Windows 7 - best way to prevent a drive from being cloned?

[fuzzybabybunny]

I'm setting up a work machine for the first time and I don't want anyone to have access to even view certain folder contents, much less be able to copy it to a thumb drive or whatever.

I'd like to prevent the drive from being cloned.

Any way I can do this?

 

[Veliko]

You can't prevent the drive from being cloned, not even encryption. If the data is that sensitive use something like terminal services or Citrix.

 

[alkemyst]

If they have physical access, not much you can do. However; modern encryption methods would make the data unusable.

What are you trying to protect? I have found the overhead and risk of loss of data > than the security this offers for most of the people that really aren't doing mission-critical work on their machines.

 

[sourceninja]

encryption..they can copy it, but it's worthless without the keys.

 

[owensdj]

What folders are you trying to protect? You may be able to use user rights to prevent non-Administrator users from having access to those folders. Make sure the Administrator account has a secure password.

Set your BIOS to only boot from the hard drive, and password protect the BIOS. Put a small padlock on the case to keep someone from opening it. That should keep it secure from all but someone breaking into the case to reset the BIOS.

 

[corkyg]

Security is best done in layers. You can lock up the equipment in a vault so no one can access it. It then becomes less useful. So, you accept some risk and password and/or biometrically protect the system from being turned on. You can use a mobile rack and remove your HDD. You can use encryption. You can use combos of things - but all are really compromises. Always bear in mind that given enough time, money, and resources, there is nothing that cannot be accessed.

The basic key is access. If a drive cannot be accessed, it cannot be cloned. If I have a laptop, I can take it with me or lock it in a safe. That really limits access by "the profane."

 

[Lifted]

Between this and your other thread, it seems to me you should be looking into a server or NAS to store any sensitive files you want protected. It appears you have a single computer that other people will be using, but you don't want them to copy/read some of your sensitive files, yet you still need them to work with them to some extent.

In short, with physical access to the computer/drive the files reside on, you cannot be sure that one of your employees will not copy or destroy some of them.

You can purchase pretty good SOHO level NAS for < $500.

http://www.synology.com/enu/products/index.php

The DS211j supports 2 drives in RAID 1, and costs ~$200. A couple of 2TB HDD's would be another $150-$200.

 

[Chiefcrowe]

Seems like encrypting is the easiest way to prevent unauthorized access.

 

[Lifted]

nm

 

[corkyg]

Encrypting can't stop access. (Access in the security world is physical contact or proximity.) But it can delay the accessor. The amount of delay relates to the degree of encryption.

 

[Chiefcrowe]

yes you're right.. but if it's encrypted really well, at least the data will not be able to be read.

 

[Gamingphreek]

yes you're right.. but if it's encrypted really well, at least the data will not be able to be read.

You can have the best encryption algorithm in the world, but it doesn't mean anything if the entropy on the key you create is terrible.