Home page logo

basics logo Security Basics mailing list archives

Re: Securing workstations from IT guys
From: "Liam Jewell" <ljjewell () gmail com>
Date: Tue, 27 Nov 2007 15:05:15 -0500

Anybody who has physical access to the machine becomes a
vulnerability.  Even if you encrypt files under an administrator
account on the local machine, simply resetting the password with a
program like Passware, will not disable the encryption.  Then an
unauthorized user can log in to the admin account with a blank
password (or a password of their choosing) and have access to all
encrypted files.

This means that in under a minute of physical access to the machine,
all local documents (encrypted or not) are now accessible.
Additionally, many programs allow you to reset it to the original
password when you are done. This means that if the event viewer were
cleared... few traces would be left on the machine, that it had even
be turned on.

What does this mean?  It means you need to use a combination of
non-windows based encryption (I also use Axcrypt) for all files that
NEED to remain on the local machine, and then force all other
important documents to a secured server.

my 2 cents,
Liam Jewell

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]