Does NTFS Security protect you from theft

  • Thread starter Thread starter Derz
  • Start date Start date
D

Derz

How safe is data stored on an XP Professional System if it is stolen.

The system has two accounts, Guest and one user. Both are Password protected.
The Hard Drive is NTFS format.
The Data area Permission gives full access to the group "Everyone".

Reading some posts related posts, I've seen 3rd party encryption software
recommended.
Does NT/NTFS Encrypt. Is additional software necessary?
 
Derz said:
How safe is data stored on an XP Professional System if it is stolen.

The system has two accounts, Guest and one user. Both are Password protected.
The Hard Drive is NTFS format.
The Data area Permission gives full access to the group "Everyone".

Reading some posts related posts, I've seen 3rd party encryption software
recommended.
Does NT/NTFS Encrypt. Is additional software necessary?
Unless encryption is used no data is safe if one has physical access to
the system. Even encryption can be problematic if poor key management
is practiced.

Account passwords mean nothing.

NTFS does support EFS but key management is more difficult to do
correctly. In a home environment key management is easier with
something like TrueCrypt. In an enterprise EFS would tend to be the
better choice because the system administrators can assist in the key
management.

HTH

Dennis
 
Derz said:
How safe is data stored on an XP Professional System if it is stolen.

The system has two accounts, Guest and one user. Both are Password
protected. The Hard Drive is NTFS format.
The Data area Permission gives full access to the group "Everyone".

Reading some posts related posts, I've seen 3rd party encryption
software recommended.
Does NT/NTFS Encrypt. Is additional software necessary?

XP Pro does support EFS encryption, but be carefull it is possible to render
your stuff inaccessable via EFS.

The Encrypting File System
http://www.microsoft.com/technet/security/topics/cryptographyetc/efs.mspx

Best practices for the Encrypting File System
http://support.microsoft.com/kb/223316/en-us

How to back up the recovery agent Encrypting File System (EFS) private key
in Windows Server 2003, in Windows 2000, and in Windows XP
http://support.microsoft.com/kb/241201

How To Encrypt a Folder in Windows XP
http://support.microsoft.com/?id=308989

How To Remove File Encryption in Windows XP
http://support.microsoft.com/?id=308993

How To Encrypt a File in Windows XP
http://support.microsoft.com/?id=307877

HOW TO: Share Access to an Encrypted File in Windows XP
http://support.microsoft.com/?id=308991
 
Derz said:
How safe is data stored on an XP Professional System if it is stolen.

The system has two accounts, Guest and one user. Both are Password protected.
The Hard Drive is NTFS format.
The Data area Permission gives full access to the group "Everyone".

Reading some posts related posts, I've seen 3rd party encryption software
recommended.
Does NT/NTFS Encrypt. Is additional software necessary?

NTFS is a file system, not a security measure. It does support
permissions for access but that is easily overriden. The hard disk can
be taken to another host or used under a different instance of Windows
and anyone with admin-level privileges in that instance of Windows can
take ownership of your files to access them. Permission-based access
can be circumvented. It really is only for file management, not for
file security.

EFS may be available depending WHICH version of Windows XP you are
using. Windows XP Home does not include EFS support. You mention
Windows XP Professional which does include EFS support. Be sure to read
ALL the help articles in Start -> Help and Support regarding the use and
management of EFS-protected folders or files, especially the part about
exporting your EFS certificate to removable media for safe keeping.

If you don't want to rely on an encryption scheme that employs a
cryptographic key unique to a user account but want to use something
that relies on passwords and more portable then look at TrueCrypt.
 
Thanks for the helpful information and links.

Upon review, it would appear that the delivered Encryption technology could
be used on XP to effectively protect the privacy of data if the system is
stolen..

This could work fine for single user systems, or systems with limited file
sharing among users. However, due to the inability to define group access to
all files in "encrypted folders", (this access can only be applied to
individual files), the use of this technology in an environment where files
are freely shared among users would be very cumbersome.

TrueCrypt looks like a good choice for a SOHO which is what I am interested
in protecting.
 
Back
Top