Security Basics mailing list archives
Re: dual password for file/folder encryption
From: "Kevin Tunison" <ktunison () gmail com>
Date: Tue, 16 Dec 2008 10:43:16 +0000
On Mon, Dec 15, 2008 at 3:23 PM, Tariq Khan <Tariq.Khan () tvu ac uk> wrote:
Hi all I am looking for encryption software. Here's the story (bear with me), we role out laptops and desktops for staff members and we would like by default to have a folder which is encrypted and anything dropped (saved) into that folder is automatically encrypted. Now, the idea is that we set the master password on the folder (which should filter down to the files), so when the users "put and pull" from the folder they are asked for a password which they can set them selves. You may be wondering "why", well in case of an employee leaving "under a cloud" or has not informed us of the password for their files and folders within the default encryption folder we can get to the folder and any files within it with our master password. Apart from the fact that a lot of our staff are forever forgetting their passwords. I have tried some software but they do not have the option for a master password which can override user set passwords. I hope all that made sense. I would really appreciate any help. Thank you Tariq Khan Information Security Analyst Corporate Systems Group Thames Valley University Learning and Information Services DISCLAIMER The information contained in this message may be CONFIDENTIAL and is intended for the addressee only. Any unauthorised use, dissemination of the information, or copying of this message is prohibited. If you are not the addressee, please notify the sender immediately by return e-mail and delete this message. Although this e-mail and any attachments are believed to be free of any virus, or other defect which might affect any computer or system into which they are received and opened, it is the responsibility of the recipient to ensure that they are virus free and no responsibility is accepted by Information Services department (ISD) of Thames Valley University (or any of its associated subsidiaries) for any loss or damage from receipt or use thereof. Please note that the opinion(s) expressed in this email are that of the sender, and does not necessarily represent that of Thames Valley University (or any of its associated subsidiaries).
This will really depend on the level of encryption and the Operating System environment in which you are operating. From the Microsoft perspective, the EFS (Encrypted Files System) can achieve this in an Active Directory environment. But beware here, because EFS has flaws which renders it useless in some environments (ie while the files are opened over a network, or sitting in the paging file). With Active Directory you would setup a recovery agent (by default this would be the built-in domain admin account) whom is able to recover files encrypted by domain users. This would not recover files encrypted by local machines, and it would require cached logins for mobile workers (which can be a security vulnerability also). Not many people serious about encryption/security rely on an EFS setup unless there is not budget. But, it is there, and it does provide some level of encryption. That said, have a look at Bestcrypt Corporate. This product should help you achieve your requirement. All the underlying functions with encryption at the moment rely on certificates/signatures. It is quite important to understand the fundamentals of how this setup works before purchasing in to a product. Try not to think of the data security in terms of passwords, but certificates that apply encryption. Warm Regards, KevinT MCSA
Current thread:
- dual password for file/folder encryption Tariq Khan (Dec 15)
- Re: dual password for file/folder encryption ArcSighter Elite (Dec 16)
- Re: dual password for file/folder encryption Ali, Saqib (Dec 16)
- Re: dual password for file/folder encryption Alexander Bondarenko (Dec 16)
- Re: dual password for file/folder encryption Michael Lorenzen (Dec 16)
- dual password for file/folder encryption kalgecin kalgecin (Dec 16)
- Re: dual password for file/folder encryption Rob Thompson (Dec 16)
- RE: dual password for file/folder encryption Pete.LeMay (Dec 16)
- Re: dual password for file/folder encryption Kevin Tunison (Dec 16)
- RE: dual password for file/folder encryption Prodigi Child (Dec 16)
- <Possible follow-ups>
- Re: dual password for file/folder encryption chmod1777 (Dec 16)
- RE: dual password for file/folder encryption Mason, Samuel (Dec 17)
- Re: dual password for file/folder encryption Andre Pawlowski (Dec 23)
- RE: dual password for file/folder encryption Mason, Samuel (Dec 17)