Degree of safety of an unencrypted hard-drive and the general theory behind it

Question

I always thought that everything on computer hard-disk is encrypted which can only be read(and understood) after passing my username and password to decrypt it. However, this is clearly not the case. Computers use access control to restrict access, but there must be encryption to prevent people from hacking into root privilege.

I read about data security on an unencrypted hard drive and got conflicting information.

Aikore Edmund states that:

When HDD is tranfered from computer to computer accessing Administrators (Users) Directory is very difficult, if the information must be accessed the new computer (i.e accessing HDD) has to claim ownership as a security measure for accessing data.

Leo states that:

They can remove the hard disk from your machine, connect it to another, and once again access the contents of your hard disk without needing to log in to your copy of Windows at all.

Aikore seems to say that although data is not encrypted, the user still has to satisfy security measure for accessing data. On the other hand, Leo seems to say that there is no security measure at all. It seems that Aikore is talking about Access control which can be overridden when exposed to physical threats described by Leo

Thanks to @DBLuois I found @Polynomial response to a similar question

Access controls can be anything from a padlock on a gate to a permission set on a filesystem.

I fail to understand Polynomial's metaphor. If Acces control is like the lock to data then what are the walls made of? Is it something physical such as the hard drive, and the lock is the encrypted program to operate harddrive pointer or is it something else?

Let me rephrase my questions more clearly:

1. how does an Operational System protect my information if they are not encrypted?

2. How does Operational Systems enforce such securities?

This might sound like a basic and uneducated question but I feel like not many people know how safe their data really are when they should be. Thanks.

Answer 1

Aikore and Leo are both right, but they are referring to two different situations, both starting with "getting a HDD and putting it into another computer".

To keep thing simple, you have a hard drive with exactly one document. That one document has a contents, and sits inside a file system that details both its position on disk and its access control rules - it says, "This document is Alice's".

"Putting the hard disk on a different computer" tells me nothing about what this other computer does.

If it is a Windows computer, it could try and treat this new disk as its own; so it will read everything from the disk, including the tidbit that the document is "Alice's". But who is Alice on the new computer? Chances are there's no such user. So, the new Windows might refuse to let Bob read the document.

Now Eve mounts the disk on a Linux computer and instructs it to ignore those pesky ACLs. The ntfs-3g driver on the computer reads almost everything from the disk - it reads where the document is, what is its name, where its starts and where it ends, and presents it to Eve. Who can now read and even edit the document. ACLs did not protect the document now, because they are enforced at the OS's whim, and this OS chose not to enforce them. It is also possible to get Windows to ignore them, albeit it's very slightly more complicated.

How does Alice protect her document? She needs to encrypt it. Now the contents is still accessible to Eve (and Bob), but without the key they can't make heads or tails of it.

As you observed, this encryption might be transparent: if the key is linked to the user's identity, everything is decrypted on the fly and reencrypted on storage, and the users might not even be aware that their data is encrypted.

Answer 2

If you have a unencrypted drive, all the data is on the drive in clear text.

In addition to the data, the operating system stores metadata about the content, such as which date it was created, which user owns it, and who has permissions to access it. The operating system enforces this. Typically administrators can bypass such access restrictions, and read everything - for instance for backup purposes.

However, those protections depends on the operating system. If you plug the drive into a different computer, the administrator can still read everything - but now the administrator can be a totally different person!

If you encrypt the data, using Bitlocker, Encrypting file system, or similar systems, the actual data is encrypted - and a key is needed to decrypt the data. Whilst the raw encrypted stream can be copied, this does not give access to the data.

A analogy is a secretary, checking if you should have access to a folder, before retrieving the folder from the filing cabinet. As long as you have to go trough the secretary (the operating system), you will only access what you have privileges to access. However, if you steal the filing cabinet, you bypass the secretary.

Encryption in this analogy would be that the folders of the filing cabinet is encrypted, and the secretary transparently unencrypts them before handing them to you. Even if you steal the cabinet, you will not gain access to the information.

Answer 3

elaborating on the lock/wall analogy: if the files aren't encrypted then you've put a locked door on a pier (in this case the pier is a HDD), preventing access too the pier by those who can't swim (Windows). however, a swimmer (Linux/BSD/Mac OS X) can easily go "Oh, a door on a pier, cute..." and just jump into the water and go around the door. now if you put put a locked door on a steel reinforced concrete box, and put THAT on the pier then no amount of swimming can bypass that box's protection.