December 8, 1999 Web posted at: 10:00 a.m. EST (1500 GMT) by Stuart McClure and Joel Scambray

From...

(IDG) -- We've talked a lot about network-layer security measures, such as Tiny Software's Winroute and Network Ice's BlackICE, for defending personal systems. These programs are great for blocking a nosy neighbor's or a malicious intruder's attempt at a toehold. But these are only the first lines of defense. If you believe in a deep defense, you'll take steps to secure an attacker's ultimate goal: access to the file system.

Literally hundreds of tools are available that can monitor or secure file systems. Here we present some of the tools we've used first-hand and found competent at keeping prying eyes from our data.

MESSAGE BOARD Insurgency

DuoMark International's 9Lives runs only on Windows 9.x, but we wish it had an NT counterpart. The 9Lives product allows users to enter into a protected mode, in which an installable virtual driver intercepts all file-system calls in a private area of the disk and records all attempts to modify, create, or delete files. It then asks, when returning to normal mode, if you want to make the changes. If you choose yes, changes are written to disk and everything continues as normal. If you say no, then no changes are made and all new, modified, or deleted files are saved to the folder 8thlife.

DuoMark 9Lives' purpose is mostly to protect from ugly software installations. However, we think 9Lives' security implications are interesting: How about browsing the Web in Protected Mode to ensure against unauthorized file-system access? It might also be great at spotting Trojans in the 8thlife folder. The idea of a "firewall for the file system" has merit to us -- we'd probably keep it on all the time!

Of course, even if you can prevent unauthorized file I/O, that doesn't mean someone can't read your disk, either over a network or locally. The only real solution to this problem is encryption.

MORE COMPUTING INTELLIGENCE

IDG.net home page

InfoWorld home page

InfoWorld forums home page

InfoWorld Internet commerce section

E-BusinessWorld

Reviews & in-depth info at IDG.net

IDG.net's personal news page

Year 2000 World

Questions about computers? Let IDG.net's editors help you

Subscribe to IDG.net's free daily newsletter for IT leaders

Search IDG.net in 12 languages

News Radio

Fusion audio primers

Computerworld Minute

There are a lot of disk-encryption players, and you don't want to trust your data to some fly-by-night cryptanalyst. One of our favorites is SafeGuard Easy, from Utimaco Safeware. SafeGuard Easy is flexible, fast, and transparent, and offers three modes of operation: standard (for hard-and floppy-drive encryption); boot protection (for boot sectors, file-system tables, and root directory); and partitioned (for individual partitions and floppy drive). Because boot protection doesn't have to encrypt and decrypt the entire disk, it causes the least impact on performance, but doesn't protect against booting to an alternate OS and attempting to overwrite drive information. Standard encryption didn't prove to be much slower, and it keeps the entire file system under wraps.

SafeGuard Easy optionally employs Pre-Boot Authentication (PBA) to generate encryption keys at boot time so the keys are not stored on disk. SafeGuard Easy has a decent complement of encryption algorithms. Choose from simple XOR if speed is more important than security, or use Data Encryption Standard, International Data Encryption Algorithm, Stealth-40, or Blowfish-16. Keys can be defined by the user or randomly generated.

When using PBA, the system boots to an inscrutable DOS-like password prompt. Beyond that, we didn't even notice that SafeGuard Easy was around. A recovery option is provided, and can be enhanced so that only floppy disks encrypted with the system keys can be used to rescue the disk.

Another transparent file-encryption tool is seNTry2020, from SoftWinter. It boasts a simple interface, and mounts encrypted files as virtual drives. SoftWinter's seNTry2020 offers a good selection of algorithms, and also allows network access via the standard NT password. When dismounted, the encrypted virtual drives disappear, and the raw files become inaccessible.

We've run out of room to talk about Network Associates' PGP and RSA's SecurPC. And we haven't even touched on the Windows 2000 Encrypting File System. Plus, we've skipped file checksumming tools Tripwire and ISS System Scanner.