Well why is it a security issue? You may ask or even laugh at.
It is simple. Permissions...
Permissions is something enterprises, corporations, military, schools, and even end user's with multiply login accounts will encounter, wither you know realize it or not.
Every time you login thru user and password or by other means, Window's creates something known as a User Profile. The locations of the profiles are usually located at c:\documents and settings or c:\users. The purpose of the Profile is to keep things simple soo to speak when it deals with backing up, transfer, or keeping certain stuff secured. The second you login, the profile is created. Every email that is checked, every file that is saved, every site that is viewed, is located all in the user's profile.
The profiles by default are always locked down by default to both the assigned user and the administrator (either local admin or domain admin). The computer's permissions are set in the Windows OS itself that is on the machine.
This leads to the first issue. A user can use what we call in the PC Tech world called a C.A.D. (Computer Automation Disc).
In simple terms, some users will refer to it as a "hack disc".
What does this C.A.D. do exactly? It loads up a mini os that will let you browser the contents of the hard drive from a preboot screen before windows itself loads up. In return, the permissions from the registry isn't loaded up, and everyone can access it.
Alot of PC Tech's use this method to slave (transfer) the data from one hard drive to another in case of a OS failure (BSOD) or other issues where the hard drive is still in operating conditions, but the OS is not. They usually have a folder which has a permission set to EVERYONE located on the main C: drive. Commonly, most techs or system admins will have it as C:\Temp. When the permission is set to everyone on the new folder destination on the new hard drive, the old permissions linking to certain profiles are no longer accompany by the registration. In return the user will be told to login and simply drag and click or copy and paste the old profile to their desktop and sort through it from there. The second issue now arises.
The second issue will be, what if multiply users use the same computer, such a supply\inventory room employee, or a insurance filer, or police investigators? From what I have seen from experience, we simply leave a sticky note or tell the users to let their "Buddies" know that all the user's profiles are located in the C:\TEMP folder and to copy it to their desktop when they login. Lets put two and two together. Permissions are set to EVERYONE, the old registry from the old hard drive is no longer there to set the permissions to the transferred profile, and you are telling the one of the many users of the machine to look in the temp folder and grab their profiles that anyone can now look at to their desktop and to delete it from the c:\temp folder. Alot of people know the wonders of simple copy and paste. They now have access to everything you have done and did. They can read emails, sniff through websites you gone to, look up old cache and cookie files that may contain online shopping information and other personally identifiable information that is not ment to viewed or to be in the possession of other users. This can lead to identity theft, blackmail, or someone taking your uncompleted work and stamping it as their own.
The third issue we will look at it is the recycling bin. The M$ recycling bin is a special system folder, the permissions are set to everyone but limited. Only you can view your recycling bin when you are logged into your own profile, but what if a admin logins in, or a the C:\RECYCLER folder was transferred over? You can now see every single file that was sent to the recycling bin that wasn't deleted, why? Because the premissions. The admin box being checked in the admin or tech's account allows them complete access. Once someone can remote into your machine, windows will automatically assume admin permissions due to the fact it isn't blocked by any new rules or patches.
Although people will be like, who will steal just my hard drive? Lets have a look at the number one device alot of company's and governments are now using to secure their hard drives.
A simple solution to protect your files, password protect it with a third part software, or if you want a simpler way, compress the file with 7-zip and password protect it. Its really simply but may prove a inconvenience to users, so I would suggest compressing projects and other select files that you would rather not have compromise. Ensure the password is atleast 16 characters long, consisting of lower case, upper case lettering, numbers and symbols. Ensure no characters repeat after one another.
A simple solution to absolutely protect your hard drive from theft, is a page that you may have to take out of bin laden's handbook. Bitlock or pointsec, but it only deals with the physical hard drive.
Bitlocker is a fully disk encryption that is on winxp, win7, win8. It create a separated unseen partition on a hard drive boots first before the OS. You will need a password, or key to access any of the contents and it does not care about permissions or OS. No Password, no access. Also No Windows OS, No ability to view the drive. There are two ways to break through it, run a brute force program on it, in which depending on the complexity and length of the password, wither it deals with symbols and numbers or not, will take up to 20 years max to break based on current off the shelf models. .The other meathod from what I read online is to obtain the whole entire machine when it's still logged in and you can run a few apps to view the key as it floats in the ram, a stupid method, but I guess it works however the situation may dictate.
Solution number two... Point sec. Kinda in it's own way, and kinda isn't. The Point Sec runs off its own unseen hidden partition that loads up before the OS does. What does point sec do? Simple, If the mother bios does not link up to pointsec has on record when it was installed, or if the drive is being detected as a slave drive and does not match up with the motherboard bios, the whole entire drive is wiped clean.
No comments:
Post a Comment