|
-
September 25th, 2002, 05:34 AM
#1
Protecting an XP System
I friend has just bought a new PC with XP Home installed. The machine lives in a shared house and she does not want anybody to be able to access the system if she is out.
Is there anything native to XP that will stop people from accessing the system or does anybody know of a suitable third party software product.
Passwords within XP are OK but I understand anyone with a bit of intelligence can create a disk to by-pass passwords.
I also know of thumb print readers etc but I'd rather a software alternative.
Thanks in advance for any advice.
Stuart
-
September 25th, 2002, 05:49 AM
#2
Driver Terrier
First of all it is ALWAYS possible to get at data from a computer... regardless of how much security is on it.
The easiest and cheapest way to lock a machine is to use the bios password... but even that can be cracked. The there is the windows lock - press the windows key and press L, the machine is then locked until the correct password is given.
Just how paranoid are we talking here - thumb print readers seems very over the top to me... The most secure thing I can think of is to have a removable hard drive with the data and os on it and when she goes out she simply takes it with her.
Last edited by NooNoo; September 25th, 2002 at 05:51 AM.
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
September 25th, 2002, 05:59 AM
#3
Is there anything native to XP that will stop people from accessing the system or does anybody know of a suitable third party software product.
NTFS File Permissions and EFS will do the trick. Shame its home not Pro! 
Do they have any kind of access to the system? An account?
Add a BIOS Password and add a account password, ensure auto login is off and pick a strong password!
understand anyone with a bit of intelligence can create a disk to by-pass passwords
No not really. It is possible to break user password but its not an matter of creating a little disk and running a application  If she made a password recovery disk, destory it or take it from the building. Because thats your main problem with XP.
If you really want to disable booting from floppy.
Maybe move the files that need to be secured into a single folder and use one of many packages to secure that folder.
Some Tools you may want to check out:
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
Something i will add, if she is the only person who uses that system you can export the "start up key" to a floppy disk. Then she takes that with her. Should someone else try to access the system they wont be able to unless they have the disk. However if she looses that disk she cant access the system either! So make copies! I belive thats an option on home.
Last edited by TyroTech; September 25th, 2002 at 06:15 AM.
-
September 25th, 2002, 06:05 AM
#4
First of all it is ALWAYS possible to get at data from a computer... regardless of how much security is on it.
Im going to disagree with that one NooNoo.
You may be able to get the data with some work but read it? No chance! Even EFS takes care of that one. Even better would be PGP 
If you manage the passwords / certificates properly your sorted.
Last edited by TyroTech; September 25th, 2002 at 06:13 AM.
-
December 16th, 2002, 01:51 AM
#5
Breaking XP/2000 Passwords
It is quite simple, actually, to reset the administrator password and get access to the entire system unless encrypted. There ARE utilities which perform this for you - simple bootable CD is created which does it all with a GUI menu interface.
Therefore, I would have to recommend encrypting the files to protect them. Although XP's EFS will function well enough to stop the majority of data recovery methods, I'd not want to rely upon an encryption method created by Microsoft. There have been far too many security breaches and flaws in the OS and in IE. Furthermore (personal opinion) I suspect that MS's programmers have a utility already created to reverse the EFS process.
Bottom line - if the data is worth all the security, use 256-bit PGP encryption. Even the NSA has been up in arms regarding its potential release outside the US - too difficult to break or simply too time consuming on even a super computer to make it worth an effort.
-
December 16th, 2002, 06:53 AM
#6
Geezer
 This sounds like some confus-ed advice...
Originally posted by NooNoo
First of all it is ALWAYS possible to get at data from a computer... regardless of how much security is on it.
... The most secure thing I can think of is to have a removable hard drive with the data and os on it and when she goes out she simply takes it with her.
So how are we gonna retrieve that data when its not there ? I don't care how good your encryption methods are, if there's no data to un-encrypt - your Kray supercomputer ain't gonna do you any good .... a removable HD caddy will run about £15 and is pretty easy to fit ....
Kinda like protecting your system from hackers, if you leave the connection there sooner or later somebody can get in, if you have no connection then there's no way without physical access to the data ... just like here.
Thumb print readers ! pah ! ... too many Bond movies for you I think 
-
December 16th, 2002, 06:47 PM
#7
lol @ Bond.
Thumbprint readers exist and yes, they've already been defeated by some character with wax and cellophane 
-
January 8th, 2003, 12:09 AM
#8
Paranoid I guess
Gee must have world secrets on there and live with a bunch of hackers. Get a removable drive setup. change passwords every few days. Have a key-switch installed and install a case lock. Removable drives bays are the best. We have business customers who remove their HDs and store them in a fire safe every night. Cant get much more secure than that. Wouldnt recommend carring it around tho.
If life is a bitch, then what is death? I believe that I will take the bitch...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
Bookmarks