spootnack Posted January 7, 2011 Share Posted January 7, 2011 Hello guys.I have a problem about admin password on Windows 7.I want to protect password erasing / stealing against systems like :- Ophcrack (password stealing)- Kon-boot (bypassing password protection)- Systems like : Windows Key Enterprise Bootable CD (password erasing)- Others alternatives / solutions ???So my question is : Is there others solutions than :1) Protecting system to boot on CD/DVD/(removable devices ?) by disabling it in BIOS. (if available)2) Password protect BIOS. (if available)3) Padlock on the tower to protect from "Clear-CMOS". (if possible)I know this is "extreme" but I was confronted to this problem and want to find a solution. My goal is to make the admin session "unusable".Is it me or there are the possibility to block CD Booting on not much motherboards ??? (Yes cause final solutions are depending on the motherboards, isn't it ?)Thanks.PS: I have no problem with standard softwares cause I use LUA and AppLocker.PSS: On a standalone computer, without AD... :rolleyes:PSS: Keeping CD/DVD players and USB,e-sata ports... ^_^PSSS: Can we add protection with something like USB key (truecrypt, bitlocker ?) (maybe not a webcam or fingerprint solution...^^) Link to comment Share on other sites More sharing options...
HX1 Posted January 7, 2011 Share Posted January 7, 2011 BIOS Password wit configuration set to not boot from CD first ... killing auto play prevents the disk from spinning up or loading anything on it rather.. Technically there are only a few ways to protect one.. Most solutions will keep knowledgeable people out.. but not the motivated... I would look into a setup that would not depend on such a system to exist or remain in existence or secure..I used a ID USB Key ( still do ) for quite awhile that was better that regular password and the key was non-transferable to other drives or systems... The only option is to reboot ..which gives you a CMOS Pass and/or drive encryption... shoudl you question at that point there are settings changes which allow you to know rather that has happened or not..BTW... without a warrant you can press Federal charges on these individuals...Truly securing said system may also prevent access by you which is another reason it may be harder to find a solution.. The real true threat you have on Windows 7 was someone who would have the time use Rainbow Tables to acquire the password and reset... Much more secure in this manner than Xp I believe though I haven't taken the time to test it myself...There are also some settings in LSP that will allow you set certain rules which would make it a lot harder to impossible to do so.. if in question or doubt remove the drive and secure it.. Link to comment Share on other sites More sharing options...
spootnack Posted January 8, 2011 Author Share Posted January 8, 2011 BIOS Password wit configuration set to not boot from CD first ... killing auto play prevents the disk from spinning up or loading anything on it rather.. Technically there are only a few ways to protect one.. Most solutions will keep knowledgeable people out.. but not the motivated... I would look into a setup that would not depend on such a system to exist or remain in existence or secure..I used a ID USB Key ( still do ) for quite awhile that was better that regular password and the key was non-transferable to other drives or systems... The only option is to reboot ..which gives you a CMOS Pass and/or drive encryption... shoudl you question at that point there are settings changes which allow you to know rather that has happened or not..BTW... without a warrant you can press Federal charges on these individuals...Truly securing said system may also prevent access by you which is another reason it may be harder to find a solution.. The real true threat you have on Windows 7 was someone who would have the time use Rainbow Tables to acquire the password and reset... Much more secure in this manner than Xp I believe though I haven't taken the time to test it myself...There are also some settings in LSP that will allow you set certain rules which would make it a lot harder to impossible to do so.. if in question or doubt remove the drive and secure it..Thanks for the answer. Am I right if I say :So there are only two solutions :1) CD/DVD boot protection (disabled and bios password protected)2) Encryption with systems like Bitlocker or TrueCryptRight ?And if I set encryption alone (without solution 1, for exemple due to hardware limitation)Is it secured ?Can it be transparent for the user (for exemple keep the USB key on the computer ?)If the "hacker" has the USB Key, does it change something ? He will be confronted to admin password without the possibility to use a hacking tool, no ?...taking the fact that standard user (potentiel hacker, without knowing admin passord) must have access to the computer (+ USB key)and his LUA.Thanks again.PS:There are also some settings in LSP that will allow you set certain rules which would make it a lot harder to impossible to do so.. if in question or doubt remove the drive and secure it..= Local security policies ? Which settings ? Link to comment Share on other sites More sharing options...
HX1 Posted January 8, 2011 Share Posted January 8, 2011 Thanks for the answer. Am I right if I say :So there are only two solutions :1) CD/DVD boot protection (disabled and bios password protected)2) Encryption with systems like Bitlocker or TrueCryptRight ?And if I set encryption alone (without solution 1, for exemple due to hardware limitation)Is it secured ?Can it be transparent for the user (for exemple keep the USB key on the computer ?)If the "hacker" has the USB Key, does it change something ? He will be confronted to admin password without the possibility to use a hacking tool, no ?...taking the fact that standard user (potentiel hacker, without knowing admin passord) must have access to the computer (+ USB key)and his LUA.= Local security policies ? Which settings ?1) Yes BUT... Depending o the drive and system you have DriveLock Encryption already.. also protected by the CMOS TypePassword2) The only Full Disk Encryption I have ever actually trusted is PGP Desktop.. Screw around with the password and its gone... Hours to decrypt and encrypt your drive.. True encryption.. not just simple access encryption..BitLocker I haven't tried BUT.. I have heard of using BitLocker encryption with a USB key.. in fact I believe it is available from within the settings in Windows 7 Manager.. I would do this on a test machine...LSP will have to look and see if I archived the information.. but for instance if someone was trying to hack you password.. You can set the timeout.. and lockout along with several other settings relative to logon and password/account control..The ID USB Lock is part of ID Security Suite made by FastLink... The key is part of the Vol ID which is encrypted and stored in a simple file on the USB Key... Now when you take a key file ( TXT ) and put it on another key then you have a problem because the key itself does not match the volume ID of the USB Key.. therefore.. it will lock access upon failure.. which is bad if you have a overloaded system which is non-responsive ( BTW ) anyway.. the only option you have left is to reboot the system.. It changes setting such as Task Manager access and possibly a few others I haven't noticed right off.. but You would know if someone tried.. not to mention that if you have your system password protected .. in CMOS.. it will be stuck there without power removal... Link to comment Share on other sites More sharing options...
spootnack Posted January 8, 2011 Author Share Posted January 8, 2011 Thank you very much.I'm thinking to do some tests with BitLocker.++ Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.