Monday, November 1, 2010


Encrypting File System (EFS) And Detecting Security Vulnerabilities

Encrypting File System (EFS) is a file encryption technology (supported only on NTFS volumes) that protects files from offline attacks, such as hard-disk theft. EFS is entirely transparent to end users because encrypted files behave exactly like unencrypted files. However, if a user does not have the correct decryption key, the file is impossible to open, even if an attacker bypasses the operating system security.

EFS is especially useful for securing sensitive data on portable PCs or on computers that several users share. Both kinds of systems are susceptible to attack by techniques that circumvent the restrictions of ACLs. An attacker can steal a computer, remove the hard disk drives, place the drives in another system, and gain access to the stored files. Files encrypted by EFS, however, appear as unintelligible characters when the attacker does not have the decryption key.

Windows Vista and Windows 7 include the following new features for EFS:
  • Storing both user and recovery keys on smart cards. If smart cards are used for logon, EFS operates in a Single Sign-On mode in which it uses the logon smart card for file encryption without further prompting for the PIN. New wizards guide users through the process of creating and selecting smart card keys, as well as the process of migrating their encryption keys from an old smart card to a new one. The command-line utilities for smart cards have also been enhanced to include these features. Storing encryption keys on smart cards provides especially strong protection for mobile and shared computer scenarios.
  • Encrypting the system page file.
Note: One of the biggest challenges of protecting computers is that security settings can degrade over time. For example, support desk personnel might change a security setting while troubleshooting a problem and forget to correct it. Even if you enable Automatic Updates, a mobile computer might fail to download updates while disconnected from the network. 
How To Detect Security Vulnerabilities:
To help you detect security vulnerabilities, use the Microsoft Baseline Security Analyzer (MBSA), available at MBSA can audit security settings on multiple computers on your network. MBSA is also a great way to verify security settings on new computers before deploying them.


About bench3 -

Haja Peer Mohamed H, Software Engineer by profession, Author, Founder and CEO of "bench3" you can connect with me on Twitter , Facebook and also onGoogle+

Subscribe to this Blog via Email :