securing folder on external disk(s)

I have an external (firewire) disk (60GB) which I use daily
between my home-
and the office-computer. Both computers run Win2000.

I have tried to encrypt the data and add user rights, but using
other computers this is easy to change once logged in as
administrator on a third party Win2k computer.
What is the best way of securing access to this (firewire) disk
(or directories) such that if I loose it "no one" can have (easy)
access to it?

Many thanks

--
Zen Andreas

Jay
Tue Jun 08 12:00:18 CDT 2004

you could look at programs that use PKI, Since you may not have a cert
server and pki infrastructure you could use PGP or Steganos Security Suite 4

--


Jay Ferron ADSI, CISM, CISSP, MCP, MCDBA, MCSE, MCT, NSA - IAM, TCI

"Zen Andreas" <zen8069@zen.co.uk> wrote in message
news:Ot90iXWTEHA.2704@TK2MSFTNGP10.phx.gbl...
> I have an external (firewire) disk (60GB) which I use daily
> between my home-
> and the office-computer. Both computers run Win2000.
>
> I have tried to encrypt the data and add user rights, but using
> other computers this is easy to change once logged in as
> administrator on a third party Win2k computer.
> What is the best way of securing access to this (firewire) disk
> (or directories) such that if I loose it "no one" can have (easy)
> access to it?
>
> Many thanks
>
> --
> Zen Andreas
>
>

Zen
Tue Jun 08 14:13:22 CDT 2004

many thanks for your advice.
I had a look at third party software. The problem I had with
these is that IF you do not have the software and you happen to
be a crook finding my disk, its very easy to delete the protected
files.
Yes, at least the information is protected (so the most important
aim is achieved), but making sure these cannot be deleted would
make it more suitable.....


"Jay Ferron" <Support@interactiveSecuritytraining.com> wrote in
message news:%23v0YUoXTEHA.1472@TK2MSFTNGP12.phx.gbl...
> you could look at programs that use PKI, Since you may not have
a cert
> server and pki infrastructure you could use PGP or Steganos
Security Suite 4
>
> --
>
>
> Jay Ferron ADSI, CISM, CISSP, MCP, MCDBA, MCSE, MCT, NSA - IAM,
TCI
>
> "Zen Andreas" <zen8069@zen.co.uk> wrote in message
> news:Ot90iXWTEHA.2704@TK2MSFTNGP10.phx.gbl...
> > I have an external (firewire) disk (60GB) which I use daily
> > between my home-
> > and the office-computer. Both computers run Win2000.
> >
> > I have tried to encrypt the data and add user rights, but
using
> > other computers this is easy to change once logged in as
> > administrator on a third party Win2k computer.
> > What is the best way of securing access to this (firewire)
disk
> > (or directories) such that if I loose it "no one" can have
(easy)
> > access to it?
> >
> > Many thanks
> >
> > --
> > Zen Andreas
> >
> >
>
>

S
Wed Jun 09 04:49:17 CDT 2004

Use Windows EFS. It's especially good for encrypting data on external
drives.
You will need to make sure decryption keys are backed up - they are NOT
travelling with you everywhere. And if your concern is possible deletion of
the data - nothing protects from that really. What exactly are your
requirements?

--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-

"Zen Andreas" <zen8069@zen.co.uk> wrote in message
news:e6k340YTEHA.1472@TK2MSFTNGP09.phx.gbl...
> many thanks for your advice.
> I had a look at third party software. The problem I had with
> these is that IF you do not have the software and you happen to
> be a crook finding my disk, its very easy to delete the protected
> files.

Zen
Wed Jun 09 05:35:25 CDT 2004

My requirements?
The external disk is used between two computer: home and work.
Since at work people wanna have access to everything on the
disks, I keep my outlook files on the external disk too. So I
wanna make sure that when I loose the disk, leave it unattended
(or case someone steals/borrows it) they cannot access these
files.
And, if you can delete the directories without permission, I
think you can move or copy it somewhere else as well (without
authorisation).

Basically I want it to work like a car: if you have the key you
can drive it else you have to break in with force (but that's
where the encryption comes in I think).

If, as you advices, I'd use the EFS. Where do I find the right
key? and is it true where ever I bring the key I can gain access
on the basis of this key alone?

Many thanks for your help,
Zen

"S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message
news:uRyHKcgTEHA.3988@TK2MSFTNGP10.phx.gbl...
> Use Windows EFS. It's especially good for encrypting data on
external
> drives.
> You will need to make sure decryption keys are backed up - they
are NOT
> travelling with you everywhere. And if your concern is possible
deletion of
> the data - nothing protects from that really. What exactly are
your
> requirements?
>
> --
> Svyatoslav Pidgorny, MVP, MCSE
> -= F1 is the key =-
>
> "Zen Andreas" <zen8069@zen.co.uk> wrote in message
> news:e6k340YTEHA.1472@TK2MSFTNGP09.phx.gbl...
> > many thanks for your advice.
> > I had a look at third party software. The problem I had with
> > these is that IF you do not have the software and you happen
to
> > be a crook finding my disk, its very easy to delete the
protected
> > files.
>
>

Lionel
Wed Jun 09 06:46:37 CDT 2004

Zen Andreas wrote:
> And, if you can delete the directories without permission, I
> think you can move or copy it somewhere else as well (without
> authorisation).

That's not completely true: you can destroy information without being
able to decrypt it. You cannot completely avoid this, since it's
possible to destroy the disk itself (or reformat it).

> Basically I want it to work like a car: if you have the key you
> can drive it else you have to break in with force (but that's
> where the encryption comes in I think).
>
> If, as you advices, I'd use the EFS. Where do I find the right
> key? and is it true where ever I bring the key I can gain access
> on the basis of this key alone?

The key is a self-signed certificate that is generated the first time
you use EFS. It's stored in a secure part of the registry, and tied to
your login account. Without this certificate (precisely, without the
private key), your files are encrypted using very strong cryptographic
algorithms. You can be pretty sure that nobody will be able to decode
them _as long as the private key is unknown_.

You should carefully back up this certificate, including the private
key, since you'll lose it if you reinstall, or even if you use a
password-reset disk. Without it, all your encrypted data will be lost.

Zen
Wed Jun 09 07:02:30 CDT 2004

Where can I find the certificate (i.e. path) that is being used,
so I can have one backup on i.e. a floppy or a CD?

Thanks,
Zen
"Lionel Fourquaux" <use.reply.to@no-spam.invalid> wrote in
message news:O4FatdhTEHA.3660@tk2msftngp13.phx.gbl...
> Zen Andreas wrote:
> > And, if you can delete the directories without permission, I
> > think you can move or copy it somewhere else as well (without
> > authorisation).
>
> That's not completely true: you can destroy information without
being
> able to decrypt it. You cannot completely avoid this, since
it's
> possible to destroy the disk itself (or reformat it).
>
> > Basically I want it to work like a car: if you have the key
you
> > can drive it else you have to break in with force (but that's
> > where the encryption comes in I think).
> >
> > If, as you advices, I'd use the EFS. Where do I find the
right
> > key? and is it true where ever I bring the key I can gain
access
> > on the basis of this key alone?
>
> The key is a self-signed certificate that is generated the
first time
> you use EFS. It's stored in a secure part of the registry, and
tied to
> your login account. Without this certificate (precisely,
without the
> private key), your files are encrypted using very strong
cryptographic
> algorithms. You can be pretty sure that nobody will be able to
decode
> them _as long as the private key is unknown_.
>
> You should carefully back up this certificate, including the
private
> key, since you'll lose it if you reinstall, or even if you use
a
> password-reset disk. Without it, all your encrypted data will
be lost.

Lionel
Wed Jun 09 12:32:10 CDT 2004

It's in the registry. You can export it to a file using the "Certificate
manager" MMC applet (run mmc, then add this applet using File -> Add a
component). Don't forget to export the private key!

Zen Andreas wrote:
> Where can I find the certificate (i.e. path) that is being used,
> so I can have one backup on i.e. a floppy or a CD?
>
> Thanks,
> Zen
> "Lionel Fourquaux" <use.reply.to@no-spam.invalid> wrote in
> message news:O4FatdhTEHA.3660@tk2msftngp13.phx.gbl...
>
>>Zen Andreas wrote:
>>
>>>And, if you can delete the directories without permission, I
>>>think you can move or copy it somewhere else as well (without
>>>authorisation).
>>
>>That's not completely true: you can destroy information without
>
> being
>
>>able to decrypt it. You cannot completely avoid this, since
>
> it's
>
>>possible to destroy the disk itself (or reformat it).
>>
>>
>>>Basically I want it to work like a car: if you have the key
>
> you
>
>>>can drive it else you have to break in with force (but that's
>>>where the encryption comes in I think).
>>>
>>>If, as you advices, I'd use the EFS. Where do I find the
>
> right
>
>>>key? and is it true where ever I bring the key I can gain
>
> access
>
>>>on the basis of this key alone?
>>
>>The key is a self-signed certificate that is generated the
>
> first time
>
>>you use EFS. It's stored in a secure part of the registry, and
>
> tied to
>
>>your login account. Without this certificate (precisely,
>
> without the
>
>>private key), your files are encrypted using very strong
>
> cryptographic
>
>>algorithms. You can be pretty sure that nobody will be able to
>
> decode
>
>>them _as long as the private key is unknown_.
>>
>>You should carefully back up this certificate, including the
>
> private
>
>>key, since you'll lose it if you reinstall, or even if you use
>
> a
>
>>password-reset disk. Without it, all your encrypted data will
>
> be lost.
>
>