STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Windows Encryption File System (EFS) Tech Briefing July 18 th 2008

Slides:

Advertisements

Similar presentations

Backing up Your Computer Jamie Leben IT-Works Computer Services Copyright 2010.

Advertisements

This presentation will take a look at to prevent your information from being discovered by and investigator.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Chapter 7: Configuring Disks. 2/24 Objectives Learn about disk and file system configuration in Vista Learn how to manage storage Learn about the additional.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.

1 Chapter Overview Managing Compression Managing Disk Quotas Increasing Security with EFS Using Disk Defragmenter, Check Disk, and Disk Cleanup.

Source XP vs Windows 7 XPWin 7.

1 Using Compressed Files and Folders Applications and operating systems read and write to compressed files. NTFS uncompresses the file before making it.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.

Chapter 4: Operating Systems and File Management 1 Operating Systems and File Management Chapter 4.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Troubleshoot Access, Authentication, and User Account Control Issues Lesson 8.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Fall 2011 Nassau Community College ITE153 – Operating Systems Session 14 Windows XP Professional 1.

Tutorial 11 Installing, Updating, and Configuring Software

Hands-On Microsoft Windows Server 2008

Essential CCHS Computing Information Computer Applications September 2009.

Week #7 Objectives: Secure Windows 7 Desktop

With Windows XP, you can share files and documents with other users on your computer and with other users on a network. There is a new user interface.

C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.

Chapter 18: Windows Server 2008 R2 and Active Directory Backup and Maintenance BAI617.

POSITIONING STATEMENT For people who operate shared computers with Genuine Windows XP, the Shared Computer Toolkit is an affordable, integrated, and easy-to-use.

Troubleshooting Windows Vista Security Chapter 4.

Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.

Archiving s. How to Manage Auto-Archive in Outlook Your Microsoft Outlook mailbox grows as you create and receive items. To manage the space.

C HAPTER 7 Managing Disk and File System. I NTRODUCING DISK MANAGEMENT 2 types of hard disk storage supported by Windows XP are: basic hard disk & dynamic.

Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.

Diagnostic Pathfinder for Instructors. Diagnostic Pathfinder Local File vs. Database Normal operations Expert operations Admin operations.

Module 3 Configuring File Access and Printers on Windows ® 7 Clients.

Configuring Data Protection Chapter 12 powered by dj.

Module 15 Managing Windows Server® 2008 Backup and Restore.

Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources.

Ch 17 Securing the File System. Three Ways to Protect Files NTFS Permissions Encrypting File Service BitLocker full-disk encryption – BitLocker ToGo.

© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.

Windows 2000 Security Yingzi Jin. Introduction n Active Directory n Group Policy n Encrypting File System.

Understanding Backup and Recovery Methods Lesson 8.

Module 5: Configuring and Managing File Systems. Overview Working with File Systems Managing Data Compression Securing Data by Using EFS.

Managing Applications, Services, Folders, and Libraries Lesson 4.

IT1001 – Personal Computer Hardware & system Operations Week7- Introduction to backup & restore tools Introduction to user account with access rights.

Microsoft Windows XP Professional MCSE Exam

A user guide to accessing, reviewing and contributing to the Online Registry System.

Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.

Understand Encryption LESSON 2.5_A Security Fundamentals.

CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.

Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 14 – Windows Security.

Lesson 18: Configuring Security for Mobile Devices MOAC : Configuring Windows 8.1.

Module 11: Managing Data Storage. Overview Managing File Compression Configuring File Encryption Configuring EFS Recovery Agents Implementing Disk Quotas.

IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.

Product Training 1 JetFlash Software Application.

© ExplorNet’s Centers for Quality Teaching and Learning 1 Explain the importance of security and encryption. Objective Course Weight 2%

Windows Vista Configuration MCTS : NTFS Security Features and File Sharing.

11 SUPPORTING WINDOWS XP FILE AND FOLDER ACCESS Chapter 5.

Instant File Recovery and Data Protection for Windows ® Networks.

Dial-In Number: 1 (631) Webinar ID: FHC Tech Talk Automation and Efficiency Series Talk #1 Carbonite automated backup.

Chapter Objectives In this chapter, you will learn:

Uses Of Encryption Algorithms

Have you seen this screen?

Presentation transcript:

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Windows Encryption File System (EFS) Tech Briefing July 18 th

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 8/13/2015 Windows Encrypting File System (EFS) page 1 Agenda Stanford Users What is EFS What does it Protect Is this for me? Features Data Recovery Agent Getting Started Demo - How to Encrypt Demo – How to backup Key IT Support Staff How to setup Data Recovery Agent

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES What is Encrypting File System (EFS) The Microsoft Windows Encrypting File System (EFS) is feature built into the file system of the Windows XP and Windows Vista operating systems. It lets you encrypt designated files on a local computer so that no other user can access your data. When a file is encrypted, EFS automatically decrypts the file for use and re-encrypts the file when it is saved. EFS is particularly useful for protecting data on a computer that might be physically stolen, such as a laptop. 8/13/2015 Windows Encrypting File System (EFS) page 2

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES What It Protects  EFS protects files you designated if your computer is lost or stolen.  If someone tries to break in or has access into your system to retrieve files, they will not be able to open the file even if they can see that it exists (as long as they do not have your SUNet ID and password).  Files copied to a Web folder using WebDAV are kept encrypted. 8/13/2015 Windows Encrypting File System (EFS) page 3

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES What It Doesn’t Protect or Prevent  It does NOT provide encryption to files that are: Sent via Kept on a separate flash drive/thumb drive/USB drive/floppy disk Moved over the network via shared folders (CIFS/AFS) System and page file Compress Files Files moved into folder set to encrypt all files Files form being deleted  When you are about to move an encrypted file, Windows will warn you that you will lose your EFS encryption. Keep in mind that whenever you move a file off of your computer, it is probably no longer protected by EFS. 8/13/2015 Windows Encrypting File System (EFS) page 4

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Is this for me?  Reasons for using EFS Want to secure files on your computer incase it is stolen or lost You work with or store restricted data on your local computer You travel and need to work with restricted data  Requirements Windows XP Professional Windows Vista Business, Enterprise or Ultimate Computer is a member if University Windows Infrastructure (AD) Users is logged on to the computer with their SUNet ID (WIN Domain), local computer or child domain accounts will NOT work Hard drive is formatted with NTFS 8/13/2015 Windows Encrypting File System (EFS) page 5

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Features  Microsoft Windows Encrypting File System (EFS) Transparent encryption done at the file-system level If a folder is marked, every file created or moved into it will be encrypted File encryption keys can be archived (USB Flash Drive, File server) There is no “back door” Keys are protected with the users password on the computer Data Recovery Agent to allow for recovery of files if user’s key is lost  Future Features  Additional Users can be added to a file  Group Policy to Auto Encrypt “My Documents” Folder 8/13/2015 Windows Encrypting File System (EFS) page 6

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Data Recovery Options Once a file is encrypted only the users private key can access the file. Should this key get lost the data will be inaccessible. Options to protect the data include:  User copies key to USB flash drive and store separately from computer  Configure Data Recover Agent (DRA) Domain Wide DRA Local/Departmental DRA 8/13/2015 Windows Encrypting File System (EFS) page 7

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Data Recovery Agent (DRA) These data recovery agents (DRAs) are a separate set of issued recovery certificates with public and private keys that can be used to recover files. Recommendation for DRAs Local Systems Administrators Separate flash drive (Iron Key) stored in secure location (safe) Requirements for Recovery Admin will need read access to files at time of recovery Password for the DRA Private Key 8/13/2015 Windows Encrypting File System (EFS) page 8

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Getting Starting For End Users  Open a HelpSU Request  Once you have approval from your Local Support Staff that they have setup the DRA you can then choose directories to start encrypting.  Copy your Key to a External USB Drive 8/13/2015 Windows Encrypting File System (EFS) page 9

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Demo 1 How To Encrypt Files 8/13/2015 Windows Encrypting File System (EFS) page 10

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Demo 2 How to back-up Your Keys 8/13/2015 Windows Encrypting File System (EFS) page 11

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Storing User Keys  Export and then Delete Key on local computer  External USB Flash Drive NOT stored with your computer or in laptop bag Encrypted (optional)What 8/13/2015 Windows Encrypting File System (EFS) page 12

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Known Issues  DCOM Required 1.Start Registry Editor. 2.Locate the following path: HKEY_LOCAL_MACHINE\Software\Microsoft\OLE 3.Change the EnableDCOM string value to Y. 4.Restart the operating system for the changes to take effect. Note: There is a BigFix fixlet to re-enable DCOM  Vista and Symantec Bug – Patch available on ESS 8/13/2015 Windows Encrypting File System (EFS) page 13

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Demo 3 How to Setup DRA 8/13/2015 Windows Encrypting File System (EFS) page 14

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Questions and Answers  Extra Info for users and admins Stanford Data Classification ass_chart.html ass_chart.html Windows Desktop File Encryption and EFS 8/13/2015 Windows Encrypting File System (EFS) page 15