The victory of the losers, or the story of the creation of FLASH memory (part2)
This type of memory was made in the form of a two-dimensional matrix of conductors, at the intersection of which a thin jumper (20-30 μm) was created from metal or…

Continue reading →

Briefly about the main thing
So, without maintaining a normal thermal regime in the case, we will not see good luck! To cool the air inside the case, any computer has at least one fan.…

Continue reading →

Cluster configuration
Typical cluster configurations typically include a shared disk subsystem connected to all servers in the cluster. The shared disk subsystem can be connected using high-speed cards, cables, and Fiber Channel…

Continue reading →

File system access

A lot of important information is stored not only on the file server, but also on the user’s workstations. And this data can easily be lost or disclosed if certain measures are not taken. First of all, it is recommended to use the NTFS file system for the system partition of the hard disk and the partition where critical data is stored, which provides a number of additional data protection features.

One of these features is access control. Using access control lists (ACLs), a user can restrict access to their data hosted on a computer. Access control lists allow you to restrict access to files for a specific user, computer, or user group. When setting permissions, the access level is set for groups and users. For example, one of the users is allowed to read the contents of the file, the other is allowed to make changes to the file, and all other users are denied any access to the file.

This is necessary if several users work on one computer or the company’s network does not have restrictions on registering users on certain computers and any domain user who has physical access to the computer’s console can register on it.

Windows 2000 uses the fifth version of NTFS. One of the new features of this version of the NTFS file system is the Encrypting File System (EFS). The EFS encryption system is based on the Public Key Infrastructure (PKI) and allows you to encrypt files and folders (Fig. 6).

An encrypted file system is a means of protection against attacks aimed at obtaining data bypassing the operating system – by loading an alternative OS from removable media or by connecting a data hard drive to another computer. Even if someone else gets access to the encrypted file (for example, by stealing the computer or the disk on which this file is stored), he will not be able to decrypt the file and gain access to information. The EFS system is integrated with the file system, which complicates the attack on EFS and simplifies management.

There are certain restrictions on file encryption. Files and folders are not encrypted in compressed form. Before encrypting a compressed file or folder, you must unzip them. Files with the System attribute and files located in the root system folder C: Winnt are also not encrypted.

The operation of encrypting or decrypting files can be performed using the graphical interface in the file or folder properties dialog box by clicking the Advanced button, or from the command line using the cipher utility. The encryption key for the file is automatically generated especially for each file or folder. Then, the received key, in turn, is also encrypted with the user’s public key, as well as the public key of the EFS data recovery agent. This encrypted data is stored as NTFS attributes for each object.

The question arises – how to get access to the encrypted file or folders if the user who encrypted the data became ill or quit? To provide this feature in Windows 2000, there is an EFS data recovery agent. But the existence of such an opportunity makes life easier for attackers, since the default recovery agent is the local system administrator. And getting local administrator rights with an empty password, having physical access to a computer or hard drive, as described above – is very simple!

Another way to access encrypted files is to use the chntpw utility written by Peter Nordal-Hagen (see above) to change the password of the user who encrypted the data.

So, it remains only to boot and decrypt the data using the public key of the recovery agent or user. But is there really no way to protect against tampering with encrypted data?

Not everything is so bad – if the computer is a member of an Active Directory domain, then the recovery agent is not the local administrator, but the domain administrator and the EFS data recovery public key is stored in the Active Directory database, and not locally. If the user – the owner of the encrypted data is an Active Directory domain user, and not a local computer user, all of his budget data is also stored on the domain controller and it will not work to use it to crack EFS data.

If the computer is not used in the domain, but the default SYSKEY key usage mode is changed (see above), the attacker will also not gain access to encrypted EFS files, even if he logs on to the system. Indeed, in this case, the public keys of the user and the recovery agent are encrypted using the SYSKEY utility, the key of which is not accessible to the attacker.

The use of CAD "MAX + plus II" for the development of digital devices on FPGAs from Altera
CAD "MAX + plus II" is an integrated environment for the development of digital devices based on programmable logic integrated circuits (FPGAs) of Altera company and ensures the implementation of…

...

The use of CAD "MAX + plus II" for the development of digital devices on FPGAs from Altera
CAD "MAX + plus II" is an integrated environment for the development of digital devices based on programmable logic integrated circuits (FPGAs) of Altera company and ensures the implementation of…

...

Moore's Law as interpreted by AMD
The regular annual EnterEX 2002 exhibition was held in Kiev from February 19 to 23. Within the framework of this exhibition, Euroindex and the publishing house My Computer held the…

...

File system access
A lot of important information is stored not only on the file server, but also on the user's workstations. And this data can easily be lost or disclosed if certain…

...