04-20
Last Modified: 2010-04-11
How secure are files that are synchronized from a 2003 domain server to a notebook computer?  I have a banking client that requires this feature but wants to be assured that it meets FDIC guidelines for data security.  We've used data encryption in the past, but there is always the chance that files get "unsynchronized" when stored in two locations.  If XP synchronization is not the recommended solution, what is?

Question by:sfjcpu
    LVL 7

    Expert Comment

    First we would need to see what the specs are to see if they are being met.

    As always any data that is sensitive, should only be accessing through a VPN.


    Author Comment

    They have vpn access but want to have access without connecting to the vpn.  As for the specs, it should follow the guidelines pursuant to section 39 of the Federal Deposit Insurance Act (section 30, codified at 12 U.S.C. 1831p1), and sections 501 and 505(B), codified at 15 U.S.C. 6801 and 6805(B) of the Gramm-Leach Bliley Act (GLBA).  But really, all I want to know is whether or not synchronization provides a secure method of keeping files available while out of the office.  For instance--a worse case--the notebook gets stolen by professionals who cannot crack the login but can take the hard drive out, put in another system, etc...
    LVL 7

    Expert Comment

    If you have phisical access to the machine, you can do anything. Including cracking the user's password.

    There are many utilities out there that allows you to reset or make a dictionary attack over an account. I've used some very good linux-based ones on computers my users have  forgotten the admin password...

    You may try encripting the offline files and folders directory. It will force them to crack the password... not only to take ownership of the hard disk. And probably, they will notice encription only after resetting the password... who leaves the files unusable.


    Author Comment

    So if the password used is "complex" which cannot be cracked, then are the sync'd files inaccessible?  That is my question.  I know synchronization does not encrypt the files.  But if the files cannot be accessed without breaking the password, I will be satisified with synchronization.  

    These are the answers I'm looking for:

    Is the data safe if the user or admin password cannot be cracked?  I thought complex passwords were considered safe from password crackers?

    If the data is unsafe in other ways, what methods would be used to get to the data?  I know about keystroke recorders and such, so I don't need info on those.



    Author Comment

    I'm still waiting for another comment on this question.  

    To restate the question:  Are synchronized files safe on notebook computers if the notebook belongs to a domain that enforces complex passwords?  I have a banking client that uses XP synchronization for offiline access.  They want to be assured that files are "safe" even if the computer gets stolen.

    LVL 7

    Accepted Solution

    Actually, it is possible to encript the offline files and folders data.

    Each PC holds only one "file and folders" location (it means, all offline files are stored there, but only available to the right user), so you only must do it once per laptop, as administrator (Your user is probably the only user of the laptop, anyway).

    Go to "Tools/Folder options/Offline Files", and enable "Encript offline files to secure data".

    This way, sync files will be safe.

    Give a look to:

    In the same document is information on how to apply this setting by Group Policy.

    Hope this helps,

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now