September 2nd, 2002, 12:15 AM
How Secure Is NTFS?
I am just starting to get into Linux and a buddy of mine gave me a copy of Knoppix Linux. This is a full Linux installation that installs from a bootable CD and runs entirely in RAM. You just stick the CD in the drive, boot the box and you are running a full installation of Linux, complete with KDE 3.0 desktop, tons of apps like Ethereal, OpenOffice, GIMPÖ and the list goes on. But here is the scary part. You can boot any NT/2000/XP box that uses NTFS security with Knoppix, mount the hard drives and access any file or directory regardless of NTFS security settings! Then when you are finished you just eject the CD boot the box to its native OS leaving no tracks behind. It is amazing how a file system that is touted as being all about security can be accessed with such ease!
Thank God for encryption!
Like I mentioned earlier, I am new to Linux so this is probably nothing new to you guys, but does anyone know how you can tighten up NTFS security without implementing EFS?
September 2nd, 2002, 01:48 AM
NTFS is a big step forward from FAT 32 but its only a file system witch means it can be read by any ntfs compatible OS. The security in NTFS is about protecting files from users and not other OS's. Unfortunately itís really hard to secure a computer if a hacker has physical access to it without encrypting the whole hard drive.
Its not software piracy. Iím just making multiple off site backups.
September 2nd, 2002, 02:29 AM
You don't understand the security fonctions of a file system:
The file system is secure because it permits the use of access control lists (ACLs) on folders and files. By itself, the file system does not "make" the security. It simply allows the OS to enforce restrictions on files/dirs. So, if the box can be booted with another OS that does not enforce NTFS ACLs, the security goes out the window. The same holds true for Ext2 fs or any such... On the other hand, enabling EFS (Encrypted File System) on W2k/XP will defeate such "techniques" since the data on disk is encrypted... (EFS isn't perfect either however but will probably be enough to stop your basic hacker that gets physical access).
Credit travels up, blame travels down -- The Boss
September 2nd, 2002, 06:08 AM
Well said, Ammo.
September 2nd, 2002, 06:31 AM
That makes perfect sense!
By itself, the file system does not "make" the security. It simply allows the OS to enforce restrictions on files/dirs.
September 2nd, 2002, 06:44 AM
This is also true of Linux filesystems..... using utilities to add ext2 filesystem support to Windows, you can freely browse the Linux directory tree. Or if you want full read/write access, you can just boot a Slackware or Gentoo install disk and mount the partition with root privileges. Also, on the subject of encryption, there are kernel patches for the Linux kernel that add encrypted filesystem support for precisely this reason. www.kerneli.org has more info. Encrypted Linux filesystems will be the subject of one of my upcoming tutorials if I can ever find time to write it.
As Ammo said, filesystems are only secure when mounted under their native OS.
Do what you want with the girl, but leave me alone!