• Ratool — Because firewalls can’t stop everything

    Home » Forums » Newsletter and Homepage topics » Ratool — Because firewalls can’t stop everything

    Author
    Topic
    #2431343

    ISSUE 19.11 • 2022-03-14 FREEWARE SPOTLIGHT By Deanna McElveen Everyone is walking around with the storage of a 1990s supercomputer in their pockets.
    [See the full post at: Ratool — Because firewalls can’t stop everything]

    3 users thanked author for this post.
    Viewing 6 reply threads
    Author
    Replies
    • #2431418

      I run a small server in a salvage yard that sits open in an office. I would like to use this tool but I also keep an external 1tb SSD Drive pluged into a SS USB port for (redundant), daily encrypted backups. It would be nice to maybe use the serial number of the drive to allow it, and only it, to be accessed normally while preventing access to all the other ports/external drives.

      Thank You!
      Curtis W

    • #2431449

      Deanna and all – this topic is very timely for me.

      I use an external SSD to manually back up my wife’s production PC monthly just before I run monthly updates for Windows and Office.  I plug in the SSD (by USB), and I use Macrium Reflect Free to do the backup.  (An initial full backup and then monthly differentials, all of which I do manually.)  Important – to make the Macrium backup, I boot the PC from a separate USB stick that has the Macrium Reflect media restore tool in a PE environment, and that instance of Macrium Reflect running in PE sees both my C:\ drive (source) and my external SSD drive with a target folder on it (destination).  So when I’m running Macrium from the PE environment, I am NOT booting to my normal C:\ drive and therefore NOT running my normal OS.
      (And, yes, that means that I have two devices connected to the PC by USB:  the external SSD that is the destination for the backup, and the stick with the PE-Macrium Reflect Free.)

      Since I travel a bit with this SSD, I would like it to be password-protected in case it’s stolen, but I want to be sure that it will work if ever I actually need to do a Restore.  (I’ve never actually had to do a Restore, so I don’t know personally that Macrium will work when I need it.)

      I think Macrium might have its own password protection, but would this Ratool be a better bet under the circumstances I describe?

      Thanks.

      • #2432207

        Macrium Reflect Home with password protection of encrypted backups is priced sensibly. Each version is good for ~ a few years. Upgrade to 8 from 7 (Home for four PC’s) was $60US. Worthwhile for insuring that only you can mount your Reflect images.

        Also, setting a policy in Windows Pro to only allow executables from running from a specific location (folders of C:) works great. I clean out badly infected customer drives manually by connecting them to a SATA port or USB 3.0 adapter for all M.2 and Micro-SATA drives. Temp files are deleted. Rogue batch and JavaScript files can be safely deleted without executing on my workstation. (The message is essentially that the file is block by administrator, when a rogue executable tries to run when scanning the drive. Malware is pretty indefensible when it’s being cleaned out this way.

        GreatAndPowerfulTech

        1 user thanked author for this post.
    • #2431452

      Can Ratool cover USB drives with modified firmware which identifies them as keyboards or other non-storage devices?

      What are malicious usb keys and how to create a realistic one?

      https://elie.net/blog/security/what-are-malicious-usb-keys-and-how-to-create-a-realistic-one/

      And what about the case where you whitelist a USB flash drive, and later it becomes infected?

      Don’t Plug It In! How to Prevent a USB Attack

      https://www.pcmag.com/how-to/dont-plug-it-in-how-to-prevent-a-usb-attack

      I’m not trying to knock this program. Only to point out that it needs to be seen as just one part of a security defense strategy regarding external storage devices.

       

      -- rc primak

      2 users thanked author for this post.
    • #2431509

      Macrium might have its own password protection

      Macrium creates a user and sets the backup files so that only that user can access them on that machine. This prevents malware running under your user context (including admins) from accessing the files.
      There are ways around the user restriction, but it requires admin rights and permission changes.

      cheers, Paul

      1 user thanked author for this post.
    • #2431646

      I have a (many) HDs and SSDs that I connect via USB adapter to my system (for use and for off-site backup). If I install ratool,
      what happens when I boot win?
      what happens when I boot linux?
      Am I protected from booting a live linux stick and then snooping through either the system’s ssd, or the USB plugged SSD (or whatever)?
      Thanks!

      - ThinkPad T570-20HA, i7-7600U, 2.8GHz, UEFI/GPT, 16GB, Sammy 256GB M.2 NVMe PM961. HP laserjets (M254dw, P1102w, P1606dn), Epson 2480 scanner -

      • #2431735

        AFAICT the software only works on a computer once Windows is running. This will not prevent you booting from any USB device.

        cheers, Paul

        1 user thanked author for this post.
    • #2432087

      Great stuff, Deanna. Amazing, how  do you fund these gems? Applause.

    • #2432595

      Everyone is walking around with the storage of a 1990s supercomputer in their pockets. Jingling around with the pennies and nickels, flash drives …”

      Wrong.  Even though many people still use flash drives, most people don’t carry flash drives around w/ them anymore.  To be accurate (the goal of a good non-fiction writer) you should have written “Some people are walking around … or maybe many or most of the nerds I know are walking around ….  If you’re talking about storage on smart phones, you could write most people are walking around … smart phone …”.  Again, you can’t use “everyone”, since not everyone owns one, contrary to that common assumption/misconception.

    Viewing 6 reply threads
    Reply To: Ratool — Because firewalls can’t stop everything

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.