• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 206
  • Last Modified:

XP Synchronization File Security

How secure are files that are synchronized from a 2003 domain server to a notebook computer?  I have a banking client that requires this feature but wants to be assured that it meets FDIC guidelines for data security.  We've used data encryption in the past, but there is always the chance that files get "unsynchronized" when stored in two locations.  If XP synchronization is not the recommended solution, what is?

Thanks...
0
sfjcpu
Asked:
sfjcpu
  • 3
  • 2
1 Solution
 
tonyteriCommented:
First we would need to see what the specs are to see if they are being met.

As always any data that is sensitive, should only be accessing through a VPN.

/TT
0
 
sfjcpuAuthor Commented:
They have vpn access but want to have access without connecting to the vpn.  As for the specs, it should follow the guidelines pursuant to section 39 of the Federal Deposit Insurance Act (section 30, codified at 12 U.S.C. 1831p1), and sections 501 and 505(B), codified at 15 U.S.C. 6801 and 6805(B) of the Gramm-Leach Bliley Act (GLBA).  But really, all I want to know is whether or not synchronization provides a secure method of keeping files available while out of the office.  For instance--a worse case--the notebook gets stolen by professionals who cannot crack the login but can take the hard drive out, put in another system, etc...
0
 
SoyYopCommented:
If you have phisical access to the machine, you can do anything. Including cracking the user's password.

There are many utilities out there that allows you to reset or make a dictionary attack over an account. I've used some very good linux-based ones on computers my users have  forgotten the admin password...

You may try encripting the offline files and folders directory. It will force them to crack the password... not only to take ownership of the hard disk. And probably, they will notice encription only after resetting the password... who leaves the files unusable.

Luck,
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
sfjcpuAuthor Commented:
So if the password used is "complex" which cannot be cracked, then are the sync'd files inaccessible?  That is my question.  I know synchronization does not encrypt the files.  But if the files cannot be accessed without breaking the password, I will be satisified with synchronization.  

These are the answers I'm looking for:

Is the data safe if the user or admin password cannot be cracked?  I thought complex passwords were considered safe from password crackers?

If the data is unsafe in other ways, what methods would be used to get to the data?  I know about keystroke recorders and such, so I don't need info on those.

Thanks!

0
 
sfjcpuAuthor Commented:
I'm still waiting for another comment on this question.  

To restate the question:  Are synchronized files safe on notebook computers if the notebook belongs to a domain that enforces complex passwords?  I have a banking client that uses XP synchronization for offiline access.  They want to be assured that files are "safe" even if the computer gets stolen.

Thanks...  
0
 
SoyYopCommented:
Actually, it is possible to encript the offline files and folders data.

Each PC holds only one "file and folders" location (it means, all offline files are stored there, but only available to the right user), so you only must do it once per laptop, as administrator (Your user is probably the only user of the laptop, anyway).

Go to "Tools/Folder options/Offline Files", and enable "Encript offline files to secure data".

This way, sync files will be safe.

Give a look to:

http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdc_mcc_lvvu.asp

In the same document is information on how to apply this setting by Group Policy.

Hope this helps,
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now