File security on a netword shared drive

I am using a Ximeta net disk, which is an ethernet attached drive in a shared environment. The drive appears as a local drive letter on all the machines that use it. It contains sensitive data shared among three users.  I am concerned that if the drive gets stolen that someone could connect it via USB and have full access to the drive.  Is there a way to add a security setting in XP Pro that would render the drive useless to anyone who found it?

klichcfpAsked:
Who is Participating?
 
kevinf40Commented:
EFS encryption should be able to do what you require.

it works with usb drives and you could add your users to the list of users who can access the data

are you in a workgroup environment? if so this document should help you set it up:

http://www.microsoft.com/technet/security/smallbusiness/prodtech/windowsxp/efsxppro.mspx

cheers

Kevin
0
 
r-kCommented:
Be sure to read the section on Data Recovery before using EFS.

Another option often recommended here is Truecrypt: http://www.truecrypt.org/
0
 
Rich RumbleSecurity SamuraiCommented:
Yes, TrueCrypt or another 3rd party is required. EFS only works on NTFS formatted media, a USB drive may support NTFS, but USB memory probably won't. USB devices can store the EFS keys, no problem, but not likely support EFS data. When EFS encrypted data is copied to non-ntfs media, it's unencrypted automatically, or it's attempted to be unencrypted if the keys are present.
-rich
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
kevinf40Commented:
Rich - according to the documentation the netdisk comes formatted with ntfs by default.

If the drive were encrypted with EFS and then stolen, unless the thief also had access to the keys (which would enable them to encrypt the data whatever system was used) then they would not easily be able to un-encrypt the data - unless I've missed something in which case I apologise.

Third party apps will likely offer more features and flexibility so I'd agree it would be worth klichcfp evaluating more than one option.

cheers

Kevin
0
 
Rich RumbleSecurity SamuraiCommented:
I figured there were usb drives that allowed NTFS, good to know. They keys would be kept on the PC by default, unless exported. In order for the USB drive storing the EFS data to be used on a seperate pc, the keys would have to be supplied, as EFS is PKI based, not password based. TrueCrypt is password based, and usable on many platforms like Linux/Windows. You can achieve the same sort of result with compression software like 7zip, winZip, winrar etc... most support strong hash's like AES, BlowFish etc... and are password based.
-rich
0
 
TolomirAdministratorCommented:
I think truecrypt is a good choice for one user at a time. (Using it myself, dropped drivecrypt for it)

I'm not sure that you can mount a volume by these three users concurrently.

EFS and ntfs requires proper certificate management, change your passwort and your EFS access is void.

also see:

http://support.microsoft.com/?kbid=890951&SD=tech
http://seclists.org/lists/security-basics/2006/Jul/0133.html



Tolomir
0
 
kevinf40Commented:
Tolomir - I'd say a split between the four respondants would probably be fair as we all added something
0
 
klichcfpAuthor Commented:
Sorry I did not intend to abandon thquestion, I got distracted by some other priorities.  Thanks for the good advice. I will investigate EFS. i am using Cryptainer for my backups as it is, but I dont think it will permit multiple simultaneous connections.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.