Improved folder security

I know just about everyone knows what a USB dongle is. It's typical use is to use it to "unlock" a computer or in some cases, a program. Or rather to let a program run. I need a way to to turn a USB flashdrive into a dongle that will control whether a folder, one I specify, is visible or not. I have a program called True Crypt, a wonderful open-source program. I have a folder that I need to hide. I want to make it that the folder is ONLY visable when I insert the USB flash drive into my computer. It's a large folder or else I would put it ON the drive. I use it on a regular basis, so I can't put it on a DVD. Any ideas? Guides? Tutorials?

If this is in the wrong section. I do appologize.

 

Interesting question...
I would like to see an answer to this too.
One thing that comes to mind is using bitlocker and saving the certificate on the USB stick.. if that's even possible...

 

I'm sure programs exist that will do that. None that I know off hand though.

The reason something like this isn't popular is that it is a very insecure method of authentication. The serial bus is unencrypted and the stream is easily spoofed, unlike a real key, like a SMART card.

 

I know this isn't exactly what you mean, but I'm a bit outdated so my idea is more retro... plus I don't know if new o/s registries are as hackable as the ancients

I would partition my hard drive to have a chunk the size of the folder you want secure.

Hack the registry to make the partition invisible (super easy in win9x or 2K) by hiding the drive letter - ie: "turn it off" and export the key, create a regfile called OFF (or whatever suits you)

Create the "ON" regfile you need to "turn it back on" and copy it to your usb stick as well.


Voila! now your file is visible or invisible at your command since the drive letter for the partition won't show up in "My Computer". Unless you tell someone it's there they'd never even know to look for your secure folder on it

*Put your stick in, merge the file to "ON" - edit your secret formula for turning tunafish into gold.... merge your "OFF" file (don't forget to refresh explorer after regfile merges) and pull your "uskey" stick out.

 

If you're that concerned about a file, why allow any access to the computer at all without a flash dongle.

I've not scene a flash drive utility to hide a folder, but have seen several that will lock a computer when the flash drive is not present

 

It's not the security of the whole system I'm worried about, just the folder. Also, anyone know of any tutorials or guides to use True Crypt as a dongle for the whole system? Basically, do what gerryf19 said.

 

you could use activelok for the entire computer

http://forum.lanctrl.com/viewtopic.php?f=7&t=145

 

I am not sure what precisely it is you want to accomplish, but this seems a very awkward way to deny certain people access to the folder you have in mind. Why not simply create either a special user for people you don't want to have access to the folder in question, and deny this user access to the folder, or, conversely, create a user just for people who are supposed to have access, and give only this user exclusive access to this folder?

P.S.: I forgot to ask, what OS are we talking about here? Unless you are on Windows 98/ME or earlier, NTFS already gives you all the folder security you could ever want.

 

How can I do that?

OS: Windows 7 Ultimate.

 

You have to be somewhat careful with this approach. If you deny access to a person or group, and you are a member of that group, deny supercedes approval, so be careful what you do.

Why don't you just create two user accounts...one for you and one for everyone else. Password protect your account. Make the everyone else user a standard user--they will not be able to access your account or take ownership of your file

 

Go to Control Panel, User Accounts. Create a user for the person you have in mind. And, of course, that account should be a Limited User account (which it will be by default). Every account you use by default, for your regular day-to-day work and web browsing, should be a limited user account.

Type "user account" in Windows Help and Support for more info, or ask here if you need more help.

That's why I never even mentioned groups in my post. Those are for advanced users...

 

That's not really a bad idea, thing is all I really want to do is hide the folder. What's interesting, is I've seen ways to make it so that you can make a dongle that if you remove it, it auto-locks your computer, and when you connect it, it auto-unlocks. Perhaps I could do something like that. Only thing is, what if I loose the dongle?

 

I've hid my own stuff in plain sight - it takes a little tech-art, but I'm a crafty bastich so that's right up my alley

I create a 32X32 pixel square as a transparent .ico file then change the icon of my folder to the transparent 32x32, name it using blank ascii characters and bobs yer uncle.

Have to put it away from other icons and general click zones though so no one hits it accidentally - I share with 3 others and they haven't found it yet. It's not ultra secure but if you just want easy access and privacy it works a treat. Obviously it could be found if someone knew any details of what was in it and did a search, but visually the file doesn't show or list it's name in the the explorer window so it's just a blank bit of the tree

 

Use the Truecrypt portable mode.
It can be set to to automatically start TrueCrypt or mount a specified TrueCrypt hidden volume when the USB is inserted.
http://www.truecrypt.org/docs/

 

invariably, people who are too clever with such techniques end up clevering themselves into files and folders they cannot access.

Just create two profiles. Don't get cute.

 

Why don't you just hide the folder, remember the name of it, then once your in the folder that folder is in, type the name of the folder?

 

The most important questions have not yet been asked: what's so important about that folder and the data it contains, and who do you think might want to access it? Only when given this information, people can help determining what's the best way to "hide" your data. There are countless ways to accomplish this, and they all differ in the balance between security, convenience and ease of implementation. Therefore, it's of utmost importance that people understand your EXACT needs so you won't end up with a solution that doesn't really help you (or, even worse, might set you at risk because you get a feeling of false security when there isn't any).

Examples:

• It is a folder that I just don't want others to spot, that doesn't contain any information no one except for you should ever have access to (personal information == bills, pictures of you etc.).
• The folder contains corporate documents. To other companies, owning these documents might be worth quite a lot, so one should assume that someone might actually try to break into it.

 

I don't think he's looking for a security plan, but rather a security mechanism.

 

Maybe, but in my humble opinion, any tips regarding security should not be given blindly, since when it's about security, it's not exactly best practice to recommend anything if you don't know anything about the requirements. While one solution might be to for example make the folder a child folder of a new parent folder and make the system change ACLs once the device is attached, this may - for whatever reason(s) - be inappropriate for BobaFett's situation and he might not realize that (since he's explicitly /asking/ for solutions).

You probably know that the security of the folder is dependent on the security of the whole system. If the system gets compromised, your folder has to be deemed as compromised too.

Is it that you aren't worried about the security of the whole system because you already have a security plan for the system, or is it because you don't care about the system's security?


I'm sorry for making things complicated, but security is a complicated topic and the effort needed for real security can easily be underestimated.

 

While I basically agree with you, I've long since given up getting that kind of sophisticated information from internet forum posts.

I just assume he doesn't want his wife/girlfriend to see his naked pictures and move on from there.....