windows xp security tips
i am going to be storing a windows xp sp3 based tower for a period of months while travelling. while the tower will be relatively secure, i'm unfamiliar with newer password cracking techniques, as i've never had to implement them. all sensative data on the machine is encrypted using fips algorithms on ntfs drive. i am hoping some of you can give me some tips to guard against a brute force attack against this machine. although it might sound a bit odd, this machine was the first i ever built from the ground up, per se. it's kind of serves as a time capsule. although i'm aware of the fact that brute force attacks are not 100% preventable, i'd like to make it as difficult as possible. i have no experience with hacking myself, although i should, to prevent it from happening. any advise would be helpful.
Software/Hardware used:
Software/Hardware used:
ASKED:
August 30, 2008 12:52 PM
UPDATED:
September 7, 2008 6:46 AM
Answer Wiki:
The best level of protection against brute force passwords is to use long and complex passwords. Of course, the longer and more complex the password, the more likely it will be forgotten, so it is best to construct the password using specific letters from a phrase and insert or replace certain letters with numbers, spaces, punctuation and special characters, including non-printable characters. Of course, if someone can gain physical access to the computer itself, then game over! All they have to do is install a parallel OS on it or boot it using a "live" OS on a DVD, USB drive, etc. and gain access to the resident volumes. Granted, they will not be able to read any of the data that is encrypted but decrypting it as well isn't necessarily beyond the realm of possibility.
To see all answers submitted to the Answer Wiki: View Answer History.
I have many many many (you get the point) passwords. I save them in an Excel file. I protect the document with a password. I encrypt the entire document with another password. Then I save it on a multi-layered password protected flash drive. That flash drive never leaves my pocket. No matter what you do, it’s going to be a security risk. The main problem is you need passwords to be accessible, but the more accessible they are, the less secure they are. You will have to find the compromise and the happy medium.
Hope this helps!
-Schmidtw
Are you sure you’ve encrypted everything sensitive? The problem with encrypting at the file or volume level is that files containing sensitive information – and even ones containing info that can serve as a stepping stone – can easily fall out of the realm of protection you have. Files get copied both intentionally and accidentally. Files get saved to temp directories, the swap file and hibernation files can contain sensitive information. You get my drift.
The best way I’ve found is to encrypt the entire hard drive using a complex – yet easy to remember – passphrase. Like Schmidtw said, nothing’s going to be 100% secure but whole disk encryption (i.e. PGP and others) provides a darn near 100% solution.
i truly appreciate all the suggestions given. thanks. i have encrypted at the folder level, and all files of sensitive nature were copied to encrypted folders, then the original files erased to us dod standard. the keys were stored on my jump drive, using encryption, then erased from hard drive. final step was to empty temp folders, and erase unused disk space, including cluster tips and file names and the space where the pagefile.sys file was resident. i haven’t created the password yet, i am working on that. i will be travelling with my laptop which never had any of these files stored on it to begin with, so, if stolen, they will get nothing more than the unit itself. if i’ve missed anything, please bring it to my attention. thanks again for the help being provided.