To Password Protect a network folder or not
-
Or to put it another way....
NTFS security vanishes when physical access is breached.
Encryption security vanishes when normal systems are in operation.
Which is why I said that you could definitely encrypt the entire drive for physical security considerations, that can make sense (once in a great while) but encrypting individual files is generally quite silly.
-
@scottalanmiller said in To Password Protect a network folder or not:
@Carnival-Boy said in To Password Protect a network folder or not:
To use the example of MS Office's password protection, that is far more secure than NTFS is (or was), I believe? Since NTFS is easy (or always was, I'm not sure if it is improved) to break if you gain physical access to the file server where anyone can gain local admin rights (for example). Correct me if I'm wrong!
That particular case is awful. I've seen other apps open "encrypted" MS Office files accidentally. It used to be, at least, that LibreOffice users wouldn't even get prompted for the password and would get access to the entire document without even knowing that it was meant to have been secured!
I doubt it. Maybe 10+ years ago, but not now.
@Breffni-Potter tried to break one of my AES encrypted 7Zip files last year (and failed). Do you want to try a new challenge and crack one of my password protected Word files? I bet you can't.
I'm not saying password protection should be an alterntive to NTFS. I agree that would be silly. But as an additional layer of security it is valid.
-
@Carnival-Boy said in To Password Protect a network folder or not:
@Breffni-Potter tried to break one of my AES encrypted 7Zip files last year (and failed). Do you want to try a new challenge and crack one of my password protected Word files? I bet you can't.
He never bothered. I remember checking in and he never even looked into it.
-
@Carnival-Boy said in To Password Protect a network folder or not:
I'm not saying password protection should be an alterntive to NTFS. I agree that would be silly. But as an additional layer of security it is valid.
Only against physical theft, though. If we are talking about a situation at the office, you would not brute force the password, you would instead bypass it. The file is only secure as long as it is not accessed.
-
@Carnival-Boy said
@Breffni-Potter tried to break one of my AES encrypted 7Zip files last year (and failed). Do you want to try a new challenge and crack one of my password protected Word files? I bet you can't.
I actually succeeded on the first try remember?
My lab was in pieces and I never got around to doing it.
-
It's not too late to try
-
@Carnival-Boy said in To Password Protect a network folder or not:
It's not too late to try
True.
I do know of 1 very sneaky trick though to instantly get the data.
7ZIP stores a copy of the unencrypted file in the Windows temp directory.
-
Hi,
This may be off-topic, I don't see many people talk of AD RMS, with or without Gigaworks / Secureislands etc..
-
@Breffni-Potter said in To Password Protect a network folder or not:
@Carnival-Boy said in To Password Protect a network folder or not:
It's not too late to try
True.
I do know of 1 very sneaky trick though to instantly get the data.
7ZIP stores a copy of the unencrypted file in the Windows temp directory.
Nice try. But 7Zip stores a copy in MY Windows temp directory, not yours. How do you propose getting access to my temp directory?
-
@Carnival-Boy said
Nice try. But 7Zip stores a copy in MY Windows temp directory, not yours. How do you propose getting access to my temp directory?
Yes that's what I meant. But it would also store it in the temp directory of any machine which decrypts with 7zip. As for how I get access to the temp directory, how determined am I to get your data? If the data was that important, why not just steal the desktop?
Bitlocker can be completely cracked apart in a minute if the following conditions are met.
Hibernation is enabled
The machine is in sleep/not turned off.Then all that needs to happen is the laptop (most likely) to be stolen, which is typically left on sleep mode and then the bitlocker protection is null and void.
Electronic attack is not the only threat and most of the data breaches in the media have been due to lost USBs, lost laptops and so on.
-
Is that your long-winded way of admitting defeat in my challenge
-
Although if I come in to work tomorrow and find my laptop has been stolen and there's a note on my desk that says "I win, love from Breffni", you'll have taken the challenge too far.
-
@Carnival-Boy said in To Password Protect a network folder or not:
Although if I come in to work tomorrow and find my laptop has been stolen and there's a note on my desk that says "I win, love from Breffni", you'll have taken the challenge too far.
All is fair in love, war and hacking contests.
-
@Carnival-Boy said in To Password Protect a network folder or not:
Is that your long-winded way of admitting defeat in my challenge
As a good politician says, we will not accept defeat but we are considering all of our options in this matter.
One of them involves @scottalanmiller doing me a favour....so please hold.
-
@Breffni-Potter said in To Password Protect a network folder or not:
....so please hold.
Take your time - I've already waited a year.
-
@Veet said in To Password Protect a network folder or not:
Hi,
This may be off-topic, I don't see many people talk of AD RMS, with or without Gigaworks / Secureislands etc..
I'm certainly avoiding it because I have no idea what it is
-
@Carnival-Boy said in To Password Protect a network folder or not:
@Breffni-Potter said in To Password Protect a network folder or not:
@Carnival-Boy said in To Password Protect a network folder or not:
It's not too late to try
True.
I do know of 1 very sneaky trick though to instantly get the data.
7ZIP stores a copy of the unencrypted file in the Windows temp directory.
Nice try. But 7Zip stores a copy in MY Windows temp directory, not yours. How do you propose getting access to my temp directory?
As an admin, we'd have access. The purpose of encrypting (in the OP's scenario) is to overcome the inherent need to trust the admin. Not a third party. Encryption for transfer to a third party is a very different scenario and yes, it would make sense there. But that's not how the OP is using it.
-
@Carnival-Boy said in To Password Protect a network folder or not:
Although if I come in to work tomorrow and find my laptop has been stolen and there's a note on my desk that says "I win, love from Breffni", you'll have taken the challenge too far.
.... challenge accepted....
-
@scottalanmiller said in To Password Protect a network folder or not:
@Veet said in To Password Protect a network folder or not:
Hi,
This may be off-topic, I don't see many people talk of AD RMS, with or without Gigaworks / Secureislands etc..
I'm certainly avoiding it because I have no idea what it is
Gigaworks / Secure Islands I've never heard of
AD RMS = Active Directory Rights Management Services.
"By using Active Directory Rights Management Services (AD RMS) and the AD RMS client, you can augment an organization's security strategy by protecting information through persistent usage policies, which remain with the information, no matter where it is moved. You can use AD RMS to help prevent sensitive information—such as financial reports, product specifications, customer data, and confidential e-mail messages—from intentionally or accidentally getting into the wrong hands."
https://technet.microsoft.com/en-us/library/cc771627(v=ws.11).aspx