Windows Encryption File System (EFS) - PowerPoint PPT Presentation

About This Presentation
Title:

Windows Encryption File System (EFS)

Description:

Data Recovery Options. Once a file is encrypted only the users private key can access the file. ... Data Recovery Agent (DRA) ... – PowerPoint PPT presentation

Number of Views:489
Avg rating:3.0/5.0
Slides: 17
Provided by: Dave4
Learn more at: https://web.stanford.edu
Category:

less

Transcript and Presenter's Notes

Title: Windows Encryption File System (EFS)


1
Windows Encryption File System (EFS)
  • Tech Briefing
  • July 18th 2008
  • http//www.stanford.edu/services/efs

2
Agenda
  • Stanford Users
  • What is EFS
  • What does it Protect
  • Is this for me?
  • Features
  • Data Recovery Agent
  • Getting Started
  • Demo - How to Encrypt
  • Demo How to backup Key
  • IT Support Staff
  • How to setup Data Recovery Agent

3
What is Encrypting File System (EFS)
  • The Microsoft Windows Encrypting File System
    (EFS) is feature built into the file system of
    the Windows XP and Windows Vista operating
    systems. It lets you encrypt designated files on
    a local computer so that no other user can access
    your data. When a file is encrypted, EFS
    automatically decrypts the file for use and
    re-encrypts the file when it is saved.
  • EFS is particularly useful for protecting data on
    a computer that might be physically stolen, such
    as a laptop.

4
What It Protects
  • EFS protects files you designated if your
    computer is lost or stolen.
  • If someone tries to break in or has access into
    your system to retrieve files, they will not be
    able to open the file even if they can see that
    it exists (as long as they do not have your SUNet
    ID and password).
  • Files copied to a Web folder using WebDAV are
    kept encrypted.

5
What It Doesnt Protect or Prevent
  • It does NOT provide encryption to files that are
  • Sent via email
  • Kept on a separate flash drive/thumb drive/USB
    drive/floppy disk
  • Moved over the network via shared folders
    (CIFS/AFS)
  • System and page file
  • Compress Files
  • Files moved into folder set to encrypt all files
  • Files form being deleted
  • When you are about to move an encrypted file,
    Windows will warn you that you will lose your EFS
    encryption. Keep in mind that whenever you move a
    file off of your computer, it is probably no
    longer protected by EFS.

6
Is this for me?
  • Reasons for using EFS
  • Want to secure files on your computer incase it
    is stolen or lost
  • You work with or store restricted data on your
    local computer
  • You travel and need to work with restricted data
  • Requirements
  • Windows XP Professional
  • Windows Vista Business, Enterprise or Ultimate
  • Computer is a member if University Windows
    Infrastructure (AD)
  • Users is logged on to the computer with their
    SUNet ID (WIN Domain), local computer or child
    domain accounts will NOT work
  • Hard drive is formatted with NTFS

7
Features
  • Microsoft Windows Encrypting File System (EFS)
  • Transparent encryption done at the file-system
    level
  • If a folder is marked, every file created or
    moved into it will be encrypted
  • File encryption keys can be archived (USB Flash
    Drive, File server)
  • There is no back door
  • Keys are protected with the users password on the
    computer
  • Data Recovery Agent to allow for recovery of
    files if users key is lost
  • Future Features
  • Additional Users can be added to a file
  • Group Policy to Auto Encrypt My Documents
    Folder

8
Data Recovery Options
  • Once a file is encrypted only the users private
    key can access the file. Should this key get
    lost the data will be inaccessible. Options to
    protect the data include
  • User copies key to USB flash drive and store
    separately from computer
  • Configure Data Recover Agent (DRA)
  • Domain Wide DRA
  • Local/Departmental DRA

9
Data Recovery Agent (DRA)
  • These data recovery agents (DRAs) are a separate
    set of issued recovery certificates with public
    and private keys that can be used to recover
    files.
  • Recommendation for DRAs
  • Local Systems Administrators
  • Separate flash drive (Iron Key) stored in secure
    location (safe)
  • Requirements for Recovery
  • Admin will need read access to files at time of
    recovery
  • Password for the DRA Private Key

10
Getting Starting For End Users
  • Open a HelpSU Request
  • Once you have approval from your Local Support
    Staff that they have setup the DRA you can then
    choose directories to start encrypting.
  • Copy your Key to a External USB Drive

11
Demo 1
  • How To Encrypt Files

12
Demo 2
  • How to back-up Your Keys

13
Storing User Keys
  • Export and then Delete Key on local computer
  • External USB Flash Drive
  • NOT stored with your computer or in laptop bag
  • Encrypted (optional)What

14
Known Issues
  • DCOM Required
  • Start Registry Editor.
  • Locate the following pathHKEY_LOCAL_MACHINE\Sof
    tware\Microsoft\OLE
  • Change the EnableDCOM string value to Y.
  • Restart the operating system for the changes to
    take effect.
  • Note There is a BigFix fixlet to re-enable DCOM
  • Vista and Symantec Bug Patch available on ESS

15
Demo 3
  • How to Setup DRA

16
Questions and Answers
  • Extra Info for users and admins
  • Stanford Data Classificationhttp//www.stanford.e
    du/group/security/securecomputing/dataclass_chart.
    html
  • Windows Desktop File Encryption and EFS
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Windows Encryption File System (EFS)" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!