netcomp
asked on
Can encrypted data be accessed if connected as slave drive.
I already know that If you connect a hard drive as slave drive in another comptuer you can gain access to all the data regardless of not have windows user account info.
Now, What if a folder in encrypted in XP ? Would anyone be able to remove the hard drive from that computer and connect to another computer and gain access to any encrypted folder that. We are not using any third party tools, just windows XP encryption.(EFS)
It seems like Vista does not have this problem since it encrypt the entire drive and can use hardware encryption.
Now, What if a folder in encrypted in XP ? Would anyone be able to remove the hard drive from that computer and connect to another computer and gain access to any encrypted folder that. We are not using any third party tools, just windows XP encryption.(EFS)
It seems like Vista does not have this problem since it encrypt the entire drive and can use hardware encryption.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Paranormastic:
I guess it depends on who is doing the preferring. Personally, I use truecrypt volumes, 7-Zip archives, and php/smime - but that's because *I* like to control what *I* am doing with *my* data.
However, in a corporate environment, often the business wants to control that - which means centralized, AD based control with a recovery agent defined; there are other solutions, but none which integrate as well into windows (and again, corporate means windows almost exclusively these days, despite the superior alternatives). There are other solutions - for example, securewave sanctuary's ability to force-encrypt removable devices such as usb drives so the data on them is unreadable except when connected to a corporate laptop or desktop - but none which have the advantages of coming "free" with windows, performing OTF encryption/decryption transparently to the user while appearing as normal files in the file structure, and allowing transfer to and from windows servers (and backup tapes) without losing their encrypted status.
I guess it depends on who is doing the preferring. Personally, I use truecrypt volumes, 7-Zip archives, and php/smime - but that's because *I* like to control what *I* am doing with *my* data.
However, in a corporate environment, often the business wants to control that - which means centralized, AD based control with a recovery agent defined; there are other solutions, but none which integrate as well into windows (and again, corporate means windows almost exclusively these days, despite the superior alternatives). There are other solutions - for example, securewave sanctuary's ability to force-encrypt removable devices such as usb drives so the data on them is unreadable except when connected to a corporate laptop or desktop - but none which have the advantages of coming "free" with windows, performing OTF encryption/decryption transparently to the user while appearing as normal files in the file structure, and allowing transfer to and from windows servers (and backup tapes) without losing their encrypted status.
Agreed with home product selection...
For a corporate solution I really like securezip for cert based encryption/signing of zip files - its pretty slick and enterprise ready. Nothing else quite measured up.
>> securewave sanctuary's ability to force-encrypt removable devices
This product is new to me... part of the fun of hanging around here. However, I see a big caveat of what is preventing the user from just formatting it on their home system and then using it at home and at work? Or "loosing" it and getting reissued a 2nd one (unless company charges full retail for replacements) if there is some kind of setting for it to only read encrypted disks? hopefully it isn't using a common keyset across the enterprise, I would presume they have their own rudimentary CA and hopefully can interoperate with a proper internal CA.
"Enterprise ready" is the tool of the devil. Products must be released to cover a need, even if there are the occasional annoyance or vulnerability - such is the way of life. Heck, even the MS Enterprise CA itself, comprising 90-something percent of the CA market for the last 5-10 years has its holes. 2003 took over the CA world, but even Win2k CA which was obvious in its lacking of features, so was only somewhat used but still managed to dig hard into entrust, baltimore, keon, etc. which are infinitely more complex than MS CA, but also more secure as their security officer roles were not the enterprise admins. You get very nice autoenrollment functionality and such at the cost of having no control over your own environment in very large companies that can actually manage to have a specialized PKI team. Sorry, getting a little off topic here...
For a corporate solution I really like securezip for cert based encryption/signing of zip files - its pretty slick and enterprise ready. Nothing else quite measured up.
>> securewave sanctuary's ability to force-encrypt removable devices
This product is new to me... part of the fun of hanging around here. However, I see a big caveat of what is preventing the user from just formatting it on their home system and then using it at home and at work? Or "loosing" it and getting reissued a 2nd one (unless company charges full retail for replacements) if there is some kind of setting for it to only read encrypted disks? hopefully it isn't using a common keyset across the enterprise, I would presume they have their own rudimentary CA and hopefully can interoperate with a proper internal CA.
"Enterprise ready" is the tool of the devil. Products must be released to cover a need, even if there are the occasional annoyance or vulnerability - such is the way of life. Heck, even the MS Enterprise CA itself, comprising 90-something percent of the CA market for the last 5-10 years has its holes. 2003 took over the CA world, but even Win2k CA which was obvious in its lacking of features, so was only somewhat used but still managed to dig hard into entrust, baltimore, keon, etc. which are infinitely more complex than MS CA, but also more secure as their security officer roles were not the enterprise admins. You get very nice autoenrollment functionality and such at the cost of having no control over your own environment in very large companies that can actually manage to have a specialized PKI team. Sorry, getting a little off topic here...
no, quite the opposite - any removable media inserted into a corporate machine is fine up to the point you try to write to it - at which point, it is encrypted, and can no longer be accessed other than from a machine with the securewave software on it (or certain device types just won't be permitted - so if you connect up, say, an ipod, it may give you read only access or refuse to recognise it)
securewave messes with the drivers installed, and either installs itself as a lower filter or replaces the drivers with its own "wrapper" driver, whichever is easier for it.
securewave messes with the drivers installed, and either installs itself as a lower filter or replaces the drivers with its own "wrapper" driver, whichever is easier for it.
Interesting, I'll have to look at it more. I think I would like it better if there were some (at least optional) method for inventory control - i.e. only encrypt if the s/n is on the approved list from manufacturer xyz, else deny - you get the idea at least even if that isn't the best way to implement.
I would assume it is using asynchronous encryption somehow, maybe a machine cert hosting the private key and the public key gets injected to the fob? I would hope there is a DRA of some kind, a corporate keyset, that is also used.
I would assume it is using asynchronous encryption somehow, maybe a machine cert hosting the private key and the public key gets injected to the fob? I would hope there is a DRA of some kind, a corporate keyset, that is also used.
yes, you can do that - you can specify different rules for different machines, different makes/models of usb device, different users even...
its powerful software, but not cheap.
its powerful software, but not cheap.
Sounds pretty nifty... price isn't an issue around here, its getting the right product and doubly so getting someone high enough to be convinced that there is an actual need based on their standards of what is needed:p Sounds pretty cool though, definitely worth a further personal look at least...
netcomp - sorry for taking over your thread here... hopefully dave and/or myself had already answered your question - if not please followup. Otherwise feel free to close this off any time :)
netcomp - sorry for taking over your thread here... hopefully dave and/or myself had already answered your question - if not please followup. Otherwise feel free to close this off any time :)
(or coral47 - sorry missed the first post!)
I'm good. It was an interesting discussion. ; )
ASKER
Thank you all,I learned a lot. More than I thought.....
Thank you much. : )
EFS is the preferred per-user encryption method, bitlocker a poor alternative.