Protecting my hard drive?

Discussion in 'Computer Security' started by Mama Bear, Sep 15, 2005.

  1. Mama Bear

    Mama Bear Guest

    Is there a low cost way to password protect my hard drive, so that
    if it was stolen along with my computer, no one could access it?
    Something not too hard to log in with when I start it up though?

    I have Systemworks 2005 but don't think there's anything in there
    for this.





    --
    - Mama Bear

    Please add the following url to your sig to, pass the word, and
    help this woman: http://pleasehelpjennifer.com/
     
    Mama Bear, Sep 15, 2005
    #1
    1. Advertising

  2. On Wed, 14 Sep 2005 19:25:13 -0500, Mama Bear <>
    wrote:

    >Is there a low cost way to password protect my hard drive, so that
    >if it was stolen along with my computer, no one could access it?
    >Something not too hard to log in with when I start it up though?
    >
    >I have Systemworks 2005 but don't think there's anything in there
    >for this.


    I think encryption's the key ( excuse pun ).
    Once someone has access to your computer's internals it's pretty much
    all over bar the shouting - but if the data is securely encrypted then
    all they really have is a nice new computer.

    There are quite a few freeware apps that you might find useful. I use
    Blowfish Advanced CS to encrypt my sensitive data, and there are other
    good encryption programs out there. Some people prefer to use
    encrypted drives or 'containers'. Both systems will work for you, it's
    just a matter of preference/convenience.

    Blowfish Advanced can make use of 'job files', which essentially act
    like DOS batch files. You can set up a series of encryption/decryption
    tasks that run from a shortcut on your desktop.

    Regards,


    --
    Stephen Howard - Woodwind repairs & period restorations
    www.shwoodwind.co.uk
    Emails to: showard{whoisat}shwoodwind{dot}co{dot}uk
     
    Stephen Howard, Sep 15, 2005
    #2
    1. Advertising

  3. Mama Bear

    nemo_outis Guest

    Mama Bear <> wrote in news:Xns96D1BB61A2984Mama@
    216.196.97.142:

    > Is there a low cost way to password protect my hard drive, so that
    > if it was stolen along with my computer, no one could access it?
    > Something not too hard to log in with when I start it up though?
    >
    > I have Systemworks 2005 but don't think there's anything in there
    > for this.



    There are a number of encryption schemes. Roughly they may be divided
    into:

    1. File-at-a-time encryption and decryption (sometimes extended to
    whole folder/directory trees)

    2. Partition/container schemes where the files are held in a single
    large file or a whole partition on one of your drives. The
    partition/container iis usually mapped as a drive letter (e.g., "H:")

    3. Encryption of the whole boot partiton/HD (including the operating
    system).

    By far the best encryption technique (uncommon for type 1 but usual for
    types 2 and 3) is OTFE (on-the-fly encryption). This mean that the file
    is never decrypted to plaintext form and stored on the hard drive;
    instead the file (or portions of it) are decrypted ONLY to memory (RAM)
    as needed (it's all transparent to the user). This ensures that the
    decryption program leaves no traces of plaintext around on the HD.
    (However, **other** programs, including the OS, may make plaintext
    copies, etc and leave recoverable bits around in places like erased tmp
    files, the swap file, registry references, the MFT, etc. - commonly
    called "leakage.")

    Scheme 3 (encrypt everything but a tiny boot stub) is the most secure
    since there is no chance of "leakage" as described above - **everything**
    on the HD is fully encrypted all the time.

    With scheme 2 and especially scheme 3 it is **essential** to have backups
    (made before you experiment and regularly thereafter). While the
    encryption programs from reputable software houses are pretty robust, if
    anything goes wrong with encryption (esp type 2 & 3) you could find
    **all** your data unrecoverable.

    For the Type 1 scheme, stuff like Windows native EFS (on NTFS
    partitions/drives) works OK (but is a bitch to configure correctly so you
    don't sabotage yourself).

    For Type 2 there are a number of commercial programs, but I recommend
    Truecrypt (just as good functionally as any of the others, free, and
    open-source).

    For Type 3 there are again a number of programs ranging from free
    Compusec, through DCPP, Safeboot Solo, Safeguard Easy, Winmagic, Pointsec
    and others. My preference is Safeboot (but, alas, it is no longer
    available). Compusec works well and you can't beat the price (free!)

    For security needs up to "medium-duty" I would suggest a type 2 scheme
    using Truecrypt. Type 3 schemes work well but newbies can easily shoot
    themselves in the foot, they require discipline to use correctly, etc. -
    but they do offer great heavy-duty protection.

    Regards,
     
    nemo_outis, Sep 15, 2005
    #3
  4. On 15 Sep 2005 15:01:32 GMT
    "nemo_outis" <> wrote:

    > Mama Bear <> wrote in news:Xns96D1BB61A2984Mama@
    > 216.196.97.142:
    >
    > > Is there a low cost way to password protect my hard drive, so that
    > > if it was stolen along with my computer, no one could access it?
    > > Something not too hard to log in with when I start it up though?
    > >
    > > I have Systemworks 2005 but don't think there's anything in there
    > > for this.

    >
    >
    > There are a number of encryption schemes. Roughly they may be divided


    > into:
    >
    > 1. File-at-a-time encryption and decryption (sometimes extended to
    > whole folder/directory trees)
    >
    > 2. Partition/container schemes where the files are held in a single
    > large file or a whole partition on one of your drives. The
    > partition/container iis usually mapped as a drive letter (e.g., "H:")
    >
    > 3. Encryption of the whole boot partiton/HD (including the operating


    > system).
    >
    > By far the best encryption technique (uncommon for type 1 but usual

    for
    > types 2 and 3) is OTFE (on-the-fly encryption). This mean that the

    file
    > is never decrypted to plaintext form and stored on the hard drive;
    > instead the file (or portions of it) are decrypted ONLY to memory

    (RAM)
    > as needed (it's all transparent to the user). This ensures that the
    > decryption program leaves no traces of plaintext around on the HD.
    > (However, **other** programs, including the OS, may make plaintext
    > copies, etc and leave recoverable bits around in places like erased

    tmp
    > files, the swap file, registry references, the MFT, etc. - commonly
    > called "leakage.")
    >
    > Scheme 3 (encrypt everything but a tiny boot stub) is the most secure
    > since there is no chance of "leakage" as described above -

    **everything**
    > on the HD is fully encrypted all the time.
    >


    Just to add a point there, speed, for full drive including operating
    system encryption there will be a slow down as every read from or write
    to the drive has to go through the encryption scheme. I have to say that
    in my experience so far this is not an issue, on a 1Ghz machine with
    512Mb ram and ordinary IDE drives. There must be a slow down but it is
    not one that I can say I notice. At this time I have done no benchmarks.
    Should also add I'm using an AES 128 bit encryption, others will likely
    vary in performance. For a gateway/router machine or a machine that is
    not running heavy duty processes it would hardly matter at all I would
    think even on a lower spec machine.

    > With scheme 2 and especially scheme 3 it is **essential** to have

    backups
    > (made before you experiment and regularly thereafter). While the
    > encryption programs from reputable software houses are pretty robust,

    if
    > anything goes wrong with encryption (esp type 2 & 3) you could find
    > **all** your data unrecoverable.
    >
    > For the Type 1 scheme, stuff like Windows native EFS (on NTFS
    > partitions/drives) works OK (but is a bitch to configure correctly so

    you
    > don't sabotage yourself).
    >
    > For Type 2 there are a number of commercial programs, but I recommend
    > Truecrypt (just as good functionally as any of the others, free, and
    > open-source).
    >
    > For Type 3 there are again a number of programs ranging from free
    > Compusec, through DCPP, Safeboot Solo, Safeguard Easy, Winmagic,

    Pointsec
    > and others. My preference is Safeboot (but, alas, it is no longer
    > available). Compusec works well and you can't beat the price (free!)
    >
    > For security needs up to "medium-duty" I would suggest a type 2 scheme


    > using Truecrypt. Type 3 schemes work well but newbies can easily

    shoot
    > themselves in the foot, they require discipline to use correctly, etc.

    -
    > but they do offer great heavy-duty protection.
    >
    > Regards,
    >
    >
    >
    >
     
    Ray Vingnutte, Sep 15, 2005
    #4
  5. On Thu, 15 Sep 2005 16:16:47 +0100, Ray Vingnutte wrote:

    > also add I'm using an AES 128 bit encryption, others will likely vary in
    > performance. For a gateway/router machine or a machine that is not running
    > heavy duty processes it would hardly matter at all I would think even on a
    > lower spec machine.


    Off the cuff, why would someone want to whole disk encrypt a
    router/gateway? It's likely going to be running 27/7 so data is in the
    clear if it's compromised anyway, if it goes down due to power failure it
    won't come back on line by itself, and it's really not doing much that
    someone can't see from outside the network anyway.

    Or were you just talking in general terms of load levels and using
    "router" as an example?

    --
    Outside of a dog, a book is a man's best friend.
    Inside of a dog, it's too dark to read.
    -Marx
     
    Jeffrey F. Bloss, Sep 15, 2005
    #5
  6. Mama Bear

    traveler Guest

    On Thu, 15 Sep 2005 16:53:20 GMT, "Jeffrey F. Bloss"
    <> wrote:

    >On Thu, 15 Sep 2005 16:16:47 +0100, Ray Vingnutte wrote:
    >
    >> also add I'm using an AES 128 bit encryption, others will likely vary in
    >> performance. For a gateway/router machine or a machine that is not running
    >> heavy duty processes it would hardly matter at all I would think even on a
    >> lower spec machine.

    >
    >Off the cuff, why would someone want to whole disk encrypt a
    >router/gateway? It's likely going to be running 27/7 so data is in the
    >clear if it's compromised anyway,

    It shouldn't be compromised if a good harware firewall that protects
    every port is protecting the LAN connection, any thought's?
    >if it goes down due to power failure it
    >won't come back on line by itself, and it's really not doing much that
    >someone can't see from outside the network anyway.
    >
    >Or were you just talking in general terms of load levels and using
    >"router" as an example?
     
    traveler, Sep 15, 2005
    #6
  7. On Thu, 15 Sep 2005 16:53:20 GMT
    "Jeffrey F. Bloss" <> wrote:

    > On Thu, 15 Sep 2005 16:16:47 +0100, Ray Vingnutte wrote:
    >
    > > also add I'm using an AES 128 bit encryption, others will likely

    vary in
    > > performance. For a gateway/router machine or a machine that is not

    running
    > > heavy duty processes it would hardly matter at all I would think

    even on a
    > > lower spec machine.

    >
    > Off the cuff, why would someone want to whole disk encrypt a
    > router/gateway? It's likely going to be running 27/7 so data is in the
    > clear if it's compromised anyway, if it goes down due to power failure

    it
    > won't come back on line by itself, and it's really not doing much that
    > someone can't see from outside the network anyway.
    >
    > Or were you just talking in general terms of load levels and using
    > "router" as an example?


    Yeah just generalizing, but then again some form of encryption may be
    useful on such a machine. Logs in /var for example, I saw a post
    recently about privoxy logging and although I have privoxy logging
    turned off it is on my gateway along with tor and the like. Perhaps an
    encrypted partition for /usr/local where one may have programs that one
    may prefer not to advertise should the machine get stolen or whatever.

    Then again you could use a separate log server, up to the individual I
    guess there's a lot of possible scenarios for different setups.

    >
    > --
    > Outside of a dog, a book is a man's best friend.
    > Inside of a dog, it's too dark to read.
    > -Marx
    >
     
    Ray Vingnutte, Sep 15, 2005
    #7
  8. Mama Bear

    Mama Bear Guest

    Stephen Howard <> wrote :

    > On Wed, 14 Sep 2005 19:25:13 -0500, Mama Bear
    > <> wrote:
    >
    >>Is there a low cost way to password protect my hard drive, so
    >>that if it was stolen along with my computer, no one could
    >>access it? Something not too hard to log in with when I start
    >>it up though?
    >>
    >>I have Systemworks 2005 but don't think there's anything in
    >>there for this.

    >
    > I think encryption's the key ( excuse pun ).
    > Once someone has access to your computer's internals it's
    > pretty much all over bar the shouting - but if the data is
    > securely encrypted then all they really have is a nice new
    > computer.
    >
    > There are quite a few freeware apps that you might find
    > useful. I use Blowfish Advanced CS to encrypt my sensitive
    > data, and there are other good encryption programs out there.
    > Some people prefer to use encrypted drives or 'containers'.
    > Both systems will work for you, it's just a matter of
    > preference/convenience.


    By encrypted drives or 'containers', do you mean that it encrypts
    the whole drive as a container? Does that slow everything down a
    lot?

    > Blowfish Advanced can make use of 'job files', which
    > essentially act like DOS batch files. You can set up a series
    > of encryption/decryption tasks that run from a shortcut on
    > your desktop.


    I need the whole thing to be transparent, and hopefully fast
    enough where it doesn't slow my system way down.

    --
    - Mama Bear

    Please add the following url to your sig to, pass the word, and
    help this woman: http://pleasehelpjennifer.com/
     
    Mama Bear, Sep 15, 2005
    #8
  9. Mama Bear

    Mama Bear Guest

    Ray Vingnutte <> wrote :

    > On Thu, 15 Sep 2005 16:53:20 GMT
    > "Jeffrey F. Bloss" <> wrote:
    >
    >> On Thu, 15 Sep 2005 16:16:47 +0100, Ray Vingnutte wrote:
    >>
    >> > also add I'm using an AES 128 bit encryption, others will
    >> > likely

    > vary in
    >> > performance. For a gateway/router machine or a machine that
    >> > is not

    > running
    >> > heavy duty processes it would hardly matter at all I would
    >> > think

    > even on a
    >> > lower spec machine.

    >>
    >> Off the cuff, why would someone want to whole disk encrypt a
    >> router/gateway? It's likely going to be running 27/7 so data
    >> is in the clear if it's compromised anyway, if it goes down
    >> due to power failure

    > it
    >> won't come back on line by itself, and it's really not doing
    >> much that someone can't see from outside the network anyway.
    >>
    >> Or were you just talking in general terms of load levels and
    >> using "router" as an example?

    >
    > Yeah just generalizing, but then again some form of encryption
    > may be useful on such a machine. Logs in /var for example, I
    > saw a post recently about privoxy logging and although I have
    > privoxy logging turned off it is on my gateway along with tor
    > and the like. Perhaps an encrypted partition for /usr/local
    > where one may have programs that one may prefer not to
    > advertise should the machine get stolen or whatever.
    >
    > Then again you could use a separate log server, up to the
    > individual I guess there's a lot of possible scenarios for
    > different setups.
    >
    >>
    >> --
    >> Outside of a dog, a book is a man's best friend.
    >> Inside of a dog, it's too dark to read.
    >> -Marx
    >>

    >


    A lot of this is WAY over my head. I'm not doing a server anyway,
    just wanted something fast and transparent, so in case a burglar
    ever gets in and steals my computer, they wouldn't get my whole
    computing life since 1989 handed to them.


    --
    - Mama Bear

    Please add the following url to your sig to, pass the word, and
    help this woman: http://pleasehelpjennifer.com/
     
    Mama Bear, Sep 15, 2005
    #9
  10. Mama Bear

    Mama Bear Guest

    Oh, this thread also reminds me of an idea that I've had for awhile
    now, but don't have the technical knowledge to setup myself. It
    would make a good business though.

    Sell encrypted file space on a remote server. Call it something
    like "Data Vault". Have the server located in a bank vault
    somewhere and certify that. Run it with a secure encrypted web link
    or something like that, so people could upload their sensitive and
    critical data to the "Data Vault".

    That way if their home computer was ever stolen, they would at
    least have a backup copy off site that they could restore from.

    People with DSL would find it more useful because of the speed.


    --
    - Mama Bear

    Please add the following url to your sig to, pass the word, and
    help this woman: http://pleasehelpjennifer.com/
     
    Mama Bear, Sep 15, 2005
    #10
  11. On Thu, 15 Sep 2005 10:03:55 -0700
    traveler <> wrote:

    > On Thu, 15 Sep 2005 16:53:20 GMT, "Jeffrey F. Bloss"
    > <> wrote:
    >
    > >On Thu, 15 Sep 2005 16:16:47 +0100, Ray Vingnutte wrote:
    > >
    > >> also add I'm using an AES 128 bit encryption, others will likely

    vary in
    > >> performance. For a gateway/router machine or a machine that is not

    running
    > >> heavy duty processes it would hardly matter at all I would think

    even on a
    > >> lower spec machine.

    > >
    > >Off the cuff, why would someone want to whole disk encrypt a
    > >router/gateway? It's likely going to be running 27/7 so data is in

    the
    > >clear if it's compromised anyway,

    > It shouldn't be compromised if a good harware firewall that protects
    > every port is protecting the LAN connection, any thought's?


    That is the sort of thing that got me looking at selinux. It would seem
    that it is very very difficult to compromise a machine with selinux
    setup correctly. There is report I came across on google of at least one
    person putting an selinux enabled machine on the net and then giving
    out the root password and inviting people to log in and try and
    compromise the machine. As far as I'm aware no one has, compromised it
    that is.


    > >if it goes down due to power failure it
    > >won't come back on line by itself, and it's really not doing much

    that
    > >someone can't see from outside the network anyway.
    > >
    > >Or were you just talking in general terms of load levels and using
    > >"router" as an example?

    >
     
    Ray Vingnutte, Sep 15, 2005
    #11
  12. On Thu, 15 Sep 2005 13:06:51 -0500
    Mama Bear <> wrote:

    > Ray Vingnutte <> wrote :
    >
    > > On Thu, 15 Sep 2005 16:53:20 GMT
    > > "Jeffrey F. Bloss" <> wrote:
    > >
    > >> On Thu, 15 Sep 2005 16:16:47 +0100, Ray Vingnutte wrote:
    > >>
    > >> > also add I'm using an AES 128 bit encryption, others will
    > >> > likely

    > > vary in
    > >> > performance. For a gateway/router machine or a machine that
    > >> > is not

    > > running
    > >> > heavy duty processes it would hardly matter at all I would
    > >> > think

    > > even on a
    > >> > lower spec machine.
    > >>
    > >> Off the cuff, why would someone want to whole disk encrypt a
    > >> router/gateway? It's likely going to be running 27/7 so data
    > >> is in the clear if it's compromised anyway, if it goes down
    > >> due to power failure

    > > it
    > >> won't come back on line by itself, and it's really not doing
    > >> much that someone can't see from outside the network anyway.
    > >>
    > >> Or were you just talking in general terms of load levels and
    > >> using "router" as an example?

    > >
    > > Yeah just generalizing, but then again some form of encryption
    > > may be useful on such a machine. Logs in /var for example, I
    > > saw a post recently about privoxy logging and although I have
    > > privoxy logging turned off it is on my gateway along with tor
    > > and the like. Perhaps an encrypted partition for /usr/local
    > > where one may have programs that one may prefer not to
    > > advertise should the machine get stolen or whatever.
    > >
    > > Then again you could use a separate log server, up to the
    > > individual I guess there's a lot of possible scenarios for
    > > different setups.
    > >
    > >>
    > >> --
    > >> Outside of a dog, a book is a man's best friend.
    > >> Inside of a dog, it's too dark to read.
    > >> -Marx
    > >>

    > >

    >
    > A lot of this is WAY over my head. I'm not doing a server anyway,
    > just wanted something fast and transparent, so in case a burglar
    > ever gets in and steals my computer, they wouldn't get my whole
    > computing life since 1989 handed to them.
    >


    Sorry, things to tend to drift somewhat, What Nemo Outis outlines above
    should give you some pointers as to what might be best for you. You say
    you would like to stop someone accessing your drive rather than
    specific sets of files so maybe a full blown drive and operating system
    encryption setup would be suitable for you.

    Which to use is another long story I expect. If it's just general basic
    security then any of the full drive techniques would be adequate I
    think.

    Don't go trying it out on your main setup first though just in case you
    make a mistake during setup. If you can practice using a separate drive
    and setup then fine do that first. When you are happy it all works well
    then try it on your normal setup. At the very least make a backup first
    of your data just in case.

    >
    > --
    > - Mama Bear
    >
    > Please add the following url to your sig to, pass the word, and
    > help this woman: http://pleasehelpjennifer.com/
     
    Ray Vingnutte, Sep 15, 2005
    #12
  13. Mama Bear

    traveler Guest

    On Thu, 15 Sep 2005 13:06:51 -0500, Mama Bear <>
    wrote:

    >Ray Vingnutte <> wrote :
    >
    >> On Thu, 15 Sep 2005 16:53:20 GMT
    >> "Jeffrey F. Bloss" <> wrote:
    >>
    >>> On Thu, 15 Sep 2005 16:16:47 +0100, Ray Vingnutte wrote:
    >>>
    >>> > also add I'm using an AES 128 bit encryption, others will
    >>> > likely

    >> vary in
    >>> > performance. For a gateway/router machine or a machine that
    >>> > is not

    >> running
    >>> > heavy duty processes it would hardly matter at all I would
    >>> > think

    >> even on a
    >>> > lower spec machine.
    >>>
    >>> Off the cuff, why would someone want to whole disk encrypt a
    >>> router/gateway? It's likely going to be running 27/7 so data
    >>> is in the clear if it's compromised anyway, if it goes down
    >>> due to power failure

    >> it
    >>> won't come back on line by itself, and it's really not doing
    >>> much that someone can't see from outside the network anyway.
    >>>
    >>> Or were you just talking in general terms of load levels and
    >>> using "router" as an example?

    >>
    >> Yeah just generalizing, but then again some form of encryption
    >> may be useful on such a machine. Logs in /var for example, I
    >> saw a post recently about privoxy logging and although I have
    >> privoxy logging turned off it is on my gateway along with tor
    >> and the like. Perhaps an encrypted partition for /usr/local
    >> where one may have programs that one may prefer not to
    >> advertise should the machine get stolen or whatever.
    >>
    >> Then again you could use a separate log server, up to the
    >> individual I guess there's a lot of possible scenarios for
    >> different setups.
    >>
    >>>
    >>> --
    >>> Outside of a dog, a book is a man's best friend.
    >>> Inside of a dog, it's too dark to read.
    >>> -Marx
    >>>

    >>

    >
    >A lot of this is WAY over my head. I'm not doing a server anyway,
    >just wanted something fast and transparent, so in case a burglar
    >ever gets in and steals my computer, they wouldn't get my whole
    >computing life since 1989 handed to them.


    Have a look at this, I saw it posted on the net, it's a free full
    edition if you only want the password featured program:

    http://www.ce-infosys.com/CeiHome.asp
     
    traveler, Sep 15, 2005
    #13
  14. Mama Bear

    nemo_outis Guest

    traveler <> wrote in
    news::

    ....snip...
    > Have a look at this, I saw it posted on the net, it's a free full
    > edition if you only want the password featured program:
    >
    > http://www.ce-infosys.com/CeiHome.asp
    >



    Yep, that's the free compusec I was referring to in my recent post.

    Regards,

    PS Incidentally, good though the program is, they should be shot with a
    ball of their own shit for making their website asp-centric.
     
    nemo_outis, Sep 15, 2005
    #14
  15. Mama Bear

    Mama Bear Guest

    Ray Vingnutte <> wrote :

    > On Thu, 15 Sep 2005 13:06:51 -0500
    > Mama Bear <> wrote:
    >
    >> Ray Vingnutte <> wrote :
    >>
    >> > On Thu, 15 Sep 2005 16:53:20 GMT
    >> > "Jeffrey F. Bloss" <> wrote:
    >> >
    >> >> On Thu, 15 Sep 2005 16:16:47 +0100, Ray Vingnutte wrote:
    >> >>
    >> >> > also add I'm using an AES 128 bit encryption, others
    >> >> > will likely
    >> > vary in
    >> >> > performance. For a gateway/router machine or a machine
    >> >> > that is not
    >> > running
    >> >> > heavy duty processes it would hardly matter at all I
    >> >> > would think
    >> > even on a
    >> >> > lower spec machine.
    >> >>
    >> >> Off the cuff, why would someone want to whole disk encrypt
    >> >> a router/gateway? It's likely going to be running 27/7 so
    >> >> data is in the clear if it's compromised anyway, if it
    >> >> goes down due to power failure
    >> > it
    >> >> won't come back on line by itself, and it's really not
    >> >> doing much that someone can't see from outside the network
    >> >> anyway.
    >> >>
    >> >> Or were you just talking in general terms of load levels
    >> >> and using "router" as an example?
    >> >
    >> > Yeah just generalizing, but then again some form of
    >> > encryption may be useful on such a machine. Logs in /var
    >> > for example, I saw a post recently about privoxy logging
    >> > and although I have privoxy logging turned off it is on my
    >> > gateway along with tor and the like. Perhaps an encrypted
    >> > partition for /usr/local where one may have programs that
    >> > one may prefer not to advertise should the machine get
    >> > stolen or whatever.
    >> >
    >> > Then again you could use a separate log server, up to the
    >> > individual I guess there's a lot of possible scenarios for
    >> > different setups.
    >> >
    >> >>
    >> >> --
    >> >> Outside of a dog, a book is a man's best friend.
    >> >> Inside of a dog, it's too dark to read.
    >> >> -Marx
    >> >>
    >> >

    >>
    >> A lot of this is WAY over my head. I'm not doing a server
    >> anyway, just wanted something fast and transparent, so in
    >> case a burglar ever gets in and steals my computer, they
    >> wouldn't get my whole computing life since 1989 handed to
    >> them.
    >>

    >
    > Sorry, things to tend to drift somewhat, What Nemo Outis
    > outlines above should give you some pointers as to what might
    > be best for you. You say you would like to stop someone
    > accessing your drive rather than specific sets of files so
    > maybe a full blown drive and operating system encryption setup
    > would be suitable for you.
    >
    > Which to use is another long story I expect. If it's just
    > general basic security then any of the full drive techniques
    > would be adequate I think.
    >
    > Don't go trying it out on your main setup first though just in
    > case you make a mistake during setup. If you can practice
    > using a separate drive and setup then fine do that first. When
    > you are happy it all works well then try it on your normal
    > setup. At the very least make a backup first of your data just
    > in case.


    I have a removable backup drive on a plug port. I use Ghost to
    backup to it, then unplug it and hide it, so if my computer ever
    gets stolen, at least I could just plug in that drive and retain
    it all. I just don't want someone stealing it and having access
    to my writings, my passwords, etc. Things they could cause me
    extreme grief with.

    So I need something low cost, that would make it extremely hard
    for someone to get anything from my drive if they stole the
    computer.

    --
    - Mama Bear

    Please add the following url to your sig to, pass the word, and
    help this woman: http://pleasehelpjennifer.com/
     
    Mama Bear, Sep 15, 2005
    #15
  16. Mama Bear

    Mama Bear Guest

    Ray Vingnutte <> wrote :

    > On Thu, 15 Sep 2005 10:03:55 -0700
    > traveler <> wrote:
    >
    >> On Thu, 15 Sep 2005 16:53:20 GMT, "Jeffrey F. Bloss"
    >> <> wrote:
    >>
    >> >On Thu, 15 Sep 2005 16:16:47 +0100, Ray Vingnutte wrote:
    >> >
    >> >> also add I'm using an AES 128 bit encryption, others will
    >> >> likely

    > vary in
    >> >> performance. For a gateway/router machine or a machine
    >> >> that is not

    > running
    >> >> heavy duty processes it would hardly matter at all I would
    >> >> think

    > even on a
    >> >> lower spec machine.
    >> >
    >> >Off the cuff, why would someone want to whole disk encrypt a
    >> >router/gateway? It's likely going to be running 27/7 so data
    >> >is in

    > the
    >> >clear if it's compromised anyway,

    >> It shouldn't be compromised if a good harware firewall that
    >> protects every port is protecting the LAN connection, any
    >> thought's?

    >
    > That is the sort of thing that got me looking at selinux. It
    > would seem that it is very very difficult to compromise a
    > machine with selinux setup correctly. There is report I came
    > across on google of at least one person putting an selinux
    > enabled machine on the net and then giving out the root
    > password and inviting people to log in and try and compromise
    > the machine. As far as I'm aware no one has, compromised it
    > that is.



    But that's a Linux system?

    --
    - Mama Bear

    Please add the following url to your sig to, pass the word, and
    help this woman: http://pleasehelpjennifer.com/
     
    Mama Bear, Sep 15, 2005
    #16
  17. On Thu, 15 Sep 2005 14:03:32 -0500
    Mama Bear <> wrote:

    > Ray Vingnutte <> wrote :
    >
    > > On Thu, 15 Sep 2005 13:06:51 -0500
    > > Mama Bear <> wrote:
    > >
    > >> Ray Vingnutte <> wrote :
    > >>
    > >> > On Thu, 15 Sep 2005 16:53:20 GMT
    > >> > "Jeffrey F. Bloss" <> wrote:
    > >> >
    > >> >> On Thu, 15 Sep 2005 16:16:47 +0100, Ray Vingnutte wrote:
    > >> >>
    > >> >> > also add I'm using an AES 128 bit encryption, others
    > >> >> > will likely
    > >> > vary in
    > >> >> > performance. For a gateway/router machine or a machine
    > >> >> > that is not
    > >> > running
    > >> >> > heavy duty processes it would hardly matter at all I
    > >> >> > would think
    > >> > even on a
    > >> >> > lower spec machine.
    > >> >>
    > >> >> Off the cuff, why would someone want to whole disk encrypt
    > >> >> a router/gateway? It's likely going to be running 27/7 so
    > >> >> data is in the clear if it's compromised anyway, if it
    > >> >> goes down due to power failure
    > >> > it
    > >> >> won't come back on line by itself, and it's really not
    > >> >> doing much that someone can't see from outside the network
    > >> >> anyway.
    > >> >>
    > >> >> Or were you just talking in general terms of load levels
    > >> >> and using "router" as an example?
    > >> >
    > >> > Yeah just generalizing, but then again some form of
    > >> > encryption may be useful on such a machine. Logs in /var
    > >> > for example, I saw a post recently about privoxy logging
    > >> > and although I have privoxy logging turned off it is on my
    > >> > gateway along with tor and the like. Perhaps an encrypted
    > >> > partition for /usr/local where one may have programs that
    > >> > one may prefer not to advertise should the machine get
    > >> > stolen or whatever.
    > >> >
    > >> > Then again you could use a separate log server, up to the
    > >> > individual I guess there's a lot of possible scenarios for
    > >> > different setups.
    > >> >
    > >> >>
    > >> >> --
    > >> >> Outside of a dog, a book is a man's best friend.
    > >> >> Inside of a dog, it's too dark to read.
    > >> >> -Marx
    > >> >>
    > >> >
    > >>
    > >> A lot of this is WAY over my head. I'm not doing a server
    > >> anyway, just wanted something fast and transparent, so in
    > >> case a burglar ever gets in and steals my computer, they
    > >> wouldn't get my whole computing life since 1989 handed to
    > >> them.
    > >>

    > >
    > > Sorry, things to tend to drift somewhat, What Nemo Outis
    > > outlines above should give you some pointers as to what might
    > > be best for you. You say you would like to stop someone
    > > accessing your drive rather than specific sets of files so
    > > maybe a full blown drive and operating system encryption setup
    > > would be suitable for you.
    > >
    > > Which to use is another long story I expect. If it's just
    > > general basic security then any of the full drive techniques
    > > would be adequate I think.
    > >
    > > Don't go trying it out on your main setup first though just in
    > > case you make a mistake during setup. If you can practice
    > > using a separate drive and setup then fine do that first. When
    > > you are happy it all works well then try it on your normal
    > > setup. At the very least make a backup first of your data just
    > > in case.

    >
    > I have a removable backup drive on a plug port. I use Ghost to
    > backup to it, then unplug it and hide it, so if my computer ever
    > gets stolen, at least I could just plug in that drive and retain
    > it all. I just don't want someone stealing it and having access
    > to my writings, my passwords, etc. Things they could cause me
    > extreme grief with.


    Absolutely, then go for it

    >
    > So I need something low cost, that would make it extremely hard
    > for someone to get anything from my drive if they stole the
    > computer.


    A lot of this stuff is free so it may cost you nothing, I'm assuming you
    are using windows which means I'm of little help to you. what I remember
    of my windows days is very likely way out of date now. Above all I'm
    fairly new to all this hard drive encryption stuff too ;-)


    >
    > --
    > - Mama Bear
    >
    > Please add the following url to your sig to, pass the word, and
    > help this woman: http://pleasehelpjennifer.com/
     
    Ray Vingnutte, Sep 15, 2005
    #17
  18. On Thu, 15 Sep 2005 14:07:39 -0500
    Mama Bear <> wrote:

    > Ray Vingnutte <> wrote :
    >
    > > On Thu, 15 Sep 2005 10:03:55 -0700
    > > traveler <> wrote:
    > >
    > >> On Thu, 15 Sep 2005 16:53:20 GMT, "Jeffrey F. Bloss"
    > >> <> wrote:
    > >>
    > >> >On Thu, 15 Sep 2005 16:16:47 +0100, Ray Vingnutte wrote:
    > >> >
    > >> >> also add I'm using an AES 128 bit encryption, others will
    > >> >> likely

    > > vary in
    > >> >> performance. For a gateway/router machine or a machine
    > >> >> that is not

    > > running
    > >> >> heavy duty processes it would hardly matter at all I would
    > >> >> think

    > > even on a
    > >> >> lower spec machine.
    > >> >
    > >> >Off the cuff, why would someone want to whole disk encrypt a
    > >> >router/gateway? It's likely going to be running 27/7 so data
    > >> >is in

    > > the
    > >> >clear if it's compromised anyway,
    > >> It shouldn't be compromised if a good harware firewall that
    > >> protects every port is protecting the LAN connection, any
    > >> thought's?

    > >
    > > That is the sort of thing that got me looking at selinux. It
    > > would seem that it is very very difficult to compromise a
    > > machine with selinux setup correctly. There is report I came
    > > across on google of at least one person putting an selinux
    > > enabled machine on the net and then giving out the root
    > > password and inviting people to log in and try and compromise
    > > the machine. As far as I'm aware no one has, compromised it
    > > that is.

    >
    >
    > But that's a Linux system?


    Yep sorry again, I'll shut up.

    >
    > --
    > - Mama Bear
    >
    > Please add the following url to your sig to, pass the word, and
    > help this woman: http://pleasehelpjennifer.com/
     
    Ray Vingnutte, Sep 15, 2005
    #18
  19. On Thu, 15 Sep 2005 19:14:04 +0100, Ray Vingnutte wrote:

    >> It shouldn't be compromised if a good harware firewall that protects
    >> every port is protecting the LAN connection, any thought's?

    >
    > That is the sort of thing that got me looking at selinux. It would seem
    > that it is very very difficult to compromise a machine with selinux setup


    It's not that it's harder to compromise so much as it's harder to wreak
    havoc if you manage it. SELinux doesn't do much of anything to address the
    application specific exploits crackers use to gain access, as much as it
    does restrict what those applications can access, and consequently, what
    an attacker can access if they crack one.

    > correctly. There is report I came across on google of at least one
    > person putting an selinux enabled machine on the net and then giving out
    > the root password and inviting people to log in and try and compromise
    > the machine. As far as I'm aware no one has, compromised it that is.


    ???

    If you have root you can simply disable selunix, send the reboot command,
    and log back in when it comes back on line. But if you have root, why
    bother? You can do whatever you want.

    --
    Outside of a dog, a book is a man's best friend.
    Inside of a dog, it's too dark to read.
    -Marx
     
    Jeffrey F. Bloss, Sep 15, 2005
    #19
  20. Mama Bear

    Mama Bear Guest

    Ray Vingnutte <> wrote :

    > A lot of this stuff is free so it may cost you nothing, I'm
    > assuming you are using windows which means I'm of little help
    > to you.


    Yeah, XP Home edition.

    > what I remember of my windows days is very likely way
    > out of date now. Above all I'm fairly new to all this hard
    > drive encryption stuff too ;-)


    :)



    --
    - Mama Bear

    Please add the following url to your sig to, pass the word, and
    help this woman: http://pleasehelpjennifer.com/
     
    Mama Bear, Sep 15, 2005
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Nate
    Replies:
    1
    Views:
    1,159
    Ed Mullen
    Feb 21, 2004
  2. Anthropy
    Replies:
    4
    Views:
    1,120
    Anthropy
    Feb 24, 2004
  3. Replies:
    0
    Views:
    1,286
  4. Spin
    Replies:
    7
    Views:
    781
    Bill in Co.
    Apr 9, 2008
  5. Spin
    Replies:
    10
    Views:
    2,987
    Bill in Co.
    Apr 9, 2008
Loading...

Share This Page