XP Synchronization File Security
How secure are files that are synchronized from a 2003 domain server to a notebook computer? I have a banking client that requires this feature but wants to be assured that it meets FDIC guidelines for data security. We've used data encryption in the past, but there is always the chance that files get "unsynchronized" when stored in two locations. If XP synchronization is not the recommended solution, what is?
Thanks...
Thanks...
ASKER
They have vpn access but want to have access without connecting to the vpn. As for the specs, it should follow the guidelines pursuant to section 39 of the Federal Deposit Insurance Act (section 30, codified at 12 U.S.C. 1831p1), and sections 501 and 505(B), codified at 15 U.S.C. 6801 and 6805(B) of the Gramm-Leach Bliley Act (GLBA). But really, all I want to know is whether or not synchronization provides a secure method of keeping files available while out of the office. For instance--a worse case--the notebook gets stolen by professionals who cannot crack the login but can take the hard drive out, put in another system, etc...
If you have phisical access to the machine, you can do anything. Including cracking the user's password.
There are many utilities out there that allows you to reset or make a dictionary attack over an account. I've used some very good linux-based ones on computers my users have forgotten the admin password...
You may try encripting the offline files and folders directory. It will force them to crack the password... not only to take ownership of the hard disk. And probably, they will notice encription only after resetting the password... who leaves the files unusable.
Luck,
There are many utilities out there that allows you to reset or make a dictionary attack over an account. I've used some very good linux-based ones on computers my users have forgotten the admin password...
You may try encripting the offline files and folders directory. It will force them to crack the password... not only to take ownership of the hard disk. And probably, they will notice encription only after resetting the password... who leaves the files unusable.
Luck,
ASKER
So if the password used is "complex" which cannot be cracked, then are the sync'd files inaccessible? That is my question. I know synchronization does not encrypt the files. But if the files cannot be accessed without breaking the password, I will be satisified with synchronization.
These are the answers I'm looking for:
Is the data safe if the user or admin password cannot be cracked? I thought complex passwords were considered safe from password crackers?
If the data is unsafe in other ways, what methods would be used to get to the data? I know about keystroke recorders and such, so I don't need info on those.
Thanks!
These are the answers I'm looking for:
Is the data safe if the user or admin password cannot be cracked? I thought complex passwords were considered safe from password crackers?
If the data is unsafe in other ways, what methods would be used to get to the data? I know about keystroke recorders and such, so I don't need info on those.
Thanks!
ASKER
I'm still waiting for another comment on this question.
To restate the question: Are synchronized files safe on notebook computers if the notebook belongs to a domain that enforces complex passwords? I have a banking client that uses XP synchronization for offiline access. They want to be assured that files are "safe" even if the computer gets stolen.
Thanks...
To restate the question: Are synchronized files safe on notebook computers if the notebook belongs to a domain that enforces complex passwords? I have a banking client that uses XP synchronization for offiline access. They want to be assured that files are "safe" even if the computer gets stolen.
Thanks...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As always any data that is sensitive, should only be accessing through a VPN.
/TT