[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


folder encryption / auditing

Posted on 2009-12-28
Medium Priority
Last Modified: 2013-12-06
We have a need (like everyone else in MA) to provide disk encryption and access auditing to be in compliance with 201 CMR by 3.1.2010.

Our needs are modest:

-We have servers w/direct attached storage serving up files/shares to the company.  We have a need to encrypt data in *some* of the folders, but not all.  Ideally this all should be fairly invisible to the authorized users who access the data stored in these folders/shares.

-We need to be able to then create an audit log of access for those encrypted folders that we archive weekly or monthly or whatever and store somewhere in case we need it or get audited.  Im guessing theres some 3rd party stuff we can install somewhere.

Im looking for suggestions here.  I've looked at TrueCrypt already but it seems like (from what I've read) there might be issues with trying to do folder level encryption and then sharing it across a network.
Question by:michaelnatale2008
  • 3
  • 2

Expert Comment

ID: 26134662
I think that if you use a Windows server as a file server you will be able to encrypt the drives, files and files as you wish from Properties>Advance  then encrypt them.
To make the shard folders invisible to unauthorised users Microsoft has added a new feature to Windows 2003 that is called Windows Server 2003 Access-based Enumeration  http://www.microsoft.com/downloads/details.aspx?FamilyId=04A563D9-78D9-4342-A485-B030AC442084&displaylang=en  
At last for auditing; you may use the event viewer to record the log events for any folder or drive you wish.

Author Comment

ID: 26134894
I should have said:

-servers could be Win2008

-Windows EFS was examined and discarded as an option (not by me) so I'm thinking of 3rd party encryption solultions.

As for auditing, I think we need an ongoing, hands off way of logging and archiving access (copies, opens, delete, etc) for authorized users that can get piped to a text file (or other logging facility) and get archived off automatically.

Not sure the Event Log would be the right fit there.
LVL 10

Accepted Solution

lucius_the earned 2000 total points
ID: 26147939
Why did you discard TrueCrypt ? You can make a container that is formatted in NTFS, that means sharing is not an issue (permissions, etc). Only you have to make sure the drive gets mounted on boot. I think this is doable wihout much problems with TrueCrypt. Especially if it's an encrypted partinion.

The other part - auditing and logging, that relies on the server and NTFS capabilities. These are possibly expandable, but not dependent on the encryption software. Have a look at this question about file access logging on EE:
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.


Author Comment

ID: 26148038

We are trying to avoid having to create a new partition.  Basically we have a folder that is shared already (not encrypted).  It is part of an existing raid group (array is full, no room for expansion).  We want to use that same folder/share for workflow reasons, encrypt/audit it for compliance reasons, but leave the rest of the folders alone.  Can TrueCrypt do this?
LVL 10

Expert Comment

ID: 26148156
Yes, with TrueCrypt you can make a file container, of any size. There is some for NTFS volumes, but yes, you can make a file container and put it somewhere where there is space, on any partition. What's important is that you are not sharing this file, you mount the contents on that file to a new, sort of, virtual drive, and on that drive you share folders and files.

It's a small package, you can try it without even installing, you just need the exe. Try and see if it works for you: http://www.truecrypt.org/.

I use it daily to secure my source code, never had an issue with it. BUT I never tried sharing something in it...

Author Comment

ID: 26148323
Thanks, I'll give it a shot and report back.

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses
Course of the Month20 days, 2 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question