Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computer Certification > MCSE > EFS security

Reply
Thread Tools

EFS security

 
 
Bay
Guest
Posts: n/a
 
      10-21-2003
EFS seems safe under NTFS partitions but the it will lose the functionality
if they are moved to FAT partition? If that is the case, then someone who
is not recovery agent can decrypt the file by moving the file to FAT
partition? Just a thought...


 
Reply With Quote
 
 
 
 
Marty
Guest
Posts: n/a
 
      10-21-2003
well that's where ntfs permissions come into play, if the person does not
have rights to open the encrypted file they should not have permissions to
open the directory where the file is stored, therefore they cannot move the
files.


"Bay" <(E-Mail Removed)> wrote in message
news:ig1lb.191708$%h1.185668@sccrnsc02...
> EFS seems safe under NTFS partitions but the it will lose the

functionality
> if they are moved to FAT partition? If that is the case, then someone who
> is not recovery agent can decrypt the file by moving the file to FAT
> partition? Just a thought...
>
>



 
Reply With Quote
 
 
 
 
Bay
Guest
Posts: n/a
 
      10-21-2003
The default settings allow backup operator to backup and restore encrypted
files even he doesn't have the ntfs permission rights on the directory,
right? If the backup operator backup the encrypted file and restore it to
the FAT32 partition, is he able to access the file from that point?

Secondly, what's the point of encrypting the file if the unauthorized users
don't have rights to open the directory in the first place when ntfs
permission comes to play as you said earlier? If the NTFS permission is in
place (remove the default everything group and the ACL is configured for the
authorized user only), unauthorized people wouldn't able to login the stolen
laptop and access the directory. So do you think encrypting files is
redundant? If the unauthorized person figures out the password and login the
laptop as the authorized user and he will have access to both directory
granted by NTFS permission and the encrypted files anyway.

So it seems to me encrypting file is not really that useful and secured.
Please correct me if I am wrong because I am kinda confused about the
usefulness of the EFS feature.




"Marty" <(E-Mail Removed)> wrote in message
news:KE2lb.63816$(E-Mail Removed)-kc.rr.com...
> well that's where ntfs permissions come into play, if the person does not
> have rights to open the encrypted file they should not have permissions to
> open the directory where the file is stored, therefore they cannot move

the
> files.
>
>
> "Bay" <(E-Mail Removed)> wrote in message
> news:ig1lb.191708$%h1.185668@sccrnsc02...
> > EFS seems safe under NTFS partitions but the it will lose the

> functionality
> > if they are moved to FAT partition? If that is the case, then someone

who
> > is not recovery agent can decrypt the file by moving the file to FAT
> > partition? Just a thought...
> >
> >

>
>



 
Reply With Quote
 
Guest
Posts: n/a
 
      10-21-2003

>-----Original Message-----
>well that's where ntfs permissions come into play, if the

person does not
>have rights to open the encrypted file they should not

have permissions to
>open the directory where the file is stored, therefore

they cannot move the
>files.
>
>
>"Bay" <(E-Mail Removed)> wrote in message
>news:ig1lb.191708$%h1.185668@sccrnsc02...
>> EFS seems safe under NTFS partitions but the it will

lose the
>functionality
>> if they are moved to FAT partition? If that is the

case, then someone who
>> is not recovery agent can decrypt the file by moving

the file to FAT
>> partition? Just a thought...
>>
>>

>
>
>.
>

 
Reply With Quote
 
tenubracon
Guest
Posts: n/a
 
      10-21-2003
"Bay" <(E-Mail Removed)> wrote in message news:<ig1lb.191708$%h1.185668@sccrnsc02>...
> EFS seems safe under NTFS partitions but the it will lose the functionality
> if they are moved to FAT partition? If that is the case, then someone who
> is not recovery agent can decrypt the file by moving the file to FAT
> partition? Just a thought...




Not surprisingly, MS thought of this one. In order to move a file, you
need to be in possession of the private key that corresponds to the
public key that was used in the initial encryption process. If you
don't have it, you can't move the file. Try it and see.
 
Reply With Quote
 
Herb Martin
Guest
Posts: n/a
 
      10-21-2003
Someone claimed incorrectly that permission mattered but
that isn't really the true story with EFS.

Without the key, even an administrator (assuming not an EFS
recovery agent) cannot access the file, no move, copy, read,
etc. -- despite the permissions.

You can even prevent the EFS Recovery Agent from "cheating"
day to day by exporting the certificate with private key and deleting
that private key from the machine.

By storing that certificate/key in a secure location under the control
of a security auditor or executive (not an admin) you can even prevent
the EFS recover agent from accessing the file -- until the recover is
needed and the saved key/certificate is brought back to the machine.

BTW, it only takes about 5 minutes to test this -- two users, full control
for each, one encrypt, try to access as the other.

--
Herb Martin


 
Reply With Quote
 
tenubracon
Guest
Posts: n/a
 
      10-21-2003
Imagine you have a laptop with sensitive documents on it. Someone
steals the laptop, works out your password and then logs on. As far as
the computer is comcerned, the thief is you, it cannot tell the
difference. Of course, although you had set permissions to prevent
other people accessing your files, you had allowed yourself access.
Because the thief is logged on as you, they have access to your files.
This is where EFS comes in.
EFS encrypts files using an encryption key called the File Encryption
Key (FEK). When the user who encrypted the file wants to read it, this
key is needed by the system in order to decrypt the file. The FEK is
therefore stored anong side the enctypted file. This means that the
key is available to anyone who wants to access it, of course, and thus
that the file is available too.
To secure the FEK, the FEK is itself encrypted. The key that is used
to do this is called a public key.
A public key is one half of a 'key pair'. The other half is called the
private key. Each user has their own public / private key pair that is
unique to them. The public key is used to encrypt and the private key
is used to decrypt. Something encrypted by one user's public key can
only be decrypted by that same user's private key (leaving the DRA to
one side for this discussion). No other user's private key can decrypt
it.
Going back to the encryption process, then, when a user encrpyts a
file, that user's public key is used to encrypt the FEK and that same
user's private key can be used to decrypt it. Once decrypted, the FEK
will be used to decrypt the file. In order to do all of this, the
computer needs access to the user's key pair, so they are stored in
the user's profile. Whenever the user logs on, its profile is loaded,
so the keys are available to the system
So, is the file on the stolen laptop any more secure ? No, not
really, because in order to access the files, all the thief needs to
do is log on as the user (having cracked the user's password). The
user profile (containing the key pair) loads, so when the thief clicks
on the encrypted file, the private key is available and is used to
decrypt the FEK, the FEK decrypts the file and the theif is in.
To actually make this work, an extra step is needed. Once you have
encrypted the file, you must remove the private key from the system
(this is called exporting the private key). If the private key is not
available, the file cannot be accessed EVEN IF THE THIEF HAS LOGGED ON
AS THE USER. Storing the private key and the encrypted data separately
is how EFS makes your data more secure.
Of course, you still need access to your data (assuming the laptop
hasn't been stolen !). To gain access, you will have to import the
private key back to the system before accessing the file. Once you
have finished, you export the file again. It's a hassle, but if used
correctly, EFS definitely does make a difference.

As for simply copying an encrypted file to a FAT partition in order to
access it, this is not possible without the private key and hence not
a problem if you have exported that key.
The backup issue is also not a problem as backing up a file means
essentially taking the raw data off the disk and putting it somewhere
else. For your encrypted files, raw data means the files remain in
exactly the form they took when on the NTFS partition - that is,
encrypted. As long as the private key is not present, the data is
still safe as it cannot be decrypted.
Hope this helps. The Step by Step guide to EFS on the MS web site is
also very useful.
 
Reply With Quote
 
Herb Martin
Guest
Posts: n/a
 
      10-21-2003
The solution to the "breaks your password" is:

Require a SmartCard for logon (disabling normal password)
Keep the Smartcard separate from the machine
Consider exporting certificate and deleting private user key while
"in transit" -- keeping the cert/key on a separate floppy for
restoration
at the destination (or sending by separate means.)

Both presume you have deleted the EFS Recovery Agent's private
key (after storing it securely.)

--
Herb Martin


 
Reply With Quote
 
Bay
Guest
Posts: n/a
 
      10-21-2003
Herb,

Thanks for the info. You answered all my concerns.

"Herb Martin" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Someone claimed incorrectly that permission mattered but
> that isn't really the true story with EFS.
>
> Without the key, even an administrator (assuming not an EFS
> recovery agent) cannot access the file, no move, copy, read,
> etc. -- despite the permissions.
>
> You can even prevent the EFS Recovery Agent from "cheating"
> day to day by exporting the certificate with private key and deleting
> that private key from the machine.
>
> By storing that certificate/key in a secure location under the control
> of a security auditor or executive (not an admin) you can even prevent
> the EFS recover agent from accessing the file -- until the recover is
> needed and the saved key/certificate is brought back to the machine.
>
> BTW, it only takes about 5 minutes to test this -- two users, full control
> for each, one encrypt, try to access as the other.
>
> --
> Herb Martin
>
>



 
Reply With Quote
 
Laura A. Robinson
Guest
Posts: n/a
 
      10-21-2003
circa Tue, 21 Oct 2003 02:57:18 GMT, in
microsoft.public.cert.exam.mcse, Bay ((E-Mail Removed)) said,
>
> EFS seems safe under NTFS partitions but the it will lose the functionality
> if they are moved to FAT partition? If that is the case, then someone who
> is not recovery agent can decrypt the file by moving the file to FAT
> partition? Just a thought...
>

Not even close.

Laura
--
I find that the further I go back, the better things were, whether
they happened or not.
-Mark Twain
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
EFS =?Utf-8?B?bTByaw==?= MCSE 48 03-03-2006 08:47 PM
EFS Question Barry Watzman Microsoft Certification 0 04-12-2005 02:37 AM
EFS and SP2 =?Utf-8?B?TWFydGluYQ==?= Microsoft Certification 2 03-05-2005 04:35 AM
EFS not available on XP Home Walden Yapp Computer Support 5 07-16-2004 02:27 AM
EFS and the domain Nettransplant MCSE 4 11-30-2003 11:09 PM



Advertisments