Windows Encryption Record Framework (EFS).


69 views
Uploaded on:
Description
Windows Encryption Document Framework (EFS) Tech Instructions July 18 th 2008 http://www.stanford.edu/administrations/efs Plan Stanford Clients What is EFS What does it Ensure Is this for me? Highlights Information Recuperation Operators Beginning Demo - How to Encode Demo – How to reinforcement Key
Transcripts
Slide 1

Windows Encryption File System (EFS) Tech Briefing July 18 th 2008 http://www.stanford.edu/administrations/efs

Slide 2

Agenda Stanford Users What is EFS What does it Protect Is this for me? Highlights Data Recovery Agent Getting Started Demo - How to Encrypt Demo – How to reinforcement Key IT Support Staff How to setup Data Recovery Agent Windows Encrypting File System (EFS)

Slide 3

What is Encrypting File System (EFS) The Microsoft Windows Encrypting File System (EFS) is highlight incorporated with the record arrangement of the Windows XP and Windows Vista working frameworks. It gives you a chance to encode assigned records on a nearby PC so that no other client can get to your information. At the point when a document is scrambled, EFS naturally unscrambles the record for utilization and re-encodes the record when it is spared. EFS is especially helpful for ensuring information on a PC that may be physically stolen, for example, a portable workstation. Windows Encrypting File System (EFS)

Slide 4

What It Protects EFS secures documents you assigned if your PC is lost or stolen. On the off chance that somebody tries to break in or has entry into your framework to recover documents, they won\'t have the capacity to open the record regardless of the possibility that they can see that it exists (the length of they don\'t have your SUNet ID and secret word). Records duplicated to a Web organizer utilizing WebDAV are kept encoded. Windows Encrypting File System (EFS)

Slide 5

What It Doesn’t Protect or Prevent It doesn\'t give encryption to documents that are: Sent by means of email Kept on a different blaze drive/thumb drive/USB drive/floppy circle Moved over the system through shared organizers (CIFS/AFS) System and page record Compress Files moved into envelope set to encode all documents Files structure being erased When you speak the truth to move a scrambled document, Windows will caution you that you will lose your EFS encryption. Remember that at whatever point you move a document off of you\'re PC, it is likely no more secured by EFS. Windows Encrypting File System (EFS)

Slide 6

Is this for me? Purposes behind utilizing EFS Want to secure records on your PC incase it is stolen or lost You work with or store limited information on your nearby PC You travel and need to work with confined information Requirements Windows XP Professional Windows Vista Business, Enterprise or Ultimate Computer is a part if University Windows Infrastructure (AD) Users is signed on to the PC with their SUNet ID (WIN Domain), neighborhood PC or tyke area records won\'t buckle down commute is arranged with NTFS Windows Encrypting File System (EFS)

Slide 7

Features Microsoft Windows Encrypting File System (EFS) Transparent encryption done at the record framework level If an envelope is denoted, each record made or moved into it will be scrambled File encryption keys can be filed (USB Flash Drive, File server) There is no “back door” Keys are ensured with the clients watchword on the PC Data Recovery Agent to take into account recuperation of documents if user’s key is lost Future Features Additional Users can be added to a document Group Policy to Auto Encrypt “My Documents” Folder Windows Encrypting File System (EFS)

Slide 8

Data Recovery Options Once a record is encoded just the clients private key can get to the document. Should this key get lost the information will be blocked off. Alternatives to secure the information include: User duplicates key to USB glimmer drive and store independently from PC Configure Data Recover Agent (DRA) Domain Wide DRA Local/Departmental DRA Windows Encrypting File System (EFS)

Slide 9

Data Recovery Agent (DRA) These information recuperation specialists (DRAs) are a different arrangement of issued recuperation declarations with open and private keys that can be utilized to recoup records. Suggestion for DRAs Local Systems Administrators Separate glimmer drive (Iron Key) put away in secure area (safe) Requirements for Recovery Admin will need read access to documents at time of recuperation Password for the DRA Private Key Windows Encrypting File System (EFS)

Slide 10

Getting Starting For End Users Open a HelpSU Request Once you have approbation from your Local Support Staff that they have setup the DRA you can then pick indexes to begin scrambling. Duplicate your Key to an External USB Drive Windows Encrypting File System (EFS)

Slide 11

Demo 1 How To Encrypt Files Windows Encrypting File System (EFS)

Slide 12

Demo 2 How to go down Your Keys Windows Encrypting File System (EFS)

Slide 13

Storing User Keys Export and afterward Delete Key on neighborhood PC External USB Flash Drive NOT put away with you\'re PC or in tablet sack Encrypted (optional)What Windows Encrypting File System (EFS)

Slide 14

Known Issues DCOM Required Start Registry Editor. Find the accompanying way: HKEY_LOCAL_MACHINE\Software\Microsoft\OLE Change the EnableDCOM string worth to Y . Restart the working framework for the progressions to produce results. Note: There is a BigFix fixlet to re-empower DCOM Vista and Symantec Bug – Patch accessible on ESS Windows Encrypting File System (EFS)

Slide 15

Demo 3 How to Setup DRA Windows Encrypting File System (EFS)

Slide 16

Questions and Answers Extra Info for clients and administrators Stanford Data Classification http://www.stanford.edu/bunch/security/securecomputing/dataclass_chart.html Windows Desktop File Encryption and EFS Windows Encrypting File System (EFS) .:t

Recommended
View more...