Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Protecting my hard drive?

Reply
Thread Tools

Protecting my hard drive?

 
 
Mama Bear
Guest
Posts: n/a
 
      09-15-2005
Is there a low cost way to password protect my hard drive, so that
if it was stolen along with my computer, no one could access it?
Something not too hard to log in with when I start it up though?

I have Systemworks 2005 but don't think there's anything in there
for this.





--
- Mama Bear

Please add the following url to your sig to, pass the word, and
help this woman: http://pleasehelpjennifer.com/
 
Reply With Quote
 
 
 
 
Stephen Howard
Guest
Posts: n/a
 
      09-15-2005
On Wed, 14 Sep 2005 19:25:13 -0500, Mama Bear <(E-Mail Removed)>
wrote:

>Is there a low cost way to password protect my hard drive, so that
>if it was stolen along with my computer, no one could access it?
>Something not too hard to log in with when I start it up though?
>
>I have Systemworks 2005 but don't think there's anything in there
>for this.


I think encryption's the key ( excuse pun ).
Once someone has access to your computer's internals it's pretty much
all over bar the shouting - but if the data is securely encrypted then
all they really have is a nice new computer.

There are quite a few freeware apps that you might find useful. I use
Blowfish Advanced CS to encrypt my sensitive data, and there are other
good encryption programs out there. Some people prefer to use
encrypted drives or 'containers'. Both systems will work for you, it's
just a matter of preference/convenience.

Blowfish Advanced can make use of 'job files', which essentially act
like DOS batch files. You can set up a series of encryption/decryption
tasks that run from a shortcut on your desktop.

Regards,


--
Stephen Howard - Woodwind repairs & period restorations
www.shwoodwind.co.uk
Emails to: showard{whoisat}shwoodwind{dot}co{dot}uk
 
Reply With Quote
 
 
 
 
nemo_outis
Guest
Posts: n/a
 
      09-15-2005
Mama Bear <(E-Mail Removed)> wrote in news:Xns96D1BB61A2984Mama@
216.196.97.142:

> Is there a low cost way to password protect my hard drive, so that
> if it was stolen along with my computer, no one could access it?
> Something not too hard to log in with when I start it up though?
>
> I have Systemworks 2005 but don't think there's anything in there
> for this.



There are a number of encryption schemes. Roughly they may be divided
into:

1. File-at-a-time encryption and decryption (sometimes extended to
whole folder/directory trees)

2. Partition/container schemes where the files are held in a single
large file or a whole partition on one of your drives. The
partition/container iis usually mapped as a drive letter (e.g., "H:")

3. Encryption of the whole boot partiton/HD (including the operating
system).

By far the best encryption technique (uncommon for type 1 but usual for
types 2 and 3) is OTFE (on-the-fly encryption). This mean that the file
is never decrypted to plaintext form and stored on the hard drive;
instead the file (or portions of it) are decrypted ONLY to memory (RAM)
as needed (it's all transparent to the user). This ensures that the
decryption program leaves no traces of plaintext around on the HD.
(However, **other** programs, including the OS, may make plaintext
copies, etc and leave recoverable bits around in places like erased tmp
files, the swap file, registry references, the MFT, etc. - commonly
called "leakage.")

Scheme 3 (encrypt everything but a tiny boot stub) is the most secure
since there is no chance of "leakage" as described above - **everything**
on the HD is fully encrypted all the time.

With scheme 2 and especially scheme 3 it is **essential** to have backups
(made before you experiment and regularly thereafter). While the
encryption programs from reputable software houses are pretty robust, if
anything goes wrong with encryption (esp type 2 & 3) you could find
**all** your data unrecoverable.

For the Type 1 scheme, stuff like Windows native EFS (on NTFS
partitions/drives) works OK (but is a bitch to configure correctly so you
don't sabotage yourself).

For Type 2 there are a number of commercial programs, but I recommend
Truecrypt (just as good functionally as any of the others, free, and
open-source).

For Type 3 there are again a number of programs ranging from free
Compusec, through DCPP, Safeboot Solo, Safeguard Easy, Winmagic, Pointsec
and others. My preference is Safeboot (but, alas, it is no longer
available). Compusec works well and you can't beat the price (free!)

For security needs up to "medium-duty" I would suggest a type 2 scheme
using Truecrypt. Type 3 schemes work well but newbies can easily shoot
themselves in the foot, they require discipline to use correctly, etc. -
but they do offer great heavy-duty protection.

Regards,




 
Reply With Quote
 
Ray Vingnutte
Guest
Posts: n/a
 
      09-15-2005
On 15 Sep 2005 15:01:32 GMT
"nemo_outis" <(E-Mail Removed)> wrote:

> Mama Bear <(E-Mail Removed)> wrote in news:Xns96D1BB61A2984Mama@
> 216.196.97.142:
>
> > Is there a low cost way to password protect my hard drive, so that
> > if it was stolen along with my computer, no one could access it?
> > Something not too hard to log in with when I start it up though?
> >
> > I have Systemworks 2005 but don't think there's anything in there
> > for this.

>
>
> There are a number of encryption schemes. Roughly they may be divided


> into:
>
> 1. File-at-a-time encryption and decryption (sometimes extended to
> whole folder/directory trees)
>
> 2. Partition/container schemes where the files are held in a single
> large file or a whole partition on one of your drives. The
> partition/container iis usually mapped as a drive letter (e.g., "H:")
>
> 3. Encryption of the whole boot partiton/HD (including the operating


> system).
>
> By far the best encryption technique (uncommon for type 1 but usual

for
> types 2 and 3) is OTFE (on-the-fly encryption). This mean that the

file
> is never decrypted to plaintext form and stored on the hard drive;
> instead the file (or portions of it) are decrypted ONLY to memory

(RAM)
> as needed (it's all transparent to the user). This ensures that the
> decryption program leaves no traces of plaintext around on the HD.
> (However, **other** programs, including the OS, may make plaintext
> copies, etc and leave recoverable bits around in places like erased

tmp
> files, the swap file, registry references, the MFT, etc. - commonly
> called "leakage.")
>
> Scheme 3 (encrypt everything but a tiny boot stub) is the most secure
> since there is no chance of "leakage" as described above -

**everything**
> on the HD is fully encrypted all the time.
>


Just to add a point there, speed, for full drive including operating
system encryption there will be a slow down as every read from or write
to the drive has to go through the encryption scheme. I have to say that
in my experience so far this is not an issue, on a 1Ghz machine with
512Mb ram and ordinary IDE drives. There must be a slow down but it is
not one that I can say I notice. At this time I have done no benchmarks.
Should also add I'm using an AES 128 bit encryption, others will likely
vary in performance. For a gateway/router machine or a machine that is
not running heavy duty processes it would hardly matter at all I would
think even on a lower spec machine.

> With scheme 2 and especially scheme 3 it is **essential** to have

backups
> (made before you experiment and regularly thereafter). While the
> encryption programs from reputable software houses are pretty robust,

if
> anything goes wrong with encryption (esp type 2 & 3) you could find
> **all** your data unrecoverable.
>
> For the Type 1 scheme, stuff like Windows native EFS (on NTFS
> partitions/drives) works OK (but is a bitch to configure correctly so

you
> don't sabotage yourself).
>
> For Type 2 there are a number of commercial programs, but I recommend
> Truecrypt (just as good functionally as any of the others, free, and
> open-source).
>
> For Type 3 there are again a number of programs ranging from free
> Compusec, through DCPP, Safeboot Solo, Safeguard Easy, Winmagic,

Pointsec
> and others. My preference is Safeboot (but, alas, it is no longer
> available). Compusec works well and you can't beat the price (free!)
>
> For security needs up to "medium-duty" I would suggest a type 2 scheme


> using Truecrypt. Type 3 schemes work well but newbies can easily

shoot
> themselves in the foot, they require discipline to use correctly, etc.

-
> but they do offer great heavy-duty protection.
>
> Regards,
>
>
>
>

 
Reply With Quote
 
Jeffrey F. Bloss
Guest
Posts: n/a
 
      09-15-2005
On Thu, 15 Sep 2005 16:16:47 +0100, Ray Vingnutte wrote:

> also add I'm using an AES 128 bit encryption, others will likely vary in
> performance. For a gateway/router machine or a machine that is not running
> heavy duty processes it would hardly matter at all I would think even on a
> lower spec machine.


Off the cuff, why would someone want to whole disk encrypt a
router/gateway? It's likely going to be running 27/7 so data is in the
clear if it's compromised anyway, if it goes down due to power failure it
won't come back on line by itself, and it's really not doing much that
someone can't see from outside the network anyway.

Or were you just talking in general terms of load levels and using
"router" as an example?

--
Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
-Marx

 
Reply With Quote
 
traveler
Guest
Posts: n/a
 
      09-15-2005
On Thu, 15 Sep 2005 16:53:20 GMT, "Jeffrey F. Bloss"
<(E-Mail Removed)> wrote:

>On Thu, 15 Sep 2005 16:16:47 +0100, Ray Vingnutte wrote:
>
>> also add I'm using an AES 128 bit encryption, others will likely vary in
>> performance. For a gateway/router machine or a machine that is not running
>> heavy duty processes it would hardly matter at all I would think even on a
>> lower spec machine.

>
>Off the cuff, why would someone want to whole disk encrypt a
>router/gateway? It's likely going to be running 27/7 so data is in the
>clear if it's compromised anyway,

It shouldn't be compromised if a good harware firewall that protects
every port is protecting the LAN connection, any thought's?
>if it goes down due to power failure it
>won't come back on line by itself, and it's really not doing much that
>someone can't see from outside the network anyway.
>
>Or were you just talking in general terms of load levels and using
>"router" as an example?


 
Reply With Quote
 
Ray Vingnutte
Guest
Posts: n/a
 
      09-15-2005
On Thu, 15 Sep 2005 16:53:20 GMT
"Jeffrey F. Bloss" <(E-Mail Removed)> wrote:

> On Thu, 15 Sep 2005 16:16:47 +0100, Ray Vingnutte wrote:
>
> > also add I'm using an AES 128 bit encryption, others will likely

vary in
> > performance. For a gateway/router machine or a machine that is not

running
> > heavy duty processes it would hardly matter at all I would think

even on a
> > lower spec machine.

>
> Off the cuff, why would someone want to whole disk encrypt a
> router/gateway? It's likely going to be running 27/7 so data is in the
> clear if it's compromised anyway, if it goes down due to power failure

it
> won't come back on line by itself, and it's really not doing much that
> someone can't see from outside the network anyway.
>
> Or were you just talking in general terms of load levels and using
> "router" as an example?


Yeah just generalizing, but then again some form of encryption may be
useful on such a machine. Logs in /var for example, I saw a post
recently about privoxy logging and although I have privoxy logging
turned off it is on my gateway along with tor and the like. Perhaps an
encrypted partition for /usr/local where one may have programs that one
may prefer not to advertise should the machine get stolen or whatever.

Then again you could use a separate log server, up to the individual I
guess there's a lot of possible scenarios for different setups.

>
> --
> Outside of a dog, a book is a man's best friend.
> Inside of a dog, it's too dark to read.
> -Marx
>

 
Reply With Quote
 
Mama Bear
Guest
Posts: n/a
 
      09-15-2005
Stephen Howard <(E-Mail Removed)> wrote :

> On Wed, 14 Sep 2005 19:25:13 -0500, Mama Bear
> <(E-Mail Removed)> wrote:
>
>>Is there a low cost way to password protect my hard drive, so
>>that if it was stolen along with my computer, no one could
>>access it? Something not too hard to log in with when I start
>>it up though?
>>
>>I have Systemworks 2005 but don't think there's anything in
>>there for this.

>
> I think encryption's the key ( excuse pun ).
> Once someone has access to your computer's internals it's
> pretty much all over bar the shouting - but if the data is
> securely encrypted then all they really have is a nice new
> computer.
>
> There are quite a few freeware apps that you might find
> useful. I use Blowfish Advanced CS to encrypt my sensitive
> data, and there are other good encryption programs out there.
> Some people prefer to use encrypted drives or 'containers'.
> Both systems will work for you, it's just a matter of
> preference/convenience.


By encrypted drives or 'containers', do you mean that it encrypts
the whole drive as a container? Does that slow everything down a
lot?

> Blowfish Advanced can make use of 'job files', which
> essentially act like DOS batch files. You can set up a series
> of encryption/decryption tasks that run from a shortcut on
> your desktop.


I need the whole thing to be transparent, and hopefully fast
enough where it doesn't slow my system way down.

--
- Mama Bear

Please add the following url to your sig to, pass the word, and
help this woman: http://pleasehelpjennifer.com/
 
Reply With Quote
 
Mama Bear
Guest
Posts: n/a
 
      09-15-2005
Ray Vingnutte <(E-Mail Removed)> wrote :

> On Thu, 15 Sep 2005 16:53:20 GMT
> "Jeffrey F. Bloss" <(E-Mail Removed)> wrote:
>
>> On Thu, 15 Sep 2005 16:16:47 +0100, Ray Vingnutte wrote:
>>
>> > also add I'm using an AES 128 bit encryption, others will
>> > likely

> vary in
>> > performance. For a gateway/router machine or a machine that
>> > is not

> running
>> > heavy duty processes it would hardly matter at all I would
>> > think

> even on a
>> > lower spec machine.

>>
>> Off the cuff, why would someone want to whole disk encrypt a
>> router/gateway? It's likely going to be running 27/7 so data
>> is in the clear if it's compromised anyway, if it goes down
>> due to power failure

> it
>> won't come back on line by itself, and it's really not doing
>> much that someone can't see from outside the network anyway.
>>
>> Or were you just talking in general terms of load levels and
>> using "router" as an example?

>
> Yeah just generalizing, but then again some form of encryption
> may be useful on such a machine. Logs in /var for example, I
> saw a post recently about privoxy logging and although I have
> privoxy logging turned off it is on my gateway along with tor
> and the like. Perhaps an encrypted partition for /usr/local
> where one may have programs that one may prefer not to
> advertise should the machine get stolen or whatever.
>
> Then again you could use a separate log server, up to the
> individual I guess there's a lot of possible scenarios for
> different setups.
>
>>
>> --
>> Outside of a dog, a book is a man's best friend.
>> Inside of a dog, it's too dark to read.
>> -Marx
>>

>


A lot of this is WAY over my head. I'm not doing a server anyway,
just wanted something fast and transparent, so in case a burglar
ever gets in and steals my computer, they wouldn't get my whole
computing life since 1989 handed to them.


--
- Mama Bear

Please add the following url to your sig to, pass the word, and
help this woman: http://pleasehelpjennifer.com/
 
Reply With Quote
 
Mama Bear
Guest
Posts: n/a
 
      09-15-2005
Oh, this thread also reminds me of an idea that I've had for awhile
now, but don't have the technical knowledge to setup myself. It
would make a good business though.

Sell encrypted file space on a remote server. Call it something
like "Data Vault". Have the server located in a bank vault
somewhere and certify that. Run it with a secure encrypted web link
or something like that, so people could upload their sensitive and
critical data to the "Data Vault".

That way if their home computer was ever stolen, they would at
least have a backup copy off site that they could restore from.

People with DSL would find it more useful because of the speed.


--
- Mama Bear

Please add the following url to your sig to, pass the word, and
help this woman: http://pleasehelpjennifer.com/
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
protecting ports from DoS attack on cisco 2950 Switch hari Cisco 0 12-01-2004 12:50 PM
Protecting one vlan from others Dralph Cisco 7 01-16-2004 02:19 PM
Protecting documents Shawn ASP .Net 7 11-21-2003 06:43 PM
Password protecting areas Jon Agiato ASP .Net 2 08-23-2003 08:37 PM
Re: Protecting Code Behind Pages Kevin Spencer ASP .Net 2 07-07-2003 07:30 PM



Advertisments