[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 151
  • Last Modified:

Windows 2000 Server - Encryption Security

So we've enabled file encryption for some shares on one of our Windows 2000 file servers.

We have one particular share that is very sensitive.  I'd like to know any thoughts on how to protect the keys.  My thoughts...

-We have a large group of domain admins.  Even they will be removed from Read permissions on this share.
-We need to keep the key somewhere secure so that if we have a server disaster and need to restore, we can get at it.

Thoughts?  Perhaps kept on a CD with our Information Security Office?  

Any other issues to think about when protecting access to an encrypted file share?

  • 2
1 Solution
The easiest way to go about this is to isolate the "sensitive" file share all together.

Why make it more complex?

Even if you have to go down the Virtual Machine (VM) route, isolate your most important information.  It's as simple as that.

Only specific Domain admins and users have access rights to this VM.
You can enable encryption to the whole system, not just this one share.
You can add specific monitoring to this whole system and verify who has access, when, and determine who made changes.

The philosophy revolves around segmentation and isolation--segmented and compartmentalized.
At the highest levels of government, this is how they treat security.
shanepresleyAuthor Commented:
Thanks Phil.  I agree with segmentation and isolation.  But I still have questions about the encryption keys.  They need to be stored somewhere, securely.  If we lost that server, we would need to have the key somewhere to recover.  Is it as simple as keeping the keys with our security officer?

Yes. :)

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now