Exam Objectives Fast Track

Previous page
Table of content
Next page

The Role of EFS in a Network Security Plan

  • A good network security plan is multilayered and includes perimeter control, internal security, and object-specific security.

  • File encryption, such as that afforded by EFS, provides security for specific, valuable/sensitive objects (files or folders).

  • An important part of security planning is determining the assets that most need protection. You should assess your data to determine which files and folders should be encrypted.

Using the Encrypting File System

  • EFS uses both public key encryption and secret key encryption.

  • An encrypted file can be read by anyone with a private key that can decrypt the File Encryption Key (FEK) used to encrypt the file.

  • The default recovery agent in a workgroup environment is the local administrator. The default recovery agent in a domain environment is the domain administrator.

User Operations

  • The user operations that use file encryption are encrypting a file, accessing an encrypted file, copying an encrypted file, moving an encrypted file, renaming an encrypted file, decrypting a file, encrypting a directory, and recovery operations.

  • The only requirement for EFS is an NTFS partition. Accessing an encrypted file requires no special action by the user.

  • Renaming an encrypted file changes the file's name but does not change the encryption attribute.

  • When an encrypted file is moved on the same NTFS partition, it retains its encrypted status. When an encrypted file is moved to a different NTFS partition, the file is first decrypted and then encrypted.

  • Windows 2000 allows users to use file encryption from the command prompt using the Cipher Utility.

  • EFS allows encryption to be set at directory and file levels.

EFS Architecture and Troubleshooting

  • Windows 2000 contains both a user mode and a kernel mode. EFS activity occurs in each of these modes.

  • In Windows 2000, the Local Security Authority Subsystem performs additional functions in order for EFS to work properly. The functions are grouped as EFS functions.

  • The new EFS components include the EFS driver, EFS callouts, KsecDD, EFS services, and the cryptographic provider.

  • Users who cannot decrypt files can have their files recovered by the data recovery agent.

  • Files encrypted while logged in with a local computer account cannot be accessed by a domain user account (and vice versa). This is a common problem for portable computer EFS users.

  • Windows XP and Windows .NET Server add the functionality of having multiple EFS users on a single document. Windows 2000 does not support this functionality.


Previous page
Table of content
Next page
MCSE. MCSA Implementing & Administering Security in a Windows 2000 Network Study Guide Exam 70-214
MCSE/MCSA Implementing and Administering Security in a Windows 2000 Network: Study Guide and DVD Training System (Exam 70-214)
ISBN: 1931836841
EAN: 2147483647
Year: 2003
Pages: 162
Authors: Will Schmied, Thomas W. Shinder
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
Qshell for iSeries
A+ Fast Pass
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Mastering Delphi 7
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy