Computer Security
Archives Forums/Linux Discussion/Computer Security
| ||
| I installed Linux on a Pendrive,Flash drive,usb stick call it what you will,and went to a second Windows XP computer. Loaded Linux from Pendrive,and i managed to read all the files on the windows hard drives,even tho the Windows computer was security enabled username/password. Surely thats not right. Worried Person Me Is. Mark |
| ||
| Surely thats not right. Worried Person Me Is. Yup, that's the way it is, and it's by design. Once you have access to the hardware, anyone has full access. If you take a hard drive out of a computer and connect it to another one, you can also read/write all files. Same as if you use something like the Ultimate boot CD for Windows, which can boot XP straight off of a CD -- full access to the harddrive. the catch: filesystem security depends on user ID's. for example: Administrator is normally user ID 0. when you connect with a different operating system, now essentially its administrator automatically is user 0, and hence it has full access to the files created by user 0 on the other windows install. The exact same thing applies to Linux, and pretty much all other operating systems. This is both good and bad: The bad, as you've seen, is that it's really easy to get access to the files by anyone who has physical access to the PC. The good, is that if/when windows crashes and won't start anymore, you can easily retrieve/rescue your data by simply re-installing a different OS (or connecting the drive in a different PC, or using a liveCD / USB boot) You can lock some of those options down by going into your PC BIOS and prohibiting booting from CD or flash drive, and setting a BIOS password to prevent an attacker from changing it back. It still allows them to take out the drive and connect it to a different PC if they're really determined. The only way around that is by using encryption -- either windows built-in file encryption (where there is a security certificate used to encrypt each file based on the original username/password hash, and unless you have the certificate you can't access the files) Alternatively is using a 3rd party drive encryption program like TrueCrypt, or the built-in drive encryption feature that comes with some laptops. For those everything is automagically encrypted, and unless you enter a password on boot-up before your OS even loads noone can make sense of the contents of the drive. Recommended for laptops and such that people take into the field and could get stolen or lost, so their data is still protected. However, the big downside of encryption is that if you either forget the password, or something somehow gets damaged, or if windows crashes and you lose its security certificate --- you'd be royally screwed. No way to recover any of your data by hooking it up to a different computer, or reinstalling the OS, or even sending it off to a data-recovery outfit: It's gone, period. |
| ||
| Addition: Since the HD is readable and writable by another OS (including linux boots, as you've found) is that there are 3rd party tools that can boot from floppy/CD/thumbdrive, access the windows security hive in the registry on the local harddrive, overwrite the encrypted password hash of a user (including administrator) with a new one and thereby essentially reset the password and gain access to their account. The only way to prevent that from happening is either encryption, or preventing the booting of any other media. |
| ||
| The Bios password option,stopping people from booting other devices sounds good. Thanks xlsior. |
| ||
| Not really, most if not all bios's can be reset/cleared to the default state. meaning no password. Basically just assume someone can get at your stuff if they have physical access to the hardware. Best thing to ask yourself though is, "Is my files really that interesting to anyone other than myself?" if the answer is yes, then start encrypting your stuff :) |
| ||
| Clear the Bios,never thought of that. My wife does a lot of online shopping.(on another computer)I don't know wether she has saved mine or her's credit card details or not.I have told her not to,But she is not totally savvy when it comes to computers.(especially when im out the house).I am more worried in case someone steals my computer.All the information is there for them. So yes the files would be intresting to someone else. Encryption it is. Thanks again guys. |
| ||
| So yes the files would be intresting to someone else. Encryption it is. Thanks again guys. Just keep in mind: If something bad happens, you're pretty much screwed if you encrypt stuff. After all, you'll look like 'someone else' as well, and you'd have next to no recovery options in case of a crash, unlike on a 'normal' harddrive. That means that backups of important files are even more imperative. |
| ||
| Theres no such thing as local PC security except perhaps a fully encrypted drive (including OS) and a PC that doesnt suspend or hibernate. (and what Xlsior said). Bios protection is rubbish because aside from hard resets and backdoors, all someone need do is have a usb2ide converter and laptop, spoon off the side of your PC, plug on their ide cable and turn on your PC (so it powers the disk) and start browsing. (or remove the disk completely and run away). Working IT support i have stripped out many a windows admin password, or done file recovery using a linux bootable media. Wether you love it or hate it, its a hell of a handy tool to have weather you use linux or not. There is windows based equivalent 'tools' disks like winternals but they usually cost. |
| ||
| Wow!. It looks like no PC is protected. Good job i do not work in a bank.(Thats an example) So there is no such thing as protection. Still confused. Is Encryption the way to go. Simple Yes or No,guys thanks. all the best Mark. |
| ||
| Yes, just DONT loose your key, and keep a GOOD backup preferably in a firesafe/secure place. If a laptop then disable suspend. ...If you are really THAT worried. Doing some contract work for the CIA are u?? :P Note: local disk crypping does nothing to foil network intrusions which is a much bigger worry to you than anything else. |
   |