Seamless encryption of shared files in workgroup

Posted on 2009-04-27
Last Modified: 2013-12-04
I have to build XP based computer system in a small law office whose employees handle sensitive files. The server is also an XP, and they work in a Workgroup.

What I would like to do is to enable some kind of encryption of MySQL database and shared folders on the server, as to secure files if server gets stolen. Also, the whole process should be as seamless as possible to the user.

I hope someone could help.
Question by:mrmut
    LVL 33

    Accepted Solution

    boot time encryption is your friend there - if you use truecrypt (or some similar solution) then the entire hard drive, operating system, files, databases and all, is encrypted at a very low level - this is not possible to bypass for an attacker who has your server)

    Similarly, because it is at a low level (below windows) mysql, file shares and so on work just as they did before you encrypted the hard drive - it is "Transparent" to the users, and indeed to anyone but an attacker who has a "cold" (shut down) server to try and boot up to obtain information - the password must be supplied at boot time, and if it is forgotten, then you will either need to use a recovery disk (which can be made at install time and should be stored very securely, preferably offsite and in a safe) or wipe the machine and start over.

    Author Comment

    This is great! Thank you!

    Could you please point me to some documentation dealing with implementation of TrueCrypt low level encryption?

    + Is there a possibility to take a hard drive from the server and to read the files on some other computer (say USB external enclosure) provided that I have the Recovery Disk? - I am asking is the server hardware fails, and I need to access data on other computer.
    LVL 33

    Assisted Solution

    by:Dave Howe
    documentation is on the truecrypt website - truecrypt is a free/open source product.

    and yes, you can mount the volumes on another machine if you know the passphrase for mounting - I am not sure if the recovery disk works in that scenario, but the password definitely does. IIRC also, you can mount the volume on another host, boot the recovery disk, then unencrypt the volume (even if it wouldn't be bootable on that host) <-- how it works/installation <-- what you can/can't do with a rescue disk

    if you feel nervous, why not try it on a workstation first, and see what the limits are? its not like there is a licensing fee :)


    Author Closing Comment

    Thanks a lot Dave! :-)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    This is a short article about OS X KeRanger, and what people can do to get rid of it.
    Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now