RE: password protect encrypted directory

["Ted Yavuzkurt" <element0 () phreaker net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I use PGP Disk to encrypt data - it works wonders.

With PGP the directory will appear to be empty unless you mount it. 
It also auto unmounts volumes after a specified period of time.  What
I've found to be especially handy with PGP disks is the way you can
create a sort of "panic button" that will forcibly unmount the disk
even if it has files open.

One thing you have to watch out for though is opening the files on
the PGP disk.  Some programs may create cached versions of documents
that will persist after the disk is unmounted.

As far as NTFS security goes, encrypted files remain encrypted unless
you know the original password they were encrypted with...however
cracking those passwords is often not terribly difficult and the
encryption is weak and prone to the previously mentioned
vulnerabilities.

Good luck.

- -Ted
- - -----Original Message-----
From: fiber [mailto:mynameisfiber () gmail com]
Sent: Thursday, August 19, 2004 11:32 AM
To: security-basics () securityfocus com
Subject: Re: password protect encrypted directory

i think the best option out of all of the suggested was Thomas
Evans'.  

using NTFS security is like wrapping it in paper and hoping no one
sees it: when you start up with a boot disk there is no NEED to crack
the admin password, all the things that keep the security system in
tact are not on and you can browse the hard drive free.

with PGP you can ensure that even if everything is STOLEN it will not
be read (assuming you keep good passphrase's and treat it as sacredly
as a password).

hope this helps!

- - -fiber

On Mon, 16 Aug 2004 23:22:39 +0200, Hugo Deckx <hugo.deckx () skynet be>
wrote:
> All,
>
> The best product I found so far to protect folders but also files 
> (based on
> extension) is called C4-Polytrust
> More info at http://www.polytrust.com and http://www.safeboot.com/
>
> SC Award Best Encryption Solution 2004
>
> Rgs,
> Hugo Deckx
> Corporate IT Security & Computer Forensic Manager Belgacom nv
> Belgium   Telecom Operator mailto:hugo.deckx () belgacom be Phone
> +3222024914
>
>
>
>
> -----Original Message-----
> From: Thomas T. Evans, III [mailto:ttevans () hawkcorp net]
> Sent: 16 August 2004 15:01
> To: 'Dana Rawson'; security-basics () securityfocus com
> Subject: RE: password protect encrypted directory
>
> Dana:
>
> Depending on how far you want to go, PGP will allow you to create a
>   mountable volume that is encrypted and needs a password to view.
> The  volume is not visible unless mounted, if I recall correctly.
> That  should be pretty secure.
>
> Thomas T. Evans, III CCNA
> Senior Network Manager
> Hawk Corporation
> ttevans () hawkcorp net
> 216-267-7787 Ext. 500
> Cell: 440-669-2526
> Fax: 917-464-7241
> President, MFG/Pro Midwest User Group
>
> "The difference between genius and stupidity is that genius has 
> limits" --Albert Einstein
>  
>
> -----Original Message-----
> From: Dana Rawson [mailto:absolutezero273c () nzoomail com]
> Sent: Thursday, August 12, 2004 12:38 PM
> To: security-basics () securityfocus com
> Subject: password protect encrypted directory
>
> G'Day, all.
>
> Hope this isn't too basic of an issue but I wanted to ask for your 
> direction if possible.
>
> Preface: I have directory which contains sensitive data on a w2k/xp
>  laptop. I have the directory and files residing within encrypted.
>
> Issue: I would like to password protect this directory so even the 
> user who is logged into this profile is prompted for a password
> prior   to gaining access to this data.
>
> Desired outcome: By accomplishing this (if possible) I wish to deny
>   access to this data via remote entry/being hacked, and also
> protect   the data should the laptop be stolen, or someone walks
> away from their   computer without locking it (i.e. ctrl-alt-del)
> leaving it wide open   for someone to sit down and start playing.
>
> Is this something that can be accomplished?  Is there commercial or
>   opensource software available?
>
> I have found software on the web that states it can password
> protect a   directory, but with out installing and testing all of
> them how can I   know if it most secure?  Has anyone tested or
> reviewed this type of  software?
>
> Is anyone familiar with this that might make a recommendation?
>
> Thanks again in advance for your time.
>
> Regards,
>
> Dana
>
> --------------------------------------------------------------------
> -- ----- Ethical Hacking at the InfoSec Institute. Mention this ad
> and   get $545 off any course! All of our class sizes are
> guaranteed to be   10 students or less to facilitate one-on-one
> interaction with one of   our expert instructors.
> Attend a course taught by an expert instructor with years of 
> in-the-field pen testing experience in our state of the art hacking
>   lab. Master the skills of an Ethical Hacker to better assess the 
> security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.htm
> l
> --------------------------------------------------------------------
> -- ------
>
> --------------------------------------------------------------------
> -- ----- Ethical Hacking at the InfoSec Institute. Mention this ad
> and   get $545 off any course! All of our class sizes are
> guaranteed to be   10 students or less to facilitate one-on-one
> interaction with one of   our expert instructors.
> Attend a course taught by an expert instructor with years of 
> in-the-field pen testing experience in our state of the art hacking
>   lab. Master the skills of an Ethical Hacker to better assess the 
> security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.htm
> l
> --------------------------------------------------------------------
> -- ------
>
> --------------------------------------------------------------------
> -- ----- Ethical Hacking at the InfoSec Institute. Mention this ad
> and   get $545 off any course! All of our class sizes are
> guaranteed to be   10 students or less to facilitate one-on-one
> interaction with one of   our expert instructors.
> Attend a course taught by an expert instructor with years of 
> in-the-field pen testing experience in our state of the art hacking
>   lab. Master the skills of an Ethical Hacker to better assess the 
> security of your organization. Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.htm
> l
> --------------------------------------------------------------------
> -- ------

- -
- ----------------------------------------------------------------------
- - -----
Computer Forensics Training at the InfoSec Institute. All of our
class sizes are guaranteed to be 12 students or less to facilitate
one-on-one interaction with one of our expert instructors. Gain the
in-demand skills of a certified computer examiner, learn to recover
trace data left behind by fraud, theft, and cybercrime perpetrators.
Discover the source of computer crime and abuse so that it never
happens again.

http://www.securityfocus.com/sponsor/InfoSecInstitute_security-basics_
040817
- -
- ----------------------------------------------------------------------
- - ------

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQSpFlp2pO7IuQU1ZEQKv7ACgoKSsfs7ncxmwGOV4dGyYVL7uVIIAnin0
Z0Kg4Ps5BdvY8XJwHgX1USRR
=SfYn
-----END PGP SIGNATURE-----



---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------