Is Cloud Storage a Safer Option for Protecting Windows Files?

  • Thread starter Thread starter WWGD
  • Start date Start date
  • Tags Tags
    Security Windows
Click For Summary
SUMMARY

Cloud storage options, such as Dropbox, provide a viable method for protecting Windows files, but they are not immune to hacking risks, especially if sign-on passwords are compromised. The most effective strategy for safeguarding sensitive data involves regular backups and encryption using third-party tools like PGP or VeraCrypt, as built-in Windows features can be overridden by administrators. Additionally, storing backups in secure locations, such as local banks, and utilizing multiple media types, including CDs, DVDs, and USB external drives, enhances data security. Ultimately, the combination of robust encryption and diligent backup practices is essential for protecting files against unauthorized access.

PREREQUISITES
  • Understanding of third-party encryption tools like PGP and VeraCrypt
  • Knowledge of Windows operating system user roles and permissions
  • Familiarity with backup strategies and media types (CDs, DVDs, USB drives)
  • Awareness of cloud storage security risks and best practices
NEXT STEPS
  • Research best practices for using PGP and VeraCrypt for file encryption
  • Learn about effective backup strategies, including offsite storage options
  • Explore the security features and vulnerabilities of cloud storage services like Dropbox
  • Investigate the implications of Windows user roles on data security and access control
USEFUL FOR

IT professionals, data security specialists, system administrators, and anyone responsible for protecting sensitive information on Windows systems.

WWGD
Science Advisor
Homework Helper
Messages
7,772
Reaction score
13,003
Hi All,
There are certain options to protect information on Windows: restricting access to files, encryption, etc. Still, since it is possible to disable or change the admin password, is there any reasonable measure left to protect files (Assuming here that admin logins have unrestricted access. Right?)? Or is it a better option to leave them somewhere on the cloud: Dropbox, etc?
 
Computer science news on Phys.org
Your best bet to protect files is to do backups and keep them around. Also you should consider encrypting ones with personal info so that hackers can't take advantage of the information. While you could place them in the cloud, there is always the chance that a hacker could gain access to them once they compromise your signon password.

You could also consider storing some of your backups at the local bank for further protection and establish a schedule of doing backups and storing them at the bank.

And consider storing them on multiple media like CDs, DVDs, USB sticks, USB external drives realizing that:
- USB external drives are susceptible to magnetic fields, and
- CDs/DVDs are susceptible to heat and scratches.

Some folks have even recommended digital tape over external drives. Keep a working CD/DVD player/recorder around and similarly for the digital tape drive.
 
  • Like
Likes WWGD
jedishrfu said:
Your best bet to protect files is to do backups and keep them around. Also you should consider encrypting ones with personal info so that hackers can't take advantage of the information. While you could place them in the cloud, there is always the chance that a hacker could gain access to them once they compromise your signon password.

You could also consider storing some of your backups at the local bank for further protection and establish a schedule of doing backups and storing them at the bank.
Thanks, but doesn't anyone with an admin login, or, after disabling/changing admin password have the ability to decrypt files? EDIT: This is simple to do, just by logging in safe mode, or , if logged in ( as a non-admin) going into the command prompt.
 
If you encrypt with some utility like a zip tool that is outside the purview of Windows administration.
 
  • Like
Likes WWGD
jedishrfu said:
If you encrypt with some utility like a zip tool that is outside the purview of Windows administration.
Thanks again. Is it the case that ( EDIT: just-about; sorry for the fuzzyness here, I know you cannot be expected to cover every possible scenario; just a sort of ball-park here ) any security measure within Windows can be overcome either with an admin password or by disabling password use ( which is scarily easy to do) ?
 
Last edited:
WWGD said:
Thanks again. Is it the case that ( EDIT: just-about; sorry for the fuzzyness here, I know you cannot be expected to cover every possible scenario; just a sort of ball-park here ) any security measure within Windows can be overcome either with an admin password or by disabling password use ( which is scarily easy to do) ?
Yes. Remember, the admin is supposed to be able to do anything on the system, this is their role. They can reset passwords, view file contents, etc. That's their role. If you want to hide something from the system admin, then you have to use a method that is not part of the operating system because the admin has the maximum level of access possible on the system.

This is why jedishrfu suggested a 3rd party tool (something not part of of your operating system) to encrypt your data. Then you are using a tool that the admin does not have access into.

But yes, any builtin windows features are under the control of the system administrator and they have the rights to do whatever they want on the system. This isn't a bug, its a requirement of how the system works. So don't hire an admin that you don't trust :)
 
Like any modern OS, given the admin password you can a lot of things to compromise the machine like make drives shareable, install spyware, look at other users unencrypted files or even change them. You can alter the time stamps on files to hide the fact that you edited them...

The one thing you can't do is decrypt an encrypted file without knowing the password unless you, as the bad admin, had compromised the encryption tool beforehand.

This means your encrypted files are safe from viewing but not safe from deletion or getting corrupted or in the case of ransomware encrypted again. Also it means the bad admin can't get your password to use to sign on as you unless the OS has poor security practices allowing it to decrypted from its hashed value.
 
A third-party encryption software like PGP or VeraCrypt are really the best option for keeping data protected from system administrators, but depending on the sensitivity of the data, even these may not be sufficient to protect your enryption keys safe from administrators using a keylogger, in which case you may also need a hardware/two factor key.
 
As others have said, the most essential thing is to ensure that all your important data is regularly backed up in some medium other than your PC local drives.
That way you can't lose anything even if your OS file system is totally trashed.
It's a pain. but you just restore everything to how it was.
Before the arrival of online malware it was necessary to do that anyway, hard drives were not very reliable, and could suffer from a 'head crash'.
 
  • #10
Yes, my bad, I wrongly assumed Bitlocker was third-party. Thanks to all.
 
  • Like
Likes jedishrfu

Similar threads

Modern file backup options: cloud? / HD?
  • · Replies 69 ·
3
Replies
69
Views
6K
Security of computer data and passwords
  • · Replies 3 ·
Replies
3
Views
3K
How Can I Design a Secure Configuration for Linux Servers and Web Applications?
  • · Replies 2 ·
Replies
2
Views
3K
Requesting suggestions for languages, libraries, and architectures for parallel (and sometimes non parallel) numerical and scientific computations
  • · Replies 8 ·
Replies
8
Views
4K
BRS: PKI Cryptosystems for SA/Ms: A Tutorial
  • · Replies 13 ·
Replies
13
Views
4K
Countdown to Doom Release: Revisit the Original and Celebrate with Easter Eggs
  • · Replies 14 ·
Replies
14
Views
5K
Do Movies Teach Us Realistic Life Skills?
  • · Replies 1 ·
Replies
1
Views
10K