Windows logon security.

  • Thread starter Thread starter Nick Z.
  • Start date Start date
N

Nick Z.

I heard that cracking windows xp log on is trivial.

I am looking for a solution that would provide better security. I need
something that will protect vs unauthenticated logon and would
automatically protect my files ( encrypt on the run? ).

Thanks,
Nick Z.
 
Nick said:
I heard that cracking windows xp log on is trivial.

I am looking for a solution that would provide better security. I need
something that will protect vs unauthenticated logon and would
automatically protect my files ( encrypt on the run? ).

Thanks,
Nick Z.
Click to expand...

Getting into *any* computer running *any* operating system is trivial if
the person doing it has time, skills, necessary tools, and physical
access. This behavior is not exclusive to Windows operating systems.
You can:

1. Restrict access to the computer.
2. Set the first boot device to the hard drive.
3. Put a BIOS password on the machine.

For encryption, try third-party software. I have not used any of these,
but got the links from MVP Torgeir Bakken who says his company uses
SafeGuard Easy.

SafeGuard PrivateDisk
http://www.utimaco.com/indexmain.html

TrueCrypt
http://www.truecrypt.org/

BestCrypt
http://www.jetico.com/

Malke
 
Bios passwords are only useful if no one has unrestricted access to the
computer and/or those who do have access aren't very technically minded.
Clearing the cmos clears the password, and if someone can spend enough time
with the computer to open the case, it only takes a few minutes to clear the
cmos.

If you know that no one's going to be able to open the case or know how to
clear the cmos, this is a good idea, though.

Encryption is good as long as you take the precautions to make sure you can
decrypt your files, no matter what. A lost of people post here after they've
lost encrypted files. And, if someone manages to log on as you, like by
guessing your password or getting to your computer after you've used it and
you haven't logged off, they have access to those files.

What works best really depends on how you use your computer and who you're
trying to keep out.
 
D.Currie said:
Bios passwords are only useful if no one has unrestricted access to the
computer and/or those who do have access aren't very technically minded.
Clearing the cmos clears the password, and if someone can spend enough time
with the computer to open the case, it only takes a few minutes to clear the
cmos.

If you know that no one's going to be able to open the case or know how to
clear the cmos, this is a good idea, though.

Encryption is good as long as you take the precautions to make sure you can
decrypt your files, no matter what. A lost of people post here after they've
lost encrypted files. And, if someone manages to log on as you, like by
guessing your password or getting to your computer after you've used it and
you haven't logged off, they have access to those files.

What works best really depends on how you use your computer and who you're
trying to keep out.
Click to expand...

Well said, but I'd like to add that there is software freely available
that can be used to change *any* user's password so an unauthorized user
could still login as another user and access encrypted files (assuming
that another password wasn't required to unencrypt them).

--
The reader should exercise normal caution and backup the Registry and
data files regularly, and especially before making any changes to their
PC, as well as performing regular virus and spyware scans. I am not
liable for problems or mishaps that occur from the reader using advice
posted here. No warranty, express or implied, is given with the posting
of this message.
 
null said:
Well said, but I'd like to add that there is software freely available
that can be used to change *any* user's password so an unauthorized user
could still login as another user and access encrypted files (assuming
that another password wasn't required to unencrypt them).
Click to expand...

I thinks it's pretty much a matter of, if you know who you're trying to keep
out, you can figure out how to keep them out. Some people are stymied by the
Windows 98 password screen.

Now that I think of it, though, a bios password combined with some odd case
screws, like spanners, would suffice to keep most people out. That way, to
open the case and reset the bios they'd either need to cut the case off,
which would be obvious in an office setting, or they'd have to find your
"special" screwdriver or run to a hardware store to find one. If someone was
really determined to get in, they could go buy the correct screwdriver, but
it would delay them a bit.

On the other hand, if this is a matter of sensitive data rather than
computer use/snooping, the best thing would be to store the data on a
removable drive and take the drive out when not in use, and store it
somewhere under lock and key.
 
Back
Top