EFS security

Discussion in 'MCSE' started by Bay, Oct 21, 2003.

  1. Bay

    Bay Guest

    EFS seems safe under NTFS partitions but the it will lose the functionality
    if they are moved to FAT partition? If that is the case, then someone who
    is not recovery agent can decrypt the file by moving the file to FAT
    partition? Just a thought...
    Bay, Oct 21, 2003
    1. Advertisements

  2. Bay

    Marty Guest

    well that's where ntfs permissions come into play, if the person does not
    have rights to open the encrypted file they should not have permissions to
    open the directory where the file is stored, therefore they cannot move the
    Marty, Oct 21, 2003
    1. Advertisements

  3. Bay

    Bay Guest

    The default settings allow backup operator to backup and restore encrypted
    files even he doesn't have the ntfs permission rights on the directory,
    right? If the backup operator backup the encrypted file and restore it to
    the FAT32 partition, is he able to access the file from that point?

    Secondly, what's the point of encrypting the file if the unauthorized users
    don't have rights to open the directory in the first place when ntfs
    permission comes to play as you said earlier? If the NTFS permission is in
    place (remove the default everything group and the ACL is configured for the
    authorized user only), unauthorized people wouldn't able to login the stolen
    laptop and access the directory. So do you think encrypting files is
    redundant? If the unauthorized person figures out the password and login the
    laptop as the authorized user and he will have access to both directory
    granted by NTFS permission and the encrypted files anyway.

    So it seems to me encrypting file is not really that useful and secured.
    Please correct me if I am wrong because I am kinda confused about the
    usefulness of the EFS feature.
    Bay, Oct 21, 2003
  4. Bay

    Guest Guest

    Guest, Oct 21, 2003
  5. Bay

    tenubracon Guest

    Not surprisingly, MS thought of this one. In order to move a file, you
    need to be in possession of the private key that corresponds to the
    public key that was used in the initial encryption process. If you
    don't have it, you can't move the file. Try it and see.
    tenubracon, Oct 21, 2003
  6. Bay

    Herb Martin Guest

    Someone claimed incorrectly that permission mattered but
    that isn't really the true story with EFS.

    Without the key, even an administrator (assuming not an EFS
    recovery agent) cannot access the file, no move, copy, read,
    etc. -- despite the permissions.

    You can even prevent the EFS Recovery Agent from "cheating"
    day to day by exporting the certificate with private key and deleting
    that private key from the machine.

    By storing that certificate/key in a secure location under the control
    of a security auditor or executive (not an admin) you can even prevent
    the EFS recover agent from accessing the file -- until the recover is
    needed and the saved key/certificate is brought back to the machine.

    BTW, it only takes about 5 minutes to test this -- two users, full control
    for each, one encrypt, try to access as the other.
    Herb Martin, Oct 21, 2003
  7. Bay

    tenubracon Guest

    Imagine you have a laptop with sensitive documents on it. Someone
    steals the laptop, works out your password and then logs on. As far as
    the computer is comcerned, the thief is you, it cannot tell the
    difference. Of course, although you had set permissions to prevent
    other people accessing your files, you had allowed yourself access.
    Because the thief is logged on as you, they have access to your files.
    This is where EFS comes in.
    EFS encrypts files using an encryption key called the File Encryption
    Key (FEK). When the user who encrypted the file wants to read it, this
    key is needed by the system in order to decrypt the file. The FEK is
    therefore stored anong side the enctypted file. This means that the
    key is available to anyone who wants to access it, of course, and thus
    that the file is available too.
    To secure the FEK, the FEK is itself encrypted. The key that is used
    to do this is called a public key.
    A public key is one half of a 'key pair'. The other half is called the
    private key. Each user has their own public / private key pair that is
    unique to them. The public key is used to encrypt and the private key
    is used to decrypt. Something encrypted by one user's public key can
    only be decrypted by that same user's private key (leaving the DRA to
    one side for this discussion). No other user's private key can decrypt
    Going back to the encryption process, then, when a user encrpyts a
    file, that user's public key is used to encrypt the FEK and that same
    user's private key can be used to decrypt it. Once decrypted, the FEK
    will be used to decrypt the file. In order to do all of this, the
    computer needs access to the user's key pair, so they are stored in
    the user's profile. Whenever the user logs on, its profile is loaded,
    so the keys are available to the system
    So, is the file on the stolen laptop any more secure ? No, not
    really, because in order to access the files, all the thief needs to
    do is log on as the user (having cracked the user's password). The
    user profile (containing the key pair) loads, so when the thief clicks
    on the encrypted file, the private key is available and is used to
    decrypt the FEK, the FEK decrypts the file and the theif is in.
    To actually make this work, an extra step is needed. Once you have
    encrypted the file, you must remove the private key from the system
    (this is called exporting the private key). If the private key is not
    available, the file cannot be accessed EVEN IF THE THIEF HAS LOGGED ON
    AS THE USER. Storing the private key and the encrypted data separately
    is how EFS makes your data more secure.
    Of course, you still need access to your data (assuming the laptop
    hasn't been stolen !). To gain access, you will have to import the
    private key back to the system before accessing the file. Once you
    have finished, you export the file again. It's a hassle, but if used
    correctly, EFS definitely does make a difference.

    As for simply copying an encrypted file to a FAT partition in order to
    access it, this is not possible without the private key and hence not
    a problem if you have exported that key.
    The backup issue is also not a problem as backing up a file means
    essentially taking the raw data off the disk and putting it somewhere
    else. For your encrypted files, raw data means the files remain in
    exactly the form they took when on the NTFS partition - that is,
    encrypted. As long as the private key is not present, the data is
    still safe as it cannot be decrypted.
    Hope this helps. The Step by Step guide to EFS on the MS web site is
    also very useful.
    tenubracon, Oct 21, 2003
  8. Bay

    Herb Martin Guest

    The solution to the "breaks your password" is:

    Require a SmartCard for logon (disabling normal password)
    Keep the Smartcard separate from the machine
    Consider exporting certificate and deleting private user key while
    "in transit" -- keeping the cert/key on a separate floppy for
    at the destination (or sending by separate means.)

    Both presume you have deleted the EFS Recovery Agent's private
    key (after storing it securely.)
    Herb Martin, Oct 21, 2003
  9. Bay

    Bay Guest


    Thanks for the info. You answered all my concerns.
    Bay, Oct 21, 2003
  10. circa Tue, 21 Oct 2003 02:57:18 GMT, in
    microsoft.public.cert.exam.mcse, Bay () said,
    Not even close.

    Laura A. Robinson, Oct 21, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.