Is it feasible to lock down a user account on a Windows 7 or Windows Vista laptop so that it's not possible to copy files off of it? (e.g. disable all internet access, disable USB ports or at least ensure drives can't be mounted to them, etc).
Is there a published procedure to do that?
Also, if the files are encrypted on disk using Windows encryption, is knowledge of the guest user password on the laptop enough to access those files if the hard drive is plugged into another computer?
I do realize that a sophisticated hacker can probably counter pretty much any security measure. The intent is to prevent copying files off of the laptop by power users, not by hackers.
-
In a word, no.
If you're okay with locking down the entire drive, you can get very close with whole-drive encryption. Without this, someone will always be able to pull the drive out of the machine and connect to another one running off-the-shelf data recovery tools. Even with whole-drive encryption, it's just a matter of time with the right tools.
Jes : If I may add, there are also several Device Control solutions that would aid in securing the laptop. I'm particularly fond of Sophos, but have also used Guardian Edge and others. These allow you to specify by policy what devices can connect to the laptop. This is excellent for helping lock down USB ports.From Joel Coel
0 comments:
Post a Comment