Along with designing security to keep the network safe from intrusion, its equally important to provide security for the files and folders on the network. Creating a robust security plan entails securing network resources at each access point. In this case, after users are authenticated (or in the event that a malicious user gains network access), files and folders can be secured via access control, encryption, and through backup and recovery activities. Protecting sensitive and valuable corporate data is the ultimate goal of all security activities, and in this chapter, we looked at the specific activities included in designing effective access control strategies, implementing and managing the Encrypting File System (EFS), and designing and testing backup and recovery strategies.
Securing data on the network is one of several elements in an overall security plan. Controlling access to files, folders, and other resources is the second line of defense after a strong user authentication strategy. Once users gain access to the network, access control strategies provide another layer of security by controlling and monitoring access to system objects at a very granular level. Through the use of access control lists (ACLs), users can be granted access via groups (typically) to needed resources. Following best practices, users are added to groups and groups are added to ACLs to gain specific privileges using the AGDLP method.
User access can be managed via one of several different frameworks, including user/ACL, account group/ACL, account group/resource group , and role-based permissions. Each method has pros and cons and should be reviewed to determine which method is best suited to your organization.
Auditing events provides an additional measure of security and visibility. Auditing activities can include monitoring logon, account use, privilege user, object access, and more. Determining appropriate auditing events and reviewing auditing logs can improve security by showing patterns of access as well as potential intrusion or abuse of privileges.
Registry access is controlled via group policy as well as via security templates (which are applied via group policy). The ability to manage access to the Registry adds a layer of security since the Registry is the heart of any Windows-based computer (since Windows 95).
The Encrypted File System (EFS) is a built-in feature in Windows Server 2003 that includes several enhancements over the Windows 2000 capabilities. EFS protects files and folders with encryption. If a malicious user manages to gain access to network resources, he or she will be unable to read an encrypted file. This is especially helpful on mobile computers such as laptops that can easily be stolen and hard drives removed to systems on which the thief has administrative privileges. In this case, the files remain encrypted and will be useless to the thief . EFS is also a good tool for securing sensitive corporate files. It adds an additional layer of security after user authentication and access control. Even if these are both breached, an encrypted file will still be unusable for an unauthorized person.
With EFS, folders and files can be encrypted in a manner completely transparent to the user. Following best practices, folders should be encrypted so that all files within the folder are automatically encrypted as are any temporary files related to the encrypted file. When EFS is implemented, it will use the users certificate if one exists or will request on from a certificate authority (CA), if available. If neither is available, EFS will self-generate a certificate for file and folder encryption. A file is stored with both the users encrypted certificate information and the recovery agent certificate information in the header. This ensures that any file encrypted by any user can be decrypted by the user or the recovery agent in the event the user loses his or her credentials or the user leaves the firm. Through recovery policy, you can designate any number of recovery agents that are authorized to recover encrypted files. If the recovery agents credentials are used to recover the file, the file remains decrypted. It cannot be re-encrypted by the recovery agent to prevent a rogue recovery agent from viewing files without discovery. If a rogue recovery agent opens a file for viewing, it remains decrypted, leaving evidence of tampering.
The cipher.exe command can be used to encrypt and decrypt individual files and folders as well as to create recovery agents and other activities related to file and folder encryption. This command-line utility works in conjunction with EFS, which relies on the CryptoAPI, to manage folder and file encryption.
The last line of defense on any system is typically the backup and recovery capabilities. If systems fail due to hardware failure or sabotage , if systems are compromised through intentional attack or viruses, or if a natural disaster such as flooding or fire occurs, backup and recovery procedures can bring a network back online and return the network or system to full functionality.
The key in disaster recovery planning is that it be integrated with corporate business continuity planning so that all strategic business elements are included. IT disaster planning alone might leave gaps in capabilities that are not discovered until the firm is in a recovery phase, which is far too late. Planning includes assessing the data, data types, frequency of data modification, location of data, and more. Once all corporate data has been assessed, creating backup plans includes frequency of backup, type of back up (normal, incremental, differential), backup media (tape, disk, clusters), and location (onsite tape backup, onsite backup appliances, disk sets, offsite tape, offsite disk mirroring).
Recovery plans include not only how and where backups are created and stored, but how to best recover from a system failure. Reducing single points of failure is an important part of reducing the likelihood of needing to recover. Beyond that, a sound recovery plan also includes regular backups, testing backups and restore capabilities, training users (or admins) on backup and restore procedures, as well as using Windows Server 2003 tools such as Emergency Management Services, Automated System Recovery backup sets, and the Recovery Console.
Backup and recovery must also be performed in a secure manner, including securing backup media in secure, access-controlled locations, making multiple backup sets and storing one set offsite, splitting permissions for backup and restore between trusted users or groups to prevent one user from having permission to both backup and restore data, and monitoring all backup and restore activities.