TECH TIPS
Encrypt those files
Adesh Rampat
09.26.2001
Rating: -3.60- (out of 5)
Encrypt those files
By Adesh Rampat
With security on the minds of so many people today, it's a good idea to review all the provisions for security that Windows makes available to the Windows administrator. You can take advantage of a bevy of security features in Windows 2000. This tip looks at the Encrypting File System, or EFS. EFS allows users to encrypt data files that are stored in an NTFS partition. This secures those files from unauthorized snooping, particularly on notebook computers, or computers that are used by more than one person.
Got a security tip of your own? Why not send it in? We'll post it on our Web site, thus granting you instant fame, and we'll enter you in our tips contest for some neat prizes.
----------------------------------------------------------------------------
Windows 2000's Encrypting File System (EFS) lets users secure data on a hard drive using public-key encryption. Even if an attacker gains access to data on a hard drive, files on the drive that have been encrypted are useless without the decryption key.
This feature has significant benefits for notebook-computer users and organizations that need to secure highly sensitive data. Users can encrypt either individual files or entire folders. If a folder is encrypted, any file written to that folder will be automatically encrypted.
A Windows 2000 user does not have to be an expert in file encryption to use this facility. The one thing to keep in mind though is that EFS only works with NTFS partition. But you'll have to provide some training to users who wish to use EFS.
Encrypting a file or folder is a simple matter:
Right click on the file or folder to be encrypted and select Properties.
On the General tab click Advanced.
Check the box that reads "Encrypt Contents to Secure Data."
Select OK to confirm.
You will then be prompted whether to encrypt the file or the folder and its contents. In most cases, it's advisable to encrypt the folder and its contents.
Only the user who encrypted the file can decrypt it, as follows:
Right click the folder or file and select Properties.
On the General tab, click Advanced.
Un-check the box that reads "Encrypt Contents to Secure Data."
Click OK to confirm.
Using encrypted files proceeds as does using any other file. The user who encrypted the file can open, close, modify, etc., the file. But an intruder cannot do so.
Remember, if a file or folder is compressed, it cannot be encrypted. So you have to decompress the file of folder if you want to encrypt it. You cannot share an encrypted file. That would defeat the purpose of encrypting it. You can transmit an encrypted file over a network, but it won't be encrypted during the transmission unless you have other security measures in place.
EFS places increased administrative requirements for system administrators, most importantly in the area of managing encryption keys. In particular, you should ensure that users have a backup of their file-encryption certificate and corresponding private key. That way, if for some reason the encryption data becomes unavailable, users can upload the certificate and key from a floppy to recover whatever files are still available.
About the author
Adesh Rampat has 10 years of experience with network and IT administration. He is a member of the Association of Internet Professionals, the Institute for Network Professionals and the International Webmasters Association. He has also lectured extensively on a variety of topics.
Related Book
Fast Software Encryption
By Bruce Schneier
Online Price: $50.00
Publisher Name: Springer-Verlag
Date published: Aug. 2001
Summary:
This book constitutes the thoroughly refered post-proceedings of the Seventh International Workshop on Fast Software Encryption, FSE 2000, held in New York City, USA in April 2000. The 21 revised full papers presented were carefully reviewed and selected from a total of 53 submissions. The volume presents topical sections on stream-cipher cryptanalysis, new ciphers, AES cryptanalysis, block-cipher cryptanalysis and theoretical work.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
