Seamless encryption of shared files in workgroup

Posted on 2009-04-27
Medium Priority
Last Modified: 2013-12-04
I have to build XP based computer system in a small law office whose employees handle sensitive files. The server is also an XP, and they work in a Workgroup.

What I would like to do is to enable some kind of encryption of MySQL database and shared folders on the server, as to secure files if server gets stolen. Also, the whole process should be as seamless as possible to the user.

I hope someone could help.
Question by:mrmut
  • 2
  • 2
LVL 33

Accepted Solution

Dave Howe earned 2000 total points
ID: 24241871
boot time encryption is your friend there - if you use truecrypt (or some similar solution) then the entire hard drive, operating system, files, databases and all, is encrypted at a very low level - this is not possible to bypass for an attacker who has your server)

Similarly, because it is at a low level (below windows) mysql, file shares and so on work just as they did before you encrypted the hard drive - it is "Transparent" to the users, and indeed to anyone but an attacker who has a "cold" (shut down) server to try and boot up to obtain information - the password must be supplied at boot time, and if it is forgotten, then you will either need to use a recovery disk (which can be made at install time and should be stored very securely, preferably offsite and in a safe) or wipe the machine and start over.

Author Comment

ID: 24242055
This is great! Thank you!

Could you please point me to some documentation dealing with implementation of TrueCrypt low level encryption?

+ Is there a possibility to take a hard drive from the server and to read the files on some other computer (say USB external enclosure) provided that I have the Recovery Disk? - I am asking is the server hardware fails, and I need to access data on other computer.
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 2000 total points
ID: 24242436
documentation is on the truecrypt website - truecrypt is a free/open source product.

and yes, you can mount the volumes on another machine if you know the passphrase for mounting - I am not sure if the recovery disk works in that scenario, but the password definitely does. IIRC also, you can mount the volume on another host, boot the recovery disk, then unencrypt the volume (even if it wouldn't be bootable on that host)

http://www.truecrypt.org/docs/?s=system-encryption <-- how it works/installation
http://www.truecrypt.org/docs/?s=rescue-disk <-- what you can/can't do with a rescue disk

if you feel nervous, why not try it on a workstation first, and see what the limits are? its not like there is a licensing fee :)


Author Closing Comment

ID: 31574856
Thanks a lot Dave! :-)

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses
Course of the Month14 days, 22 hours left to enroll

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question