Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Protecting my hard drive?

Reply
Thread Tools

Protecting my hard drive?

 
 
Jeffrey F. Bloss
Guest
Posts: n/a
 
      09-15-2005
On Thu, 15 Sep 2005 15:01:32 +0000, nemo_outis wrote:

> There are a number of encryption schemes. Roughly they may be divided
> into:


[snippity]

Damn fine post Nemo. Add a couple links and a paragraph or three about
which level of encryption is "right for you", and you have a great
reference piece.

--
Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
-Marx

 
Reply With Quote
 
 
 
 
Ray Vingnutte
Guest
Posts: n/a
 
      09-15-2005
On Thu, 15 Sep 2005 20:57:32 GMT
"Jeffrey F. Bloss" <(E-Mail Removed)> wrote:

> On Thu, 15 Sep 2005 19:14:04 +0100, Ray Vingnutte wrote:
>
> >> It shouldn't be compromised if a good harware firewall that

protects
> >> every port is protecting the LAN connection, any thought's?

> >
> > That is the sort of thing that got me looking at selinux. It would

seem
> > that it is very very difficult to compromise a machine with selinux

setup
>
> It's not that it's harder to compromise so much as it's harder to

wreak
> havoc if you manage it. SELinux doesn't do much of anything to address

the
> application specific exploits crackers use to gain access, as much as

it
> does restrict what those applications can access, and consequently,

what
> an attacker can access if they crack one.
>
> > correctly. There is report I came across on google of at least one
> > person putting an selinux enabled machine on the net and then giving

out
> > the root password and inviting people to log in and try and

compromise
> > the machine. As far as I'm aware no one has, compromised it that is.

>
> ???
>
> If you have root you can simply disable selunix, send the reboot

command,
> and log back in when it comes back on line. But if you have root, why
> bother? You can do whatever you want.


This is what I'm still not sure about, but from what I have read so far
it does indeed seem this is on the level. I have tried getting selinux
up and running to have a good look around at it myself but so far have
not been successful. A quick search at google for Russell Coker who
seems to be up in the front on selinux turns up many links but here's
one to what he calls his play machines. You can login in as root!! Have
not been successful at login myself maybe his machines are no longer
available.

http://www.coker.com.au/selinux/play.html


It would seem many people are working on it and the NSA has up to date
policy setups for most of the usual programs people might be running
with others added regularly.


>
> --
> Outside of a dog, a book is a man's best friend.
> Inside of a dog, it's too dark to read.
> -Marx
>

 
Reply With Quote
 
 
 
 
Jeffrey F. Bloss
Guest
Posts: n/a
 
      09-15-2005
On Thu, 15 Sep 2005 13:10:25 -0500, Mama Bear wrote:

> Oh, this thread also reminds me of an idea that I've had for awhile now,
> but don't have the technical knowledge to setup myself. It would make a
> good business though.
>
> Sell encrypted file space on a remote server. Call it something like "Data
> Vault".


Or ibackup, XDrive, BigVault...

Great idea. Several others though so to. Not that it wouldn't be
impossible to compete mind you.

Personally, I have this built in aversion to storing my files on someone
else's machine(s). Even if they are encrypted before they get there. Just
rubs my fur the wrong way. My important backups go to CD, and then into
the fire box. I have a safety deposit box too, and store some CD's there,
like a home inventory for insurance purposes. Even that bothers me.

--
Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
-Marx

 
Reply With Quote
 
Ari Silversteinn
Guest
Posts: n/a
 
      09-15-2005
On Thu, 15 Sep 2005 21:28:45 GMT, Jeffrey F. Bloss wrote:

> Personally, I have this built in aversion to storing my files on someone
> else's machine(s). Even if they are encrypted before they get there. Just
> rubs my fur the wrong way


So many failed and you get this notice, or no notice, that they are gone,
going or dying....with your data.
--
Drop the alphabet for email
 
Reply With Quote
 
Jeffrey F. Bloss
Guest
Posts: n/a
 
      09-15-2005
On Thu, 15 Sep 2005 13:02:53 -0500, Mama Bear wrote:

> Stephen Howard <(E-Mail Removed)> wrote :
>
>> On Wed, 14 Sep 2005 19:25:13 -0500, Mama Bear <(E-Mail Removed)>
>> wrote:
>>
>>>Is there a low cost way to password protect my hard drive, so that if it
>>>was stolen along with my computer, no one could access it? Something not
>>>too hard to log in with when I start it up though?
>>>
>>>I have Systemworks 2005 but don't think there's anything in there for
>>>this.

>>
>> I think encryption's the key ( excuse pun ). Once someone has access to
>> your computer's internals it's pretty much all over bar the shouting -
>> but if the data is securely encrypted then all they really have is a
>> nice new computer.
>>
>> There are quite a few freeware apps that you might find useful. I use
>> Blowfish Advanced CS to encrypt my sensitive data, and there are other
>> good encryption programs out there. Some people prefer to use encrypted
>> drives or 'containers'. Both systems will work for you, it's just a
>> matter of preference/convenience.

>
> By encrypted drives or 'containers', do you mean that it encrypts the
> whole drive as a container? Does that slow everything down a lot?
>
>> Blowfish Advanced can make use of 'job files', which essentially act
>> like DOS batch files. You can set up a series of encryption/decryption
>> tasks that run from a shortcut on your desktop.

>
> I need the whole thing to be transparent, and hopefully fast enough where
> it doesn't slow my system way down.


Whole disk encryption would generally be the most transparent. Your
machine asks for a pass phrase at boot time, and that's that. It's also
the most resource intense because everything is being encrypted and
decrypted on the fly.

Container or partition type encryption can be nearly as transparent. You
can configure the software that opens the container to run at startup,
enter the pass phrase then, and have access to your data until you shut
off the machine. But if the container gets closed (unmounted), you have to
re-mount it manually. That's typically a few mouse clicks and and entering
your pass phrase again. Container encryption is less resource intense
because you're only working on the files in the container, not every file
on the whole drive.

File by file encryption is by far the least transparent, and least
resource intense. You have to manually decrypt every file you want to
access, then encrypt it again when you're done. But it takes almost no
system resources beyond the storage space on your hard drive. You can do
some fiddling around and "streamline" the process with batch files and/or
scripts, but that's a lot of puttering around and if you're not familiar
with such things it's a lot of pain for little gain.

Maybe if you explained in a little more detail your circumstances,
what you're trying to secure and from whom, and describe your machine and
operating system a bit, someone can give you a specific suggestion.

--
Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
-Marx

 
Reply With Quote
 
Mama Bear
Guest
Posts: n/a
 
      09-15-2005
"Jeffrey F. Bloss" <(E-Mail Removed)> wrote :

> On Thu, 15 Sep 2005 13:10:25 -0500, Mama Bear wrote:
>
>> Oh, this thread also reminds me of an idea that I've had for
>> awhile now, but don't have the technical knowledge to setup
>> myself. It would make a good business though.
>>
>> Sell encrypted file space on a remote server. Call it
>> something like "Data Vault".

>
> Or ibackup, XDrive, BigVault...
>
> Great idea. Several others though so to. Not that it wouldn't
> be impossible to compete mind you.


But are they just in someone's office server somewhere? I was
thinking they'd REALLY be secure if they could offer something
that was actually setup inside the vault of a bank. Think of the
image that gives people, instead of just a server somewhere.

> Personally, I have this built in aversion to storing my files
> on someone else's machine(s). Even if they are encrypted
> before they get there. Just rubs my fur the wrong way. My
> important backups go to CD, and then into the fire box. I have
> a safety deposit box too, and store some CD's there, like a
> home inventory for insurance purposes.


Good idea.

>Even that bothers me.
>


Well yeah, but if I wasn't doing anything illegal, I wouldn't
worry too much.

--
- Mama Bear

Please add the following url to your sig to, pass the word, and
help this woman: http://pleasehelpjennifer.com/
 
Reply With Quote
 
Jeffrey F. Bloss
Guest
Posts: n/a
 
      09-15-2005
On Thu, 15 Sep 2005 14:03:32 -0500, Mama Bear wrote:

> I have a removable backup drive on a plug port. I use Ghost to backup to
> it, then unplug it and hide it, so if my computer ever gets stolen, at
> least I could just plug in that drive and retain it all. I just don't want
> someone stealing it and having access to my writings, my passwords, etc.
> Things they could cause me extreme grief with.


Should have read this before I suggested you give a little more info, huh?

It sounds to me like you have a lot of documents, maybe a bunch of saved
emails, some pictures of your husband on New Years Eve with the
lampshade... and the midget. <g> Maybe a big text file with all your login
and password information, too. Stuff along those lines... right?

I'd wager you're not all that concerned with someone seeing where in the
Internet you surf, viewing the hundreds of pieces of junk mail you get
every week, or knowing that your high Solitaire score is pathetic. <g>

And your machine was ready for an upgrade before YOU got it...

Sounds like you're a prime candidate for some container encryption. In
essence you set up what appears to you as another drive letter, and move
everything you want secured to that drive. When it's closed, it's
encrypted. When you mount it, it becomes visible. It's bit more work to
set up, and not quite as transparent as whole disk, but it's nowhere near
as cumbersome as file by file, and a lot less taxing on your precious CPU
cycles.

--
Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
-Marx

 
Reply With Quote
 
Mama Bear
Guest
Posts: n/a
 
      09-15-2005
"Jeffrey F. Bloss" <(E-Mail Removed)> wrote :

> Maybe if you explained in a little more detail your
> circumstances, what you're trying to secure and from whom, and
> describe your machine and operating system a bit, someone can
> give you a specific suggestion.
>


It's just my home computer, nothing top secret or anything. But my
whole computing life since around 1989 is on here and I wouldn't
want anyone having access to it. Things like my Ebay & Paypal
passwords and some others. My writings, which are personal. Nothing
illegal or anything, or top secret.



--
- Mama Bear

Please add the following url to your sig to, pass the word, and
help this woman: http://pleasehelpjennifer.com/
 
Reply With Quote
 
Mama Bear
Guest
Posts: n/a
 
      09-15-2005
"Jeffrey F. Bloss" <(E-Mail Removed)> wrote :

> On Thu, 15 Sep 2005 14:03:32 -0500, Mama Bear wrote:
>
>> I have a removable backup drive on a plug port. I use Ghost
>> to backup to it, then unplug it and hide it, so if my
>> computer ever gets stolen, at least I could just plug in that
>> drive and retain it all. I just don't want someone stealing
>> it and having access to my writings, my passwords, etc.
>> Things they could cause me extreme grief with.

>
> Should have read this before I suggested you give a little
> more info, huh?
>
> It sounds to me like you have a lot of documents, maybe a
> bunch of saved emails, some pictures of your husband on New
> Years Eve with the lampshade... and the midget. <g> Maybe a
> big text file with all your login and password information,
> too. Stuff along those lines... right?


Uh...<blush> sorta.

> I'd wager you're not all that concerned with someone seeing
> where in the Internet you surf, viewing the hundreds of pieces
> of junk mail you get every week, or knowing that your high
> Solitaire score is pathetic. <g>


Nope.

> And your machine was ready for an upgrade before YOU got it...
>


No, the machine is ok, a AMD XP 1.4 GHz CPU running XP Home
edition, with 512 Megs and a 40 gig HD. ( about 22 gig of data and
15 free at present )

> Sounds like you're a prime candidate for some container
> encryption. In essence you set up what appears to you as
> another drive letter, and move everything you want secured to
> that drive. When it's closed, it's encrypted. When you mount
> it, it becomes visible. It's bit more work to set up, and not
> quite as transparent as whole disk, but it's nowhere near as
> cumbersome as file by file, and a lot less taxing on your
> precious CPU cycles.
>



I'm just not sure how these things work. For example, what if I
encrypted the whole HD. Would it take a couple of days of the
computer cranking away at it, to get it all done?


--
- Mama Bear

Please add the following url to your sig to, pass the word, and
help this woman: http://pleasehelpjennifer.com/
 
Reply With Quote
 
Ari Silversteinn
Guest
Posts: n/a
 
      09-15-2005
On Thu, 15 Sep 2005 17:15:43 -0500, Mama Bear wrote:

> It's just my home computer, nothing top secret or anything. But my
> whole computing life since around 1989 is on here and I wouldn't
> want anyone having access to it. Things like my Ebay & Paypal
> passwords


http://www.mirekw.com/winfreeware/pins.html

> and some others. My writings, which are personal. Nothing
> illegal or anything, or top secret.


http://sourceforge.net/projects/axcrypt

Both are easy, full featured and solid.

Oh, and freeware.
--
Drop the alphabet for email
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
protecting ports from DoS attack on cisco 2950 Switch hari Cisco 0 12-01-2004 12:50 PM
Protecting one vlan from others Dralph Cisco 7 01-16-2004 02:19 PM
Protecting documents Shawn ASP .Net 7 11-21-2003 06:43 PM
Password protecting areas Jon Agiato ASP .Net 2 08-23-2003 08:37 PM
Re: Protecting Code Behind Pages Kevin Spencer ASP .Net 2 07-07-2003 07:30 PM



Advertisments