Tuesday, December 11, 2018

windows - File/folder encryption for my laptop on a company network


I'm using an IBM laptop on a company network. My OS is Windows XP SP3 and file system is NTFS. I would like to encrypt my files (or folders) on my laptop so no one can reach the contents of specific files.


Is that possible to do without a 3rd party software? Can I easily encrypt specific files or folders, and then decrypt them whenever I want to open/modify them?


Answer



Why can't you use third party software? This is the only native way I can think of doing it in XP. There are issues with it though (from wikipedia):



User authentication and access control lists can protect files from unauthorized access while the operating system is running, but are easily circumvented if an attacker gains physical access to the computer. One solution is to store the files encrypted on the disks of the computer. EFS does this using public key cryptography, and aims to ensure that decrypting the files is extremely difficult without the correct key. However, EFS is in practice susceptible to brute-force attacks against the user account passwords. In other words, encryption of files is only as strong as the password to unlock the decryption key.



Unfortunately there are a lot of ways to get the user password on Windows XP. I wouldn't use this to encrypt sensitive data.


If you can somehow use third party software I would highly recommend Truecrypt. You have the choice of either encrypting the whole drive, or creating something called a file container and storing encrypted data within it.


If you do system encryption, meaning encrypt the whole drive (or partition), you will provide a password during the boot procedure. The operating system will then boot normally and ALL your activity will be encrypted. Everything that you do, all the files you save, all the files you work on, will be encrypted.


If you create a file container, you will create a file of a certain size. This file will then be mounted using your encryption key (password) as a drive in My Computer. The drive acts like any other drive, it can be formatted with the file system of your choice. The obvious difference is that anything saved to this drive will be encrypted. This is usually the popular choice for two main reasons.



  • It is convenient as users are familiar with saving to drives and it allows you to put anything you want inside it.

  • The container is a file and can be moved.


Lets say you have a container that is 4GB and you need to back it up. You can burn the single file to a single layer DVD. When you insert the DVD in the future, you can mount the file using Truecrypt and it will show up the same way as a drive. You can then, after entering the password, access the encrypted data from the date it was backed up. If someone ever finds the DVD they will not be able to see what is on it without your password.


I hope this answers your question, let me know if you need anything clarified.


No comments:

Post a Comment

hard drive - Leaving bad sectors in unformatted partition?

Laptop was acting really weird, and copy and seek times were really slow, so I decided to scan the hard drive surface. I have a couple hundr...