An attacker who has physical access to a computer may be able to start it by using another operating system. Then, the attacker may be able to access files and other data. For example, an attacker who has physical access to a computer may be able to use any of the following methods:
Remove the hard disk, and then attach it to another computer.
Use a Microsoft Windows CD or a third-party operating system CD to start the computer, and then access the hard disk or perform a parallel installation.
Use an MS-DOS startup disk or a Microsoft Windows 98 startup disk to start the computer. If the drives are formatted with the NTFS file system, the attacker may be able to use a driver that mounts NTFS volumes to access files on the drives.
Use a Microsoft Windows 2000 CD to start a computer that is running Windows Vista or Microsoft Windows XP, and then run the Windows 2000 Recovery Console. Because the security accounts manager (SAM) database format has changed in Windows XP and in Windows Vista, you are not prompted for an administrator password when you run the Windows 2000 Recovery Console on a computer that is running Windows XP or Windows Vista.
An administrator can use the methods that are described in the "Symptoms" section to perform system recovery. However, without physical security controls or data protection features such as file encryption and volume encryption, these methods can also be used by an attacker to access files and other data. For example, some recovery console operations require an administrator password. However, this requirement does not guarantee that a determined attacker who has physical access to the computer would be unable to gain access to the information. Without suitable physical access controls, and without encryption, a computer has no enforceable security boundary. This issue is not specific to computers that are running a Windows-based operating system.
To help prevent an attacker from using the methods that are described in the "Symptoms" section, use data protection features, and implement security measures to restrict physical access to the computer.
We recommend the following methods to help reduce the threat that such attacks pose:
Use the System Key tool (Syskey.exe) together with a computer-generated random key that is stored on a floppy disk. This method prevents an unauthorized person from starting Windows. Keep the floppy disk in a secure location. You must insert the floppy disk in a drive when Windows starts for the startup sequence to finish. The System Key tool is included with the following Windows operating systems:
Microsoft Windows NT 4.0 Service Pack 3 and later service packs
Windows 2000
Windows XP
Microsoft Windows Server 2003
Windows Vista
For more information about how to use System Key, click the following article number to view the article in the Microsoft Knowledge Base:
143475
(http://support.microsoft.com/kb/143475/
)
Windows NT System Key permits strong encryption of the SAM
Use the NTFS file system, and encrypt files by using the Encrypting File System (EFS) feature. EFS is a feature of the NTFS file system in Windows 2000, in Windows XP, in Windows Server 2003, and in Windows Vista. You can use EFS to encrypt files, folders, or whole data drives. EFS uses industry-standard algorithms and public key cryptography to help keep encrypted files confidential even if an attacker gains unrestricted access to the files.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
308989
(http://support.microsoft.com/kb/308989/
)
How to encrypt a folder in Windows XP
Note Windows XP, Windows Server 2003, and Windows Vista do not require a default recovery agent before you can use EFS. This behavior is unlike Windows NT. In Windows XP, in Windows Server 2003, and in Windows Vista, an attacker cannot access EFS-encrypted files even if the attacker overwrites an administrator's password and gains administrative access to the computer.
Use BitLocker Drive Encryption to encrypt all the data on a system volume. This method prevents unauthorized users from starting the computer by using a different operating system. This method also prevents unauthorized users from swapping the drive to a different computer to read the data. BitLocker is included with the Enterprise and Ultimate editions of Windows Vista. You can use BitLocker together with System Key and the Encrypting File System. For more information about BitLocker, visit the following Microsoft Web sites:
Back to the top
