Solved

File security on a netword shared drive

Posted on 2006-06-22
9
581 Views
Last Modified: 2010-04-11
I am using a Ximeta net disk, which is an ethernet attached drive in a shared environment. The drive appears as a local drive letter on all the machines that use it. It contains sensitive data shared among three users.  I am concerned that if the drive gets stolen that someone could connect it via USB and have full access to the drive.  Is there a way to add a security setting in XP Pro that would render the drive useless to anyone who found it?

0
Comment
Question by:klichcfp
9 Comments
 
LVL 5

Accepted Solution

by:
kevinf40 earned 125 total points
ID: 16960204
EFS encryption should be able to do what you require.

it works with usb drives and you could add your users to the list of users who can access the data

are you in a workgroup environment? if so this document should help you set it up:

http://www.microsoft.com/technet/security/smallbusiness/prodtech/windowsxp/efsxppro.mspx

cheers

Kevin
0
 
LVL 32

Expert Comment

by:r-k
ID: 16964561
Be sure to read the section on Data Recovery before using EFS.

Another option often recommended here is Truecrypt: http://www.truecrypt.org/
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 16973817
Yes, TrueCrypt or another 3rd party is required. EFS only works on NTFS formatted media, a USB drive may support NTFS, but USB memory probably won't. USB devices can store the EFS keys, no problem, but not likely support EFS data. When EFS encrypted data is copied to non-ntfs media, it's unencrypted automatically, or it's attempted to be unencrypted if the keys are present.
-rich
0
 
LVL 5

Expert Comment

by:kevinf40
ID: 16976888
Rich - according to the documentation the netdisk comes formatted with ntfs by default.

If the drive were encrypted with EFS and then stolen, unless the thief also had access to the keys (which would enable them to encrypt the data whatever system was used) then they would not easily be able to un-encrypt the data - unless I've missed something in which case I apologise.

Third party apps will likely offer more features and flexibility so I'd agree it would be worth klichcfp evaluating more than one option.

cheers

Kevin
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 38

Expert Comment

by:Rich Rumble
ID: 16977398
I figured there were usb drives that allowed NTFS, good to know. They keys would be kept on the PC by default, unless exported. In order for the USB drive storing the EFS data to be used on a seperate pc, the keys would have to be supplied, as EFS is PKI based, not password based. TrueCrypt is password based, and usable on many platforms like Linux/Windows. You can achieve the same sort of result with compression software like 7zip, winZip, winrar etc... most support strong hash's like AES, BlowFish etc... and are password based.
-rich
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 17160860
I think truecrypt is a good choice for one user at a time. (Using it myself, dropped drivecrypt for it)

I'm not sure that you can mount a volume by these three users concurrently.

EFS and ntfs requires proper certificate management, change your passwort and your EFS access is void.

also see:

http://support.microsoft.com/?kbid=890951&SD=tech
http://seclists.org/lists/security-basics/2006/Jul/0133.html



Tolomir
0
 
LVL 5

Expert Comment

by:kevinf40
ID: 17164045
Tolomir - I'd say a split between the four respondants would probably be fair as we all added something
0
 

Author Comment

by:klichcfp
ID: 17167119
Sorry I did not intend to abandon thquestion, I got distracted by some other priorities.  Thanks for the good advice. I will investigate EFS. i am using Cryptainer for my backups as it is, but I dont think it will permit multiple simultaneous connections.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now