SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Succint Article on Encypting File System (EFS)

Encrypting File System, or EFS, first debuted in Windows 2000 and gave users to encrypt files without a 3rd party tool. There were some limitations in EFS under Windows 2000, among them the default Data Recovery Agent was the local Administrator account. This meant that if you tried to use EFS on, say, a laptop, while the files would be encrypted if someone tried to use a Live CD or a Linux boot disk, should the administrator account be cracked, the files could still be accessed. Changes within Windows XP and Windows Server 2003 did away with vulnerabilities such as this one. There are still ways around this, since laptops usually have cached credentials which can be cracked, but it's another step an attacker would have to take. If you aren't familiar with EFS, check out this short article, appropriately titled:

Understanding EFS

EFS isn't "whole disk encryption," but secures files and folders. That means that on a laptop, you are dependent on the user to place files in the proper locations. Tightening down file permissions works when the users aren't running with administrator privileges, but with quite a few apps still requiring more than normal user rights, this isn't so easy. Until Vista's BitKeeper comes on the scene, that means a 3rd party solution is required.

On servers EFS can be used to encrypt files such that only the service account has access to them. I wrote about this with respect to SQL Server, but the article is a little out of date, being written for Windows 2000. I'll need to update it one of these days. Be aware, that as with any encryption, you are likely to experience some performance degradation. After all, the encrpytion/decryption does require additional cycles than straight data access. But the performance hit under Windows 2000 was often less than 5% and I doubt it has gotten worse with Windows XP and 2003.

Technorati Tags: | | | | | | | | | | | | | |

K. Brian Kelley - Databases, Infrastructure, and Security

IT Security, MySQL, Perl, SQL Server, and Windows technologies.


No comments.

Leave a Comment

Please register or log in to leave a comment.