Encrypting File System
Another new security feature in NT 5.0 will be the Encrypting File System (EFS), which will be part of the NT File System (NTFS). EFS will allow users the option of encrypting individual files or entire directories, including the files in contained subdirectories.
EFS will use public key technology to manage the encryption and decryption of files. Each encrypted file will have its own bulk encryption key (EFS will use Data Encryption Standard), which EFS will then encrypt with the public half of the owning user's public key pair and store with the encrypted file. The user will retain the private half in a secure place (for example, a smart card) and retrieve it to decrypt the file.
EFS will also provide for data recovery by keeping a copy of the session key with an authorized agent (usually the administrator). A separate data recovery agent--this could be an administrator or other privileged user--will also have a separate public key pair. Administrators can keep this key pair securely locked away, except when needed to perform recovery of the data in a file. EFS will use the public half to encrypt the file's bulk encryption key and store that separately encrypted version of the key with the file, along with the key encrypted with the owner's public key. If the owning user should, for example, leave the company or lose his or her private key, the data recovery agent will be able to decrypt the file.
EFS will be completely transparent to the user and will close many of the loopholes commonly found in file systems. Still, administrators must pay careful attention when implementing such products instead of assuming that they do all of the work. For example, once a user designates a file as encrypted, EFS can't enforce that attribute on any temporary files derived from the original file. Applications often fail to clean up their temporary files, which become a good resource for intruders looking for confidential information. Thus, administrators should be sure to configure applications to store temporary files in a specific directory, and then to specify that the operating system should encrypt the contents of that directory.
EFS will also provide much better protection of unattended computers and stolen laptops. DOS and Unix tools are available that can allow intruders to bypass NTFS security, giving them access to file contents by booting a different operating system. With EFS, these contents can be encrypted and therefore unusable. Many notebook computers are targets of theft not for their hardware but for the potentially valuable data they contain. Again, with EFS, this incentive will be gone.
Internet FAQ top