nanog mailing list archives
Re: Windows Encryption Software
From: Curtis Maurand <cmaurand () xyonet com>
Date: Fri, 10 Dec 2010 10:06:09 -0500
On 12/10/2010 9:33 AM, Michael Holstein wrote:
Good point, but I'm thinking in terms of failure of the machine that physically houses the files. You and I both know that you're not going to be able to replace server hardware with identical hardware and even if you do, the Windows SID will change. Restoring the system state is going to be a useless exercise. Therefore you will need the keys to decrypt/re-encrypt the files on a new device after you restore from backup. If the disk is lost or stolen, then hell no, I don't want the thief to be able to restore the data.After some research, I find that recovery of EFS (available for Win 2000/2003/XP/Vista/7) encrypted files in the case of disaster can be problematic. It has to do with keys, file ownerships, etc., etc., etc. Plan for disaster and know how to recover before you encrypt with EFS.This is an interesting point .. it depends on what the "disaster" is that you plan for. In many cases, the "disaster" is the seizure or loss of the device, it which case it's appropriate NOT to have any method of key recovery. In a corporate context, it's debatable if key escrow and multikey methods mitigate the risk or compound it.
All of this is moot if you're running in a virtual environment and you have good snapshots/backups of your VM.
--Curtis
Current thread:
- Re: Windows Encryption Software, (continued)
- Re: Windows Encryption Software John Menerick (Dec 09)
- RE: Windows Encryption Software Brandon Kim (Dec 09)
- Re: Windows Encryption Software Suresh Ramasubramanian (Dec 09)
- RE: Windows Encryption Software Brandon Kim (Dec 09)
- Re: Windows Encryption Software William Herrin (Dec 09)
- Re: Windows Encryption Software John Orthoefer (Dec 10)
- Re: Windows Encryption Software Ben Carleton (Dec 10)
- Re: Windows Encryption Software Jan-Philipp Warmers (Dec 10)
- Re: Windows Encryption Software Florian Weimer (Dec 10)
- Re: Windows Encryption Software Curtis Maurand (Dec 10)
- Re: Windows Encryption Software Michael Holstein (Dec 10)
- Re: Windows Encryption Software Curtis Maurand (Dec 10)
- Re: Windows Encryption Software Curtis Maurand (Dec 10)
- Re: Windows Encryption Software William Herrin (Dec 10)
- Re: Windows Encryption Software Chad Dailey (Dec 10)
- Re: Windows Encryption Software John Menerick (Dec 09)
- Re: Windows Encryption Software Nick Boyce (Dec 14)