I am trying to construct a way to keep certain hard drive partitions/usb drives from being accessed for security reasons (protecting intellectual property). I was thinking that when windows attempts to access the "locked down drive/usb" the attempted is halted and returns something like "drive inaccessible" or something. It's just an idea, anyone thing it is plausible/possible? If so, any pointers?
C/C++
-Thanks
For USB drives you could encrypt them.
At work we use Pointsec provider, which allows you to access the drive on any machine only if you have a password.
I'm sure there are freeware encryption products available
You could probably encrypt the partitions too.
(basically I'm not sure why you would want to write some c/c++ code for something that could be adequately managed by other methods)
Yes, i was thinking something similar to this, however how does the usb drive request a password if the partition is encrypted(or how does windows know it needs a password?).
Is there is a way to just trigger a password request/how(course i know companies have done it), i wouldn't need get dirty with encryption!
I'm hoping to create this self sustainable within the usb itself.
I am wanting to do this as like...do-it-yourself project :)
OR! even password protect the partition table itself -well the data containing part(usb would have to be split into two partitions, one for the password managing[A] and one for the normal data[B]) without the correct entry, the [B] table would seem invalid to the OS/appear blank and disallow access!
The partitions problem is easy. Just use ACL's to prevent access by certain users.
For drive access, there is probably some setting somewhere in windows to disable it. In the worse case you could try to forcibly remove the drivers (and as such the capability of windows to read the drive/stick)
You need to encrypt the drives, anything else would allow attackers to just attach the drive to another machine and extract the contents.
You shouldn't implement encryption yourself - it's much better to rely on someone else's reviewed code. I suggest TrueCrypt for encrypting your drives.
Then maybe you want to put a hook in your application to prompt for the password when it wants to access the encrypted data. Or you install TrueCrypt on the machine, and make the user connect the drive when they want to access the data, depending on the precise way of working with the data.
You will need to write a filter driver to achieve your goal. You will need to put your driver somewhere in disk driver stack and fail the IRP_MN_START_DEVICE for the drive/partition you want to block.
You will need Windows Driver Kit to write drivers. There is a sample of filter driver in the WDK. This mailing list as a very useful and if you will search the archives you will find a lot of information about disk filter drivers.
A good article about writing filter drivers is here, i think you will need to register to read, but if you want to write driver you should be registered on this site.
Relevant book list can be found here.
Be aware. Anything involving kernel work, if you are not already experienced in that field, has a development time measured in years.