Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Encryption: say no to data theft, NTFS security part 2

If your laptop is stolen, will the thief be able to read your vital statistics and personal info? They will if you haven’t used encryption. They’ll have your passwords as well. Do you keep any confidential business files on your computer — like some doctors and Veteran’s Affairs employees do?

As I mentioned in yesterday’s article (if not visible below, click here), Windows has the ability to encrypt your stored data if you are using the NTFS file system, as well as controlling access from networked computers. Enabling encryption is easy, and acts invisibly to the user (you) — and by that I mean your files will look like they always do, but to an “unauthorized user” they will look like a garbled alphabet soup of nonsensical gibberish.

Tip of the day: Encrypt your My Documents folder for top-notch security. To encrypt files and/or folders in Windows you must be using the NTFS file system, which most of you will already have on your machines (use the link above to read how to check, and convert to NTFS if neccessary). There are a few different ways to use encryption; you can encrypt individual files; you can encrypt entire folders and, by default, their subfolders; and, you can encrypt your hard drive (of import for laptop owners). The process for the first two are the same, while the third requires a different method.

The simplest method to provide encryption to your personal data is to encrypt the My Documents folder, which I will use for purposes of demonstration — as I mentioned, doing so will encrypt all the files inside and also encrypt the contents of any subfolders. Start by right-clicking on the My Documents folder and selecting Properties…accessing the folder may be as simple as clicking the Start button or finding its icon on your desktop or you may have to click Start >My Computer >Local drive C:, depending on your settings and preferences. When the My Documents folder’s Properties window opens, click on the “Advanced” button.
prop.jpg
As you can see, my My Documents is set to “compressed”, but is not encrypted yet. Compression is another feature of NTFS that was very, very much sought-after in the days before giant hard drives (back then, we hadn’t heard of digital ID Theft) and is a method that uses an algorithm to shrink file sizes. You cannot, however, use encryption and compression at the same time, and today the value of the former far outweighs the latter. Fortunately, switching from one to the other requires no effort on your part, simply select “Encrypt contents to secure data” and the rest is automatic. Now click “OK”, and then “Apply”. Whenever you encrypt a folder, you will be asked if you want to apply encryption to just that folder, or all the files and subfiles and folders; you want the latter, which is the default.
That’s it. You’re done. Your documents are now safe from “unauthorized” eyes.

That is true, unless the person trying to access your data has their hands on your machine and is able to ‘crack’ your User password (you have given your User Account a password, haven’t you?) which may be the case if your laptop is stolen. To prevent data loss in that type of a situation, you want to encrypt your whole startup process and password protect it…which in essence encrypts your whole hard drive. To do so, click Start >Run and then type in “syskey” (no quotes). Now click on the “Update” button.
paskey.jpg
Select the top radio button, “Password Startup” and enter a good, strong password. Then enter it again for confirmation. Be sure to write down your password and keep it in a safe place — should you ever forget it, it is not an easy task for even an experienced tech to get you back in to your machine.
Tomorrow, I’ll discuss NTFS network “permissions” which allow you control of your network.

A final thought: I think it only fair to tell you (what you may have already guessed/know) that a very knowledgable Evil Doer, if they have physical access to your machine, can often get around whatever security you have in place. The hacker expression is, “if I can touch it, I own it.” So please don’t be careless with your, or your company’s, vital data.

Today’s free link: most of you already know that the World Wide Web is a wonderfully rich resource for researching information, but did you also know it is an excellent resource for digital images? Need a picture of the Golden Gate bridge to put into your child’s homework assignment? The place to start looking is Google Images.

Copyright © 2007 Tech Paul. All rights reserved.

July 18, 2007 - Posted by | advice, computers, converting to NTFS, encrypting files, file system, how to, PC, security, tech, Vista, Windows, XP

4 Comments »

  1. Hi,

    I followed your advice in this column and seem to have gotten myself into quite a jam. Unless I am mistaken (which I would be very glad to find is the case), you may wish to include a warning.

    Here’s the problem. I encrypted a large number of important files. Both my backup disk and primary disk were encrypted.

    Hard drive failure. I was able to recover most of the files, but cannot now access any of the encrypted data. From my investigations, this appears to be unrecoverable.

    Like

    Comment by Walt Heenan | July 14, 2009 | Reply

    • Mr. Heenan,
      There may be hope for recovering your data, as EFS uses the PKI scheme and creates a “recovery agent” (usually the Administrator account). When you recovered the files from the failed drive, you may have also copied the key.

      But yes, you don’t want to also encrypt your backup using EFS, nor do you want to back it up to a volume controlled by C:\Windows… such as a RAID 0.
      (Actually, you want two backups, and you want them on different media, in a separate location.. such as DVD’s tucked out of sight, and an external hard drive kept at a friend’s)
      Generally, you don’t want to encrypt backups, or even password protect them, as we are human and will forget (or misplace) the code phrase.

      I don’t know the recovery method you used, how the two HDD’s were originally configured (or which one failed), so I cannot give you a “do x, then do y, and then do z” answer. But look for a private e-mail from me.

      Like

      Comment by techpaul | July 14, 2009 | Reply

      • Hi again,

        Just thought I would update you on what finally happened to me. I was able to recover almost all my data using a product that I believe you recommended to me in an email – Advanced EFS Data Recovery. Since I knew the passwords and it was able to find the keyfiles on the drive, it was able to decrypt the files. The software was not cheap, but it worked well and was well worth the cost to me. Thanks.

        Walt

        Like

        Comment by Walt Heenan | September 20, 2009 | Reply

        • Mr. Heenan,
          I am very glad to hear that I was able to point you in the right direction and that you had happy results. I have found in life that it happens quite often — it is worth the price for “professional grade”.

          Thank you for taking the time and letting us (my readers and I) know.

          Like

          Comment by techpaul | September 20, 2009 | Reply


Post your Comment/Question

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: