Ans : Encrypting File System (EFS)
The main benefits of personal computers are that it provides you the flexibility to boot
into multiple Operating Systems for desired use. But this flexibility poses great difficulty
in the world of security. In addition to the security risks of multiple Operating Systems,
there are security risks introduced with the use of laptop computers. Laptops often get
stolen or misplaced, and the data on that computer is vulnerable to compromise as soon
as the location of the laptop is changed. With NTFS security you are able to solve the
issues of security to a certain extent. As detailed there are tools available to access
data even properly secured on an NTFS partition.
The concept of encryption has been introduced to solve this problem. Data encryption
works to make the files on the computer only useful to the authorized owner of the
data. Some of these methods provide a password for each encrypted file, which while
effective, is not practical for large volumes of files. Another method is to use a key to
unlock each file that has been encrypted, with only one user holding the key and
Microsoft’s EFS uses this approach. EFS use “public key cryptography” for encryption/
decryption of data. Public key cryptography is the use of two keys, one performs
encryption and another performs decryption. The keys are keys are mathematically
related. The files are encrypted by DES encryption algorithm in EFS. EFS supports file
encryption for both on a local hard drive and on a remote file server. But, any files
encrypted on the remote server will be transmitted over the network in clear-text by
default. So, the file is decrypted at the file server, and then sent to the user. In order to
maintain the high level of security, a mechanism should be implemented to secure the
network traffic, such as IPsec.
The implementation of EFS works directly with NTFS and data can only be encrypted
on an NTFS partition. EFS can encrypt any temp files created along with the original,
and the keys are stored in the kernel using non-paged memory, so they are never
vulnerable to attackers.
EFS and Users Management
One of good or bad point of EFS is that its use does not require any administrative
effort and keys are created automatically, if the user does not already have a publics key
pair to use. Files and Folders are encrypted on a single file or single folder basis, each
wit11 a unique encryption key and as they are encrypted uniquely, if you move an
encrypted file to an unencrypted folder on the same partition, the file will remain
encrypted. If you copy an encrypted file to a location that allows for encryption, the file
will remain encrypted.
The EFS is a very transparent in use and user may have encryption enabled without
aware of it.
Data Recovery Management
EFS designed to be implemented by a user, and is designed to be transparent; it can be
used where it was not initially intended. EFS allow for Recovery Agents and the
default Recovery Agent is the Administrator. These agents have configured public keys
that are used to enable file recovery process. But, the system is designed in such a way
that only the file recovery is possible and the recovery agent cannot learn about the
user’s private key.
Data Recovery for tides companies and organizations that have the
requirement of accessing data if an employee leaves, or the encryption key is
lost.
The policy for implementing Data Recovery is defined at a Domain Controller. And
this policy will be enforced on every computer in that domain. In case EFS is
implemented on a MacLaine that is not part ova domain, the system, will automatically
generate and save Recovery Keys.
EFS Cryptography Management
As mentioned in the previous sections EFS uses public key cryptography, based on the
DES encryption algorithm. Data is encrypted by what is called a File Encryption Key
(FEK), which is radiantly generated key.’ The FEK itself is then encrypted using a public
key, which creates a list of encrypted FEKs. The list is then stored with the encrypted file
in a special attribute called the Data Decryption Field (DDF). When a user needs to
decrypt the file, he or she will use the private key that was part of the key pair. User
performs encryption from the command line, or from Explorer. In Explorer, the option to
encrypt is under the advanced option on the properties Window. When using the command
line version, the command is, cipher, with ate switch for encryption and a.d switch for
decryption