?
Solved

Windows Encryption

Posted on 2004-04-06
4
Medium Priority
?
609 Views
Last Modified: 2013-12-04
Hi!
I would like to know the pros and cons of using the built-in Windows encryption instead of a third party for the security (like NMS Black Whole).
I'm in an environnement where Windows XP is installed on workstations and Windows 2000 (Server) on the servers.

Thanks!
0
Comment
Question by:Sylvania
  • 2
4 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 800 total points
ID: 10769966
I'll assume you mean the Encrypting File Systm (EFS) for  windows 2000 and higher.

EFS is a secure program, when configured correctly. That being said, when configured correctly... it's really tough to recover data if you forget your KEYs arent backed up well. Here are the last3 threads I've covered on EFS: (the last two are probably better than the first link)
http://experts-exchange.com/Security/Win_Security/Q_20932052.html
http://experts-exchange.com/Security/Win_Security/Q_20911328.html
http://experts-exchange.com/Security/Q_20887645.html

In those you'll see where people typically have problems, EFS is a good tool, but it is touchy... I actually prefer a 3rd party, for ease of use sake. You just have to do sooo much to use EFS securly. I like winzip and winrar. They use a great encryption algorythim, and it also saves space with compression. PGP is more secure, and my overall choice.
-rich
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10772449
I agree with RICHRUMBLE - You definitely must ensure a backup of the Recovery Agent

HOW TO: Encrypt Data Using EFS in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;230520

Best Practices for the Encrypting File System
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316

Disable/Enable EFS on a Stand-Alone Windows 2000-Based Computer
http://support.microsoft.com/default.aspx?scid=kb;en-us;243035

You Cannot Decrypt Files After You Reset Your Password with a Password-Reset Disk
http://support.microsoft.com/default.aspx?scid=kb;en-us;308273

If you're a domain administrator - read HOW TO: Configure a Domain EFS Recovery Policy in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;313365

HOW TO: Back Up the Recovery Agent Encrypting File System Private Key in Windows 2000
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q241/2/01.asp&NoWebContent=1

Advanced EFS Data Recovery (or simply AEFSDR) is a program to recover (decrypt) files encrypted on NTFS (EFS) partitions
http://www.elcomsoft.com/aefsdr.html

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 

Author Comment

by:Sylvania
ID: 10774312
Thanks Rich! (And Try too!)

You gave me a lot of reading, but it worths it. :)  Those are pretty good links and it gives me a much better understanding of the process.

Thanks again!
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10781873
:o) Glad we could help you
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses
Course of the Month13 days, 14 hours left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question