Maybe I'm missing something about EFS, but it seems to me that it's not
really all that useful in preventing a data-loss-by-physical-theft
problem, if you have a clueful attacker who is really after the data.
For example:
1) Evil bad guy steals XP laptop with encrypted sensitive data on it, in
order to acquire the data.
2) Evil bad guy breaks the administrator password on the laptop, using
NTAccess or similar.
3a) Evil bad guy uses administrator credentials to recover the
encryption key and decrypt data, and goes off and sells the data to the
mafia.
OR
3b) Somewhat lazier evil bad guy uses administrator credentials to reset
the password on the account that owns the encrypted data, logs in with
the account of the data owner, and goes off and sells the data to the
mafia.
I'm not convinced that EFS would be a substantial barrier to information
disclosure in a situation like the recent laptop incident. Others may,
just possibly, disagree... :>
--alex
Ryan L. Means wrote:
> Steve,
>
> In my experience it works very well and has a negligible performance
> impact.
>
> However, users should only encrypt the folders containing the specific
> data that they would like to protect. I have seen many a system
> completely hosed by an attempt to EFS the entire system drive. On my
> laptop I have a special storage area that is encrypted where I point all
> of my applications to store their data.
>
> The second big thing to note is that unless you create and store a
> recovery key somewhere (a moderately complex process for the average
> user), a forgotten password means that the data will be irrevocably
> lost. I believe that by default under XP, the Administrator of the
> machine can perform recovery. On a domain environment, a recovery key
> can also be recreated through group policy. Of course, if we are talking
> about sensitive data stored on a laptop, irrevocable loss shouldn't be
> that big of a deal because the restricted data should also be on a
> secure server and it could just be copied back.
>
> Ryan
>
>
> On 3/30/2005 9:03 AM, Steven Longenbohn wrote:
>
>> An inquiry was put to me about the Windows XP Ecrypted File System (EFS).
>> I've not used this and am just now reading about it in a book.
>>
>> While this learning is going on, I wanted to post this inquiry to see
>> if any of you are using EFS, and if so, what is your experience with it?
>>
>> How much does it slow down doing the daily work, opening encrypted
>> files, re-encrypting them, etc.?
>> How easy is this to setup and maintain.
>> Will the "average user" be able to continue doing what they do, or do
>> they now have to work differently (you know, a new learing curve that
>> most folks either don't learn or live on your telephone for support)?
>>
>> Any input will be appreciated.
>> Thanks!
>>
>>
>> ********************************************************************************************
>>
>> * Steve "DrSteve" Longenbohn IS&T: Administrative
>> Systems Dept
>> *
>> * CalNet Deputy System Administrator
>> * CalAgenda Admin Departmental Security Overseer
>> * PC Doctor
>> *
>> * Office: 510-643-9777 Cell: 510-812-0256
>> * 2111 Bancroft Way, Room 409D (Banway Bldg)
>> ********************************************************************************************
>>
>>
>> -------------------------------------
>> Sent via the ucb-security mailing list.
>
>
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Wed Mar 30 10:30:20 2005
This archive was generated by hypermail 2.1.8 : Wed Mar 30 2005 - 10:30:21 PST