Chapter 5: Managing and Troubleshooting the Encrypting File System | MCSE/MCSA Implementing and Administering Security in a Windows 2000 Network: Study Guide and DVD Training System (Exam 70-214)

Introduction

Regardless of the efficacy of the barriers that you erect to keep others from accessing or intercepting your sensitive data, you must recognize that your barriers won't always work. Confidential files sometimes fall into the wrong hands. Thus, you need to take additional steps to ensure that when this happens, unauthorized persons will not be able to read the data even though they have it in their possession. That's where encryption comes in.

Data encryption is a concept that predates computers. The art and science of cryptography involves hiding or changing information to protect it from unauthorized persons. The word comes from the Greek word for hidden, and the ancient Greeks, as well as those in other ancient civilizations, practiced cryptographic techniques when sending important military, political, and personal messages.

Encryption "scrambles" data so that it appears to be gibberish to anyone who doesn't have the means to "unscramble," or decrypt, it. All computer data is ultimately sent or stored in binary form (as ones and zeroes).To encrypt the binary data, a mathematical procedure called an algorithm (a calculation or formula) is applied, using a variable called the key. Methods used to encrypt data are called ciphers, and the encrypted form of data is called ciphertext. To decrypt data and return it to comprehensible form, the recipient of the data must use the proper key. This might be the same key used to encrypt it (a method called symmetric encryption) or it might be a different, mathematically related key (in a method called asymmetric encryption).

Note

For a fuller discussion of cryptography and encryption as well as other basic security concepts that we have not covered in this book, see Chapter 7 of Scene of the Cybercrime: Computer Forensics Handbook by Debra Littlejohn Shinder (Syngress Publishing, Inc., ISBN 1-931836-65-5, 2002).

When we discuss encryption in regard to computer data, we need to make a distinction between two different uses of the technology:

Encryption of data as it travels across a network
Encryption of data stored on disk

With the Windows 2000 operating system, Microsoft introduced built-in features to accomplish each of these tasks. Support for the Internet standard Internet Protocol Security (IPSec), which we discuss in Chapter 6, provides encryption for data in transit. In this chapter, we focus on the encryption of data stored on disk as implemented by Microsoft's Encryption File System (EFS). Remember that prior to Windows 2000, users of Microsoft Windows operating systems had to rely on third-party products to provide encryption of stored data. These products were often very limited, very insecure, and not compatible with each other. Windows 2000 EFS removes the need for these types of products.

Remember, the fact that you might have implemented a firewall (such as ISA Server) and that the Windows NT-based operating systems include mandatory logon and access control for files does not guarantee that your data will be protected from unauthorized eyes. If thieves want to steal your data, they can achieve their goal in many ways. Tools on some other operating systems can access NTFS volumes while bypassing the access control supplied by NTFS. Lack of physical security allows entire portable systems to be stolen easily.

In addition, many laptop and notebook computers now come with removable hard drives. This is great for thieves because they have less contraband to conceal once they've pulled off a theft. The laptop itself still appears on the owner's desk, so a thief has more time to exit a building before any alarms go off. A thief can also disconnect and remove a desktop computer's second hard drive from the premises without being noticed.

To keep your data from being viewed and/or modified by any unauthorized user such as a thief, you should implement file encryption. EFS, which is included in Windows 2000 and improved in Windows XP/.NET, makes this easy. However, in order to take advantage of EFS, you must format the partitions on which it is stored to NTFS. Furthermore, you should know that even if you use these operating systems and use NTFS, no data is encrypted by default. You must explicitly set the encryption property on the files or folders that you want to protect.

In this chapter, we examine the features and architecture of EFS and show you how to use it to provide extra security for your sensitive data.