folder encryption / auditing

We have a need (like everyone else in MA) to provide disk encryption and access auditing to be in compliance with 201 CMR by 3.1.2010.

Our needs are modest:

-We have servers w/direct attached storage serving up files/shares to the company.  We have a need to encrypt data in *some* of the folders, but not all.  Ideally this all should be fairly invisible to the authorized users who access the data stored in these folders/shares.

-We need to be able to then create an audit log of access for those encrypted folders that we archive weekly or monthly or whatever and store somewhere in case we need it or get audited.  Im guessing theres some 3rd party stuff we can install somewhere.

Im looking for suggestions here.  I've looked at TrueCrypt already but it seems like (from what I've read) there might be issues with trying to do folder level encryption and then sharing it across a network.
Who is Participating?
Why did you discard TrueCrypt ? You can make a container that is formatted in NTFS, that means sharing is not an issue (permissions, etc). Only you have to make sure the drive gets mounted on boot. I think this is doable wihout much problems with TrueCrypt. Especially if it's an encrypted partinion.

The other part - auditing and logging, that relies on the server and NTFS capabilities. These are possibly expandable, but not dependent on the encryption software. Have a look at this question about file access logging on EE:
I think that if you use a Windows server as a file server you will be able to encrypt the drives, files and files as you wish from Properties>Advance  then encrypt them.
To make the shard folders invisible to unauthorised users Microsoft has added a new feature to Windows 2003 that is called Windows Server 2003 Access-based Enumeration  
At last for auditing; you may use the event viewer to record the log events for any folder or drive you wish.
michaelnatale2008Author Commented:
I should have said:

-servers could be Win2008

-Windows EFS was examined and discarded as an option (not by me) so I'm thinking of 3rd party encryption solultions.

As for auditing, I think we need an ongoing, hands off way of logging and archiving access (copies, opens, delete, etc) for authorized users that can get piped to a text file (or other logging facility) and get archived off automatically.

Not sure the Event Log would be the right fit there.
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

michaelnatale2008Author Commented:

We are trying to avoid having to create a new partition.  Basically we have a folder that is shared already (not encrypted).  It is part of an existing raid group (array is full, no room for expansion).  We want to use that same folder/share for workflow reasons, encrypt/audit it for compliance reasons, but leave the rest of the folders alone.  Can TrueCrypt do this?
Yes, with TrueCrypt you can make a file container, of any size. There is some for NTFS volumes, but yes, you can make a file container and put it somewhere where there is space, on any partition. What's important is that you are not sharing this file, you mount the contents on that file to a new, sort of, virtual drive, and on that drive you share folders and files.

It's a small package, you can try it without even installing, you just need the exe. Try and see if it works for you:

I use it daily to secure my source code, never had an issue with it. BUT I never tried sharing something in it...
michaelnatale2008Author Commented:
Thanks, I'll give it a shot and report back.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.