As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/
Options

Encrypt and/or Password Protect a Local Hard Drive?

BeltaineBeltaine BOO BOO DOO DE DOORegistered User regular
edited July 2010 in Help / Advice Forum
So, let's say hypothetically that I have access to a huge internet pipe.

I want to build a machine at the end of that pipe to serve as a remote download device for Usenet/BitTorrent.

I already know how to set it up to allow me to email .nzb and .torrent files to it to download.

What I want to do now is encrypt and/or password protect the removable drive on it that will be storing the files. In case someone wanders by and takes a peek at what the machine is doing.

The hitch is, my software will need to be able to access the drive, and then I'll need to be able to access it on another system when I pull it.

Machine is running Win7, but I could also run Ubuntu Linux if it has what I need.

XdDBi4F.jpg
PSN: Beltaine-77 | Steam: beltane77 | Battle.net BadHaggis#1433
Beltaine on

Posts

  • Options
    bowenbowen How you doin'? Registered User regular
    edited July 2010
    Can you elaborate that a bit more? Like, you want to protect it from the internet or someone walking up to it? Seems like it's already protected from the internet pretty much unless you're giving access to download those files once they're complete.

    bowen on
    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • Options
    BeltaineBeltaine BOO BOO DOO DE DOORegistered User regular
    edited July 2010
    Looking into TrueCrypt now.

    Beltaine on
    XdDBi4F.jpg
    PSN: Beltaine-77 | Steam: beltane77 | Battle.net BadHaggis#1433
  • Options
    underdonkunderdonk __BANNED USERS regular
    edited July 2010
    Can you define "wanders by and takes a peek"?

    Truecrypt is the best (free) solution out there for full hard disk encryption (and file containers), but when using it you're protecting against a pretty specific risk. If a machine has Truecrypt install, and it is up and running, and someone logs on (locally or remotely) to find out what it is doing, Truecrypt isn't going to do a thing for you. If you lose your laptop in the airport, someone grabs it and attempts to fire it up to see what's on it, or pulls the disk and throws it in another machine to bypass access controls (the authentication process, file permissions, etc.), they won't be able to read the contents of the disk. That's what Truecrypt does. The software will do nothing for you if the machine is up and running (except in certain cases when using file containers). Many people don't understand this.

    Again, define "wanders by and takes a peek".

    EDIT: Also, knowing whether you're trying to protect against your kid sister or a government would be helpful.

    underdonk on
    Back in the day, bucko, we just had an A and a B button... and we liked it.
  • Options
    illigillig Registered User regular
    edited July 2010
    i think you're confusing two types of restricting access:

    encryption is for preventing a person who has full access to the computer from seeing the contents of a folder/drive.... this also only works for files which are not currently open/in use since they need to be unencrypted to be accessed by your uploader/downloader, etc.

    simple user/login permissions prevent a person from accessing the files in the 1st place, while allowing all the programs you install to access them

    if you're building the machine, just set yourself (and only yourself) as the main user/admin, launch the uploader/downloader service and lock the machine..... unless someone has the account password, the worst they will be able to do is unplug the machine to turn it off...

    illig on
  • Options
    underdonkunderdonk __BANNED USERS regular
    edited July 2010
    illig wrote: »
    simple user/login permissions prevent a person from accessing the files in the 1st place, while allowing all the programs you install to access them

    This is not true. It depends in what context the application is running and what the permissions on the file/folder are.
    illig wrote: »
    if you're building the machine, just set yourself (and only yourself) as the main user/admin, launch the uploader/downloader service and lock the machine..... unless someone has the account password, the worst they will be able to do is unplug the machine to turn it off...

    It should be noted that if the system is in an environment that the OP doesn't have control over, the person who does can simply mirror a port/install a tap and get a packet capture of the communications involving this system. This is starting to sound like the OP is asking about a box he/she may have hacked or setup somewhere where something like this shouldn't be, and this thread should likely be locked.

    underdonk on
    Back in the day, bucko, we just had an A and a B button... and we liked it.
  • Options
    peterdevorepeterdevore Registered User regular
    edited July 2010
    If you're thinking of putting down a machine for this kind of thing in your office at work or at university, don't think that the network admin won't notice it downloading huge amounts of crap. At least, his job involves monitoring that and shutting its connection down in such a case. Depending on policy, you could get into quite some trouble for it.

    If they're really lax and you can OK it with the network admin, set up a NAS box. Modern NASes have support for Bittorrent, Usenet etc., are tiny and are only accessible through their network connection.

    peterdevore on
  • Options
    mspencermspencer PAX [ENFORCER] Council Bluffs, IARegistered User regular
    edited July 2010
    It depends on what threats you're protecting against.

    If you're worried about someone seizing the machine and that's it, an encrypted volume (TrueCrypt on Windows, or for Linux read encryptionhowto.sourceforge.net) will be enough.

    If you're worried about more than that, consider:
    * Run Linux -- many Linux distributions make it very easy to set up encrypted volumes
    * leave the machine unattended only with one non-keyboard non-mouse USB device in each and every available USB port, and make sure it's a device the system has drivers for and can detect insertion and removal of -- so if someone disconnects a USB device to make room to plug in their own thing, you can detect the device removal and unmount / wipe keys. (So no novelty USB devices that use USB for power only. Buy a bunch of cheap thumbdrives for example.)
    * You might consider having two encrypted partitions, a small one for "working" data and a huge one for persistent data you're keeping. Mount the huge volume, move data on or off, and then unmount it. Unless someone peeks at the machine while you happen to be in there moving data, all they can ever see is what's on the small volume.

    mspencer on
    MEMBER OF THE PARANOIA GM GUILD
    XBL Michael Spencer || Wii 6007 6812 1605 7315 || PSN MichaelSpencerJr || Steam Michael_Spencer || Ham NOØK
    QRZ || My last known GPS coordinates: FindU or APRS.fi (Car antenna feed line busted -- no ham radio for me X__X )
  • Options
    BeltaineBeltaine BOO BOO DOO DE DOORegistered User regular
    edited July 2010
    I'm the network admin. The machine is under my desk. I just was looking for a way to encrypt my removable drive(s) to keep anyone from being curious and plugging them in to see what was there.

    Beltaine on
    XdDBi4F.jpg
    PSN: Beltaine-77 | Steam: beltane77 | Battle.net BadHaggis#1433
  • Options
    underdonkunderdonk __BANNED USERS regular
    edited July 2010
    It looks like you're trying to circumvent company policy.

    Would you like help?

    ( ) Don't show me this tip again.

    underdonk on
    Back in the day, bucko, we just had an A and a B button... and we liked it.
Sign In or Register to comment.