Do you have a question? Post it now! No Registration Necessary. Now with pictures!
May 4, 2005, 1:40 pm
rate this thread
Ntfs is not really secure. What we need is a file system that is encrypted
with a passphrase and pin. So that even if your system is wide open to the
internet, nobody can read or write or even see your harddrive without the
proper codes. Only those on your network that you give access to would be
able to. You would have access from a remote computer because you have the
codes. The pin code could be the fingerprint reader output in combination
with other input. This would put the virus, trojan and spyware writers along
with just plain snoops out of business for good. Also something that locks
all your ports when the mouse is still would be a good thing.
Re: File systems
Yes, it would.
However there is no such thing as perfect security against a determined
enough intruder. If the user required a security code to access the
drive, what about the software which they run to access the material?
Somehow I doubt that you could create an OS which could use such a
system, so if the machine became compromised with a keylogger or remote
viewing trojan the code would be insecure as it would be recorded :-(
Re: File systems
No "normal" file system is secure. That's why encrypted file systems have
been available for decades. Did you think to look at google?
Web Results 1 - 10 of about 240,000 for encrypted filesystem. (0.28
Web Results 1 - 10 of about 3,190,000 for encrypted file system. (0.13
A PIN (Personal Identification Number) is normally considered the same as
a passphrase, but the word you really mean is "tokens" to gain access. In
most situations, the tokens are a 'username' and 'password', but this could
also be a real or pseudo-one-time token, such as the output of a time synced
passcode generator (SecureID card or similar), or a file on removable media
(floppy, micro-CD, USB trinket, etc.). It sounds as if you are not including
the encryption key as a token. Depending on the algorithm used, the key
could be as short as a third of a line of text of this density, or the
equivalent of a whole page of text. Not something the user is going to
memorize, and is often on that removable media (and thus becomes a security
problem of it's own).
If one person has access to the drive, then ALL have access to the drive by
various means - for example, by exploiting the stupidity of the authorized
user to impersonate that user, or the much more common mechanism to have the
authorized used act for the attacker (such as installing some neat tool the
user thinks will fast dial the pizza joint or call up that pr0n web page with
one simple click of a k3wl icon).
If you are going to give network access, the files have to move over the
wires in an encrypted form - being decrypted/encrypted on the users computer.
Otherwise, the password/PIN/data is sniffed off the wire (or if you're
really stupid, off the wireless link without you even knowing). This means
that the security application/hardware ALSO has to be installed on the
remote computer (and removed when done).
There are better ways. Google is your friend. Also remember than the
encryption key must not be on the computer with the data, but must be
kept in a secure place. That key _could_ be one of the tokens, but it's
not the best means of securing things. Remember not to make things to
complicated for your users, or they will find their own creative (but
invariably totally insecure) ways to make it usable.
Totally false. Your users (who have to run as Administrator because otherwise
they can't get anything done - whine, whine, whine) will still click on every
"Install me, I'm a virus" button they can find, even if they haven't enabled
the "Auto-install everything, and don't bother me" mode. Virus/trojans/worms
do not magically install themselves on a system without some assistance and/or
approval of the users. Microsoft never granted access to the spyware. viruses
or trojan (look up the definition of that word) suppliers, because they don't
know who they are either.
Ports? Serial/parallel/PS2/USB? IP? I had a system misconfigured
once, where the IRQ thought to be used for the modem was actually set to
the mouse - and the only way anything worked over the link was to constantly
move the mouse. That got very old, real quick. I've also heard another tale
where the mouse and keyboard interrupts were interchanged. Much hilarity as
a result. If you are talking about IP ports, why do you have them open
in the first place?