Solved

File security on a netword shared drive

Posted on 2006-06-22
9
580 Views
Last Modified: 2010-04-11
I am using a Ximeta net disk, which is an ethernet attached drive in a shared environment. The drive appears as a local drive letter on all the machines that use it. It contains sensitive data shared among three users.  I am concerned that if the drive gets stolen that someone could connect it via USB and have full access to the drive.  Is there a way to add a security setting in XP Pro that would render the drive useless to anyone who found it?

0
Comment
Question by:klichcfp
9 Comments
 
LVL 5

Accepted Solution

by:
kevinf40 earned 125 total points
ID: 16960204
EFS encryption should be able to do what you require.

it works with usb drives and you could add your users to the list of users who can access the data

are you in a workgroup environment? if so this document should help you set it up:

http://www.microsoft.com/technet/security/smallbusiness/prodtech/windowsxp/efsxppro.mspx

cheers

Kevin
0
 
LVL 32

Expert Comment

by:r-k
ID: 16964561
Be sure to read the section on Data Recovery before using EFS.

Another option often recommended here is Truecrypt: http://www.truecrypt.org/
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 16973817
Yes, TrueCrypt or another 3rd party is required. EFS only works on NTFS formatted media, a USB drive may support NTFS, but USB memory probably won't. USB devices can store the EFS keys, no problem, but not likely support EFS data. When EFS encrypted data is copied to non-ntfs media, it's unencrypted automatically, or it's attempted to be unencrypted if the keys are present.
-rich
0
 
LVL 5

Expert Comment

by:kevinf40
ID: 16976888
Rich - according to the documentation the netdisk comes formatted with ntfs by default.

If the drive were encrypted with EFS and then stolen, unless the thief also had access to the keys (which would enable them to encrypt the data whatever system was used) then they would not easily be able to un-encrypt the data - unless I've missed something in which case I apologise.

Third party apps will likely offer more features and flexibility so I'd agree it would be worth klichcfp evaluating more than one option.

cheers

Kevin
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 38

Expert Comment

by:Rich Rumble
ID: 16977398
I figured there were usb drives that allowed NTFS, good to know. They keys would be kept on the PC by default, unless exported. In order for the USB drive storing the EFS data to be used on a seperate pc, the keys would have to be supplied, as EFS is PKI based, not password based. TrueCrypt is password based, and usable on many platforms like Linux/Windows. You can achieve the same sort of result with compression software like 7zip, winZip, winrar etc... most support strong hash's like AES, BlowFish etc... and are password based.
-rich
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 17160860
I think truecrypt is a good choice for one user at a time. (Using it myself, dropped drivecrypt for it)

I'm not sure that you can mount a volume by these three users concurrently.

EFS and ntfs requires proper certificate management, change your passwort and your EFS access is void.

also see:

http://support.microsoft.com/?kbid=890951&SD=tech
http://seclists.org/lists/security-basics/2006/Jul/0133.html



Tolomir
0
 
LVL 5

Expert Comment

by:kevinf40
ID: 17164045
Tolomir - I'd say a split between the four respondants would probably be fair as we all added something
0
 

Author Comment

by:klichcfp
ID: 17167119
Sorry I did not intend to abandon thquestion, I got distracted by some other priorities.  Thanks for the good advice. I will investigate EFS. i am using Cryptainer for my backups as it is, but I dont think it will permit multiple simultaneous connections.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now