Ans :
The main benefits of personal computers are that it provides you the flexibility to boot
into multiple Operating Systems for desired use. But this flexibility poses great difficulty
in the world of security. In addition to the security risks of multiple Operating Systems,
there are security risks introduced with the use of laptop computers. Laptops often get
stolen or misplaced, and the data on that computer is vulnerable to compromise as soon
as the location of the laptop is changed. With NTFS security you are able to solve the
issues of security to a certain extent. As detailed there are tools available to access
data even properly secured on an NTFS partition.
The concept of encryption has been introduced to solve this problem. Data encryption
works to make the files on the computer only useful to the authorized owner of the
data. Some of these methods provide a password for each encrypted file, which while
effective, is not practical for large volumes of files. Another method is to use a key to
unlock each file that has been encrypted, with only one user holding the key and
Microsoft’s EFS uses this approach. EFS use “public key cryptography” for encryption/
decryption of data. Public key cryptography is the use of two keys, one performs
encryption and another performs decryption. The keys are keys are mathematically
related. The files are encrypted by DES encryption algorithm in EFS. EFS supports file
encryption for both on a local hard drive and on a remote file server. But, any files
encrypted on the remote server will be transmitted over the network in clear-text by
default. So, the file is decrypted at the file server, and then sent to the user. In order to
maintain the high level of security, a mechanism should be implemented to secure the
network traffic, such as IPSec.
The implementation of EFS works directly with NTFS and data can only be encrypted
on an NTFS partition. EFS can encrypt any temp files created along with the original,
and the keys are stored in the kernel using non-paged memory, so they are never
vulnerable to attackers.