IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Hardware & Software Remarks
____________________________________________________________________ .........................................
S 4.56 Secure deletion under Windows NT and
Windows 95
Initiation responsibility: IT Security Management, Administrators
Implementation responsibility: IT users, Administrator
Windows NT
Windows NT copies all file information (name, path and attribute)to a master
file table. These entries are not encrypted. Programs that can directly access
the hard disk can gain access to all files by by-passing the security
mechanisms of Windows NT. This applies particularly to programs that run
under a different operating system than Windows NT on the same computer.
When deleting a file under the file system NTFS, the file will not be
physically deleted or overwritten. Instead, access to the file will be removed,
similar to MS-DOS. In contrast to MS-DOS, however, under Windows NT it
is ensured that access to this deleted file is no longer possible, neither with a
reconstruction program nor by direct disk access. Despite this, deleted files
can be recovered under a different operating system than Windows NT by
programs that directly access the hard disk.
For these reasons, Windows NT must be installed as a single operating
system. Starting other operating systems from floppy disk must be prevented
(see S 4.52 Peripheral protection under Windows NT and S 4.55 Secure
installation of Windows NT).
Windows 95/ Windows NT
Under Windows NT version 4.0 and under Windows 95, as long as the user
does not expressly execute direct deletion of a file, files to be deleted will first
be stored in a user-specific area; the so-called "Recycle Bin". They will be
removed from this area when the amount of deleted data exceeds the allocated
memory space for the hard disk concerned, or when the user explicitly empties
the Recycle Bin. The content of the Recycle Bin should be emptied regularly
so that the hard disk does not become too full and the user's overview is not
lost. The maximum memory space reserved for the Recycle Bin can be set to a
suitable low number e.g. 2 Mbytes under "Properties" of the Recycle Bin icon.
Files containing sensitive data should not be stored in the Recycle Bin. They
should be directly (physically) deleted by holding down the shift key when
deleting.
Under Windows 95, it is possible to reconstruct deleted files from the Recycle
Bin via help programs. Therefore, files with a particularly sensitive content
should be completely overwritten before being moved to the Recycle Bin (see
also S 2.3 Data media control)
Additional controls:
- Under Windows NT version 4.0, or Windows 95 has the memory space
reserved for the Recycle Bin been set to a sensible value?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000