Mystical_Ice
asked on
Best way to encrypt documents on the fly
Hi,
I have several computers that synchronize my documents folder from my main computer (using the standard Windows 7 'offline folder' synchronization). This system works, and while each of the computers are PGP encrypted, I realize the documents themselves are not when the computers are running. They are transferred between computers, and shared from the main computer, with no encryption at all. This is fine for most of the documents, but I have some sensitive information that I would like to keep encrypted, so even in the event of the document files getting compromised one day (moving across the network during a synchronization/replicatio
I've looked at several programs, but they seem to require mounting a volume, etc. which is a little more complicated than I'm looking for. What I'm envisioning is having an application on the computer which, when navigating to a file (perhaps containing a folder) will pop up asking for a password, and upon entering the password, will be able to navigate the file within that folder.
Open to any suggestions - again, just trying to avoid 'over-complicating' this.
I have several computers that synchronize my documents folder from my main computer (using the standard Windows 7 'offline folder' synchronization). This system works, and while each of the computers are PGP encrypted, I realize the documents themselves are not when the computers are running. They are transferred between computers, and shared from the main computer, with no encryption at all. This is fine for most of the documents, but I have some sensitive information that I would like to keep encrypted, so even in the event of the document files getting compromised one day (moving across the network during a synchronization/replicatio
I've looked at several programs, but they seem to require mounting a volume, etc. which is a little more complicated than I'm looking for. What I'm envisioning is having an application on the computer which, when navigating to a file (perhaps containing a folder) will pop up asking for a password, and upon entering the password, will be able to navigate the file within that folder.
Open to any suggestions - again, just trying to avoid 'over-complicating' this.
Zephyr ICT
Did you also have a look at BitTorrent Sync? Now maybe you'll have to go for the pro version but you could do a trial with the free version. I use it on a lot of devices and it works great. The PKI function makes for not needing to remember passwords and still staying secure.
A safe solution would be "encryption anywhere". So any endpoint is encrypted and the data in ransit would be ecrypted using ipsec.
ASKER
McKnife - that's true, but the endpoint volume encrypted still means when the computer is running the data is not encrypted (someone could walk up to the computer and copy the files off).
Trying to find something where sensitive documents are encrypted or their folders are encrypted
I will look into BitTorrent Sync
Trying to find something where sensitive documents are encrypted or their folders are encrypted
I will look into BitTorrent Sync
"someone could walk up to the computer and copy the files off" - leaving a computer unlocked and unattended at the dame time is a deadly sin, security wise. No solution will help against that because that leaves the attacker with all possibilities.
ASKER
Not suggesting leaving the computer 'unlocked and unattended', but surely you see the point I'm getting at. Once the computer is started, having full hard disk encryption doesn't help with anything. The files reside on the computer in an unencrypted state, and can be copied off with no protection at all (whether it be by accessing the computer via the network, etc)
Look, securing a pc has several things to it. One of the very essentials is not leaving it unattended while unlocked at any time. Just that simple. You will not find a serious solution that will keep your data encrypted and secure even when the machine is unlocked. Let me explain why that is:
If you expect a solution to work that way, then it would require to enter a password each time we access that data and, after a short while, lock that data again to make sure it is not being seen by someone who now is looking at your unlocked screen while you are away. Fine, there are solutions that do this, like folderguard.
Why wouldn't I recommend such a solution? Because some guy could walk up to your machine and start a user space keylogger (no admin rights required) and record all keystrokes, including the password for folderguard. He would later harvest and use those passwords - and that is no fiction.
While your screen is locked, your data is very safe. There are ways to still get in, yes, but they require real skills and some technical assumptions even, like having the firewall turned off and being vulnerable to DMA attacks.
That's why I recommended what I recommended.
If you expect a solution to work that way, then it would require to enter a password each time we access that data and, after a short while, lock that data again to make sure it is not being seen by someone who now is looking at your unlocked screen while you are away. Fine, there are solutions that do this, like folderguard.
Why wouldn't I recommend such a solution? Because some guy could walk up to your machine and start a user space keylogger (no admin rights required) and record all keystrokes, including the password for folderguard. He would later harvest and use those passwords - and that is no fiction.
While your screen is locked, your data is very safe. There are ways to still get in, yes, but they require real skills and some technical assumptions even, like having the firewall turned off and being vulnerable to DMA attacks.
That's why I recommended what I recommended.
ASKER
I still don't know that you understand my concern. It's not whether someone can access the files from the console of a computer. it's the fact the files are transferred over the network unencrypted, and reside unencrypted on the computer once the operating system is running.
Installing a keylogger on a computer negates virtually EVERY form of protection; including a locked screen FYI (user session keyloggers will also pick up unlock passwords).
For the purposes of THIS question, let's assume I'm not worried about someone sitting down at my unattended and unlocked computer, k?
Installing a keylogger on a computer negates virtually EVERY form of protection; including a locked screen FYI (user session keyloggers will also pick up unlock passwords).
For the purposes of THIS question, let's assume I'm not worried about someone sitting down at my unattended and unlocked computer, k?
I understood, be assured.
If I follow that assumption, you would need software like the aforementioned folderguard, or any other encryptor that will allow on-demand-access secured by an additional password. That could be bitlocker-locked VHDX files, that could be truecrypt container files.
About the network traffic: please comment if the suggestion (ipsec) is suitable. What you could also use is smbv3 which is encrypted by default but would require clients with win8 or later and file servers that support smbv3 as well as server 2012 and later would do.
If I follow that assumption, you would need software like the aforementioned folderguard, or any other encryptor that will allow on-demand-access secured by an additional password. That could be bitlocker-locked VHDX files, that could be truecrypt container files.
About the network traffic: please comment if the suggestion (ipsec) is suitable. What you could also use is smbv3 which is encrypted by default but would require clients with win8 or later and file servers that support smbv3 as well as server 2012 and later would do.
ASKER
Unfortunately I can't use SMB or IPsec for my purpose. you're correct that would be the optimal solution, but sometimes for this use case it would be an unencrypted netowrk
What about the aforementioned folderguard then? It fits your "I'm envisioning is having an application on the computer which, when navigating to a file (perhaps containing a folder) will pop up asking for a password, and upon entering the password, will be able to navigate the file within that folder" http://www.winability.com/folderguard/
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This was what I opted to use. Axcrypt is a small application, lightweight and easy