Need to protect a computer from a snooping spouse

Discussion in 'Computer Security' started by Beachcomber, Mar 24, 2005.

  1. Beachcomber

    Beachcomber Guest

    I've got a client that needs to protect his computer from a snooping
    wife with whom he may soon be involved in divorce proceedings. The
    computer, used extensively for business, is in a home office and the
    client cannot be at his premises 24 hours a day to monitor access.

    The questions he has posed are:

    1. How secure is the Windows Password login at startup? Can this be
    defeated by a determined intruder (or consultant/investigator?).

    2. Is there some way of putting a keylogger detection device, in case
    someone is able to slip one on the end of the keyboard connector.
    The computer is in a difficult to reach cabinet and it is not
    practical for the client to inspect the wiring every day.

    3. Another concern would be physical seizure of the hard drive either
    via an illegal theft or a court ordered subpoena. Computers, even
    desktop computers are relatively portable devices that are not too
    difficult to haul away. Would appreciate a discussion of any
    possible security measures (encryption methods? putting the critical
    data on a remote sever?) that other users may have expertise in.

    Like many of us, this man has practically his whole life, bank
    accounts, critical business information, client lists, etc. on his
    hard disk and is concerned with the best way to protect it.

    Beachcomber
    Beachcomber, Mar 24, 2005
    #1
    1. Advertising

  2. Beachcomber

    Unruh Guest

    (Beachcomber) writes:


    >I've got a client that needs to protect his computer from a snooping
    >wife with whom he may soon be involved in divorce proceedings. The
    >computer, used extensively for business, is in a home office and the
    >client cannot be at his premises 24 hours a day to monitor access.


    >The questions he has posed are:


    >1. How secure is the Windows Password login at startup? Can this be

    It is not.

    >defeated by a determined intruder (or consultant/investigator?).

    Yes.

    >2. Is there some way of putting a keylogger detection device, in case
    >someone is able to slip one on the end of the keyboard connector.


    No.


    >The computer is in a difficult to reach cabinet and it is not
    >practical for the client to inspect the wiring every day.


    >3. Another concern would be physical seizure of the hard drive either
    >via an illegal theft or a court ordered subpoena. Computers, even
    >desktop computers are relatively portable devices that are not too
    >difficult to haul away. Would appreciate a discussion of any
    >possible security measures (encryption methods? putting the critical
    >data on a remote sever?) that other users may have expertise in.


    He can encrypt it, but the courts could order its decryption.
    It might protect against "casual " reading of the system.


    >Like many of us, this man has practically his whole life, bank
    >accounts, critical business information, client lists, etc. on his
    >hard disk and is concerned with the best way to protect it.


    Remove the info, and securely wipe the files. Buy another computer which is not
    at home and put the info on that.

    Sounds to me like this is a guy who wants to save a few hundred dollars and
    risk losing much more-- ie his priorities are all screwed up.
    No wonder a divorce in the offing.
    Unruh, Mar 24, 2005
    #2
    1. Advertising

  3. Beachcomber

    Guest Guest

    "Beachcomber" <> wrote in message
    news:...
    >
    > I've got a client that needs to protect his computer from a snooping
    > wife with whom he may soon be involved in divorce proceedings. The
    > computer, used extensively for business, is in a home office and the
    > client cannot be at his premises 24 hours a day to monitor access.
    >
    > The questions he has posed are:
    >
    > 1. How secure is the Windows Password login at startup? Can this be
    > defeated by a determined intruder (or consultant/investigator?).
    >
    > 2. Is there some way of putting a keylogger detection device, in case
    > someone is able to slip one on the end of the keyboard connector.
    > The computer is in a difficult to reach cabinet and it is not
    > practical for the client to inspect the wiring every day.
    >
    > 3. Another concern would be physical seizure of the hard drive either
    > via an illegal theft or a court ordered subpoena. Computers, even
    > desktop computers are relatively portable devices that are not too
    > difficult to haul away. Would appreciate a discussion of any
    > possible security measures (encryption methods? putting the critical
    > data on a remote sever?) that other users may have expertise in.
    >
    > Like many of us, this man has practically his whole life, bank
    > accounts, critical business information, client lists, etc. on his
    > hard disk and is concerned with the best way to protect it.
    >
    > Beachcomber
    >
    >
    >



    Passwords won't protect him. Too many password cracker programs out
    there.

    Using permissions (only available when using NTFS) won't protect him.
    The drive can be accessed under a different instance of Windows (in the
    same host or by moving the drive to another Windows host that supports
    NTFS) where the permissions are ignored because the SIDs (security
    identifiers) aren't defined under that other instance of Windows. The
    admin in that other instance of Windows can take ownership of the files
    and then read them.

    He could use a BIOS password to prevent booting of his host while he is
    not using it. However, he will have to get security devices that will
    permit locking the case so no unauthorized physical entry is allowed to
    someone could short the CMOS jumper to clear out the BIOS and force the
    host back to its BIOS defaults (which do not have a password defined and
    enabled).

    He could use something like SafeBoot or DriveCrypt which encrypts the
    entire drive and makes it impossible for anyone to look at the contents
    of that drive. This usually involves replacing the MBR's (master boot
    record's) bootstrap program to insert the encrypting tool's bootstrap
    code which contains the key to decrypt the drive. If the malcontent or
    thief attempts to boot without using the MBR bootstrap code, like
    booting from a CD, floppy, or moving the drive into another host, they
    won't have the key to do the decrypting. If they don't provide the
    password when the MBR bootstrap program is ran, the key won't get used
    to decrypt the drive. This method is used by laptop users to secure the
    contents of their drives if their laptop gets stolen. Some laptops,
    like IBM's, incorporate this drive encryption within the BIOS.

    There are plenty of commercial keylogger programs available. However,
    that still does not stop someone from snooping or abusing your host, and
    using the log to prove it wasn't you won't fly in court because it could
    still have been you pretending to login as someone else, or that someone
    else used your own account to login.

    Since the computer and its network are not physically restricted from
    malcontents, those malcontents can insert a host in the path as a
    transparent proxy to log all network activity. Have your client
    configure their e-mail client to use SSL to connect to their e-mail
    server (and use an e-mail service that includes SSL support). Then
    sniffer only sees the scrambled mess during the login. Only the login
    credentials are protected by SSL. The rest of the e-mail exchange, like
    sending and receiving e-mails is still done using plain text. Have your
    customer use security certificates to encrypt their outbound e-mails
    (which requires they get the public key for the recipient's security
    certificate) and to request his senders to encrypt their e-mails that
    they send to him (which requires his senders have a copy of his public
    key to encrypt their e-mails that he can then decrypt using his private
    key).

    The client could also use VPN to tunnel to a provider and also use SSL
    so *everything* is encrypted in the network traffic from his host.

    In a divorce, and regardless of your client's viewpoint, the court will
    determine what property is shared and who owns what. If your client
    refuses to comply with a court order to divulge the contents of his
    computer, he is in contempt of court and he will lose a lot of leverage
    he has in divorce court regarding what is his. Also, investigators will
    find his bank accounts without ever accessing his computer. He won't be
    able to stop his wife from getting that information with a court order.
    A lot of that information can be found without using his computer. All
    he can really do is prevent his wife from abusing his computer or his
    communications.

    --
    ____________________________________________________________
    Post your replies to the newsgroup. Share with others.
    E-mail reply: Remove "NIXTHIS" and add "#VS811" to Subject.
    ____________________________________________________________
    Guest, Mar 24, 2005
    #3
  4. Beachcomber

    Leythos Guest

    On Thu, 24 Mar 2005 18:24:52 +0000, Beachcomber wrote:
    >
    > I've got a client that needs to protect his computer from a snooping
    > wife with whom he may soon be involved in divorce proceedings. The
    > computer, used extensively for business, is in a home office and the
    > client cannot be at his premises 24 hours a day to monitor access.
    >
    > The questions he has posed are:
    >
    > 1. How secure is the Windows Password login at startup? Can this be
    > defeated by a determined intruder (or consultant/investigator?).


    Depending on who setup the computer the Administrator account my not have
    a password and may let a technician directly. The logon password is a good
    tool, when it's a strong password.

    The password does not need to be know in order to access the computer's
    drives - you can often boot to a floppy and access data on FAT32 drives
    without opening Windows. You can also make a Ghosted copy of the
    hard-drive and inspect it at another location, with no signs that the copy
    was ever made.

    > 2. Is there some way of putting a keylogger detection device, in case
    > someone is able to slip one on the end of the keyboard connector. The
    > computer is in a difficult to reach cabinet and it is not practical for
    > the client to inspect the wiring every day.


    Yes, it's possible to detect loggers, but it's not practical as many there
    are as many different ones as there are detection tools.

    > 3. Another concern would be physical seizure of the hard drive either
    > via an illegal theft or a court ordered subpoena. Computers, even
    > desktop computers are relatively portable devices that are not too
    > difficult to haul away. Would appreciate a discussion of any possible
    > security measures (encryption methods? putting the critical data on a
    > remote sever?) that other users may have expertise in.


    The computer doesn't have to be taken, I could make a fully exact copy of
    the hard drive in under 15 minutes in most cases and the owner would never
    know unless they walked in on me.

    File encryption is good, but it can lead to other problems for the user -
    like forgetting the key and such.

    > Like many of us, this man has practically his whole life, bank accounts,
    > critical business information, client lists, etc. on his hard disk and
    > is concerned with the best way to protect it.


    There is nothing the user can do that can't be worked around by a
    competent tech, file encryption, passwords, BIOS passwords, monitoring,
    etc.... If he's that worried, make paper copies, put them in storage some
    place, remove all traces of the files from the computer.

    The real problem is not the data, but, why he's worried that his spouse
    would not already have the information - what's he hiding - divorce is
    suppose to be a 50/50 thing.

    --

    remove 999 in order to email me
    Leythos, Mar 24, 2005
    #4
  5. Beachcomber

    nemo outis Guest

    In article <>,
    (Beachcomber) wrote:
    >
    >I've got a client that needs to protect his computer from a snooping
    >wife with whom he may soon be involved in divorce proceedings. The
    >computer, used extensively for business, is in a home office and the
    >client cannot be at his premises 24 hours a day to monitor access.
    >
    >The questions he has posed are:
    >
    >1. How secure is the Windows Password login at startup? Can this be
    >defeated by a determined intruder (or consultant/investigator?).
    >
    >2. Is there some way of putting a keylogger detection device, in case
    >someone is able to slip one on the end of the keyboard connector.
    >The computer is in a difficult to reach cabinet and it is not
    >practical for the client to inspect the wiring every day.
    >
    >3. Another concern would be physical seizure of the hard drive either
    >via an illegal theft or a court ordered subpoena. Computers, even
    >desktop computers are relatively portable devices that are not too
    >difficult to haul away. Would appreciate a discussion of any
    >possible security measures (encryption methods? putting the critical
    >data on a remote sever?) that other users may have expertise in.
    >
    >Like many of us, this man has practically his whole life, bank
    >accounts, critical business information, client lists, etc. on his
    >hard disk and is concerned with the best way to protect it.
    >
    >Beachcomber



    While much depends on the skill of his wife (or her
    associates/confederates) the generally applicable axiom is:
    Whoever has uninterrupted access to a computer can compromise it.

    Accordingly, if he leaves the machine "exposed" to the wife for
    long stretches he is exceedingly vulnerable to any of a number of
    methods that will compromise the security and privacy of data
    stored on the machine.

    Rather than attempt to thwart/prevent each and all of these
    methods it is far wiser to remove the vulnerability. While
    scrubbing the disk, encrypting it, etc., are options, a better
    choice by far would be for him to permanently remove the HD from
    the computer and take it away (replacing the HD with another in a
    "vanilla" setup if functionality of the computer must be
    preserved).

    Regards,
    nemo outis, Mar 24, 2005
    #5
  6. Beachcomber wrote:

    >
    > I've got a client that needs to protect his computer from a snooping
    > wife with whom he may soon be involved in divorce proceedings. The
    > computer, used extensively for business, is in a home office and the
    > client cannot be at his premises 24 hours a day to monitor access.
    >
    > The questions he has posed are:
    >
    > 1. How secure is the Windows Password login at startup? Can this be
    > defeated by a determined intruder (or consultant/investigator?).


    There are many. What kind of access she has would determine the tool. Most
    are brute force type crackers...

    > 2. Is there some way of putting a keylogger detection device, in case
    > someone is able to slip one on the end of the keyboard connector.
    > The computer is in a difficult to reach cabinet and it is not
    > practical for the client to inspect the wiring every day.


    Yes there are but it would be quite noticeable. I would do it another way if
    it were me...

    > 3. Another concern would be physical seizure of the hard drive either
    > via an illegal theft or a court ordered subpoena. Computers, even
    > desktop computers are relatively portable devices that are not too
    > difficult to haul away. Would appreciate a discussion of any
    > possible security measures (encryption methods? putting the critical
    > data on a remote sever?) that other users may have expertise in.


    Honestly, the best advice I would give you is to remove the computer
    completely or at least take the disk drive out and leave the rest. This is
    the easiest, and safest, thing you could do.

    > Like many of us, this man has practically his whole life, bank
    > accounts, critical business information, client lists, etc. on his
    > hard disk and is concerned with the best way to protect it.
    >
    > Beachcomber


    Again, the best advice I could give you is to get the computer, or disk
    drive(s), out of there ASAP...

    Michael


    --
    news.west.cox.net
    Michael Pelletier, Mar 25, 2005
    #6
  7. Beachcomber

    Jerry G. Guest

    This man should get his priorities sorted out, and not be interested in a
    few hundred dollars. He is going to have to invest a few dollars to protect
    himself.

    The first thing he should do is get himself a couple of jump drives with a
    lot of megs in them. They are now available at 1 GB or more. He can use one
    for a backup of the other. This way, if one fails he has the other as a
    backup.

    He should copy all his valuable stuff on to the jump drives, and then do a
    big cleanup of his desktop computer's drive.

    To do his business he should get a laptop that he can leave somewhere where
    his wife does not know about. He can then work between the lap top and the
    jump drives. He should also invest in a palm top to keep his extra notes on
    the side.

    Once sorted out, he can do a big cleanup of his desktop machine. He should
    reformat the drive, and re-install, thus claiming a system crash if any
    questions are asked. To really prove things, he should go to a computer
    store, and have them install a new drive. He just has to say it is giving
    him intermittent errors. He can tell them to re-install the operating system
    from scratch. He can then tell them to write on the bill of sale, that the
    old drive was failing. He can then dispose of the old drive. There is no
    proof of it not being able to crash.

    The reason for changing the drive, will add to his security. Sometimes the
    old data can be retrieved even though there is a new format. There are
    services that specialize in this. The cost is expensive to retrieve data
    from under a new format, but it can be done by the labs that specialize in
    this.

    He can then build the system back up how he wants it to appear.

    --

    As for keystroke loggers, there are many around. I would not go this route,
    because this leaves things opened. If someone is very smart they can get
    around these.

    Any system can be broken in to. There are utilities that can read out the
    passwords of any operating system or software. These are used by dealers to
    get in to systems for their clients who have forgotten their passwords.

    There are also many hacker type software's out there that can get in to any
    system. Even an NTFS format can be read by some simple utilities that are
    out there, and are free to have.

    --


    Greetings,

    Jerry G.
    ============

    "Beachcomber" <> wrote in message
    news:...
    >
    > I've got a client that needs to protect his computer from a snooping
    > wife with whom he may soon be involved in divorce proceedings. The
    > computer, used extensively for business, is in a home office and the
    > client cannot be at his premises 24 hours a day to monitor access.
    >
    > The questions he has posed are:
    >
    > 1. How secure is the Windows Password login at start-up? Can this be
    > defeated by a determined intruder (or consultant/investigator?).
    >
    > 2. Is there some way of putting a keylogger detection device, in case
    > someone is able to slip one on the end of the keyboard connector.
    > The computer is in a difficult to reach cabinet and it is not
    > practical for the client to inspect the wiring every day.
    >
    > 3. Another concern would be physical seizure of the hard drive either
    > via an illegal theft or a court ordered subpoena. Computers, even
    > desktop computers are relatively portable devices that are not too
    > difficult to haul away. Would appreciate a discussion of any
    > possible security measures (encryption methods? putting the critical
    > data on a remote sever?) that other users may have expertise in.
    >
    > Like many of us, this man has practically his whole life, bank
    > accounts, critical business information, client lists, etc. on his
    > hard disk and is concerned with the best way to protect it.
    >
    > Beachcomber
    >
    >
    >
    Jerry G., Mar 25, 2005
    #7
  8. Beachcomber

    donnie Guest

    On Thu, 24 Mar 2005 18:24:52 GMT, (Beachcomber)
    wrote:

    >I've got a client that needs to protect his computer from a snooping
    >wife with whom he may soon be involved in divorce proceedings. The
    >computer, used extensively for business, is in a home office and the
    >client cannot be at his premises 24 hours a day to monitor access.

    ##########################
    I would get an/some external drive(s) that can be removed from the
    house, wipe the inofrmation from the HD, set a BIOS passwd just for
    good measure and use an FTP backup such as the one at
    www.serverbeach.com Then I would bug the phone and or home.
    donnie.
    donnie, Mar 26, 2005
    #8
  9. Beachcomber

    Beachcomber Guest

    On Sat, 26 Mar 2005 00:42:42 GMT, donnie <> wrote:

    >On Thu, 24 Mar 2005 18:24:52 GMT, (Beachcomber)
    >wrote:
    >
    >>I've got a client that needs to protect his computer from a snooping
    >>wife with whom he may soon be involved in divorce proceedings. The
    >>computer, used extensively for business, is in a home office and the
    >>client cannot be at his premises 24 hours a day to monitor access.

    >##########################


    >I would get an/some external drive(s) that can be removed from the
    >house, wipe the inofrmation from the HD, set a BIOS passwd just for
    >good measure and use an FTP backup such as the one at
    >www.serverbeach.com Then I would bug the phone and or home.
    >donnie.



    Thanks for the suggestions to all that replied. I'm just the hired
    gun in this situation, but I will be sure to pass along the better
    suggestions.

    The guy is willing to consider reasonable ideas that don't cost and
    arm and a leg. The removable/external drive method sounds pretty
    doable. Removing all computers from the house probably isn't going
    to fly.

    Beachcomber
    Beachcomber, Mar 26, 2005
    #9
  10. Beachcomber

    johns Guest

    Why in the world would this dumbass sit and talk to a
    lawyer about something like this? Sounds to me like he
    has something on that drive that just may be creating the
    divorce in the first place .... email to the girlfriend.
    Plots to hide his income from the wife ... kid porn ...
    what a nit. If he thinks she is going to vandalize his home
    office, then he should get a laptop, and keep it with him.
    If he thinks she will send the law to get his computer,
    then he needs to be honest .. plus delete the kid porn.

    johns
    johns, Mar 26, 2005
    #10
  11. Beachcomber

    donnie Guest

    On Fri, 25 Mar 2005 22:10:01 -0800, "johns"
    <> wrote:

    >Why in the world would this dumbass sit and talk to a
    >lawyer about something like this? Sounds to me like he
    >has something on that drive that just may be creating the
    >divorce in the first place .... email to the girlfriend.
    >Plots to hide his income from the wife ... kid porn ...
    >what a nit. If he thinks she is going to vandalize his home
    >office, then he should get a laptop, and keep it with him.
    >If he thinks she will send the law to get his computer,
    >then he needs to be honest .. plus delete the kid porn.
    >
    >johns
    >

    ##########################
    Either you jumped to a lot of conclusions or you already hacked his
    HD. I'd bet it's the former. Why shouldn't he talk to his lawyer
    about all aspects of the case? That's what he is supposed to do.
    donnie.
    donnie, Mar 26, 2005
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ross
    Replies:
    0
    Views:
    4,244
  2. Mike S. Whitlow

    CGMP, IGMP Snooping, and the PIX

    Mike S. Whitlow, Nov 25, 2003, in forum: Cisco
    Replies:
    3
    Views:
    1,678
    Mike S. Whitlow
    Dec 3, 2003
  3. Mike S. Whitlow

    followup: CGMP, IGMP Snooping, and the PIX

    Mike S. Whitlow, Feb 27, 2004, in forum: Cisco
    Replies:
    0
    Views:
    588
    Mike S. Whitlow
    Feb 27, 2004
  4. Bill McPherson

    What to do when your spouse fails exams?

    Bill McPherson, Oct 7, 2005, in forum: MCSE
    Replies:
    11
    Views:
    2,907
    Bill McPherson
    Oct 7, 2005
  5. cheeku

    need info on igmp snooping

    cheeku, May 20, 2007, in forum: Cisco
    Replies:
    1
    Views:
    435
Loading...

Share This Page