RE: Hard drive encryption in windows

["Roger A. Grimes" <roger () banneretcs com>]

EFS works without AD and without a CA. Without those the EFS certs are
untrusted (not a problem with EFS or any use of EFS) and EFS certs are
given 100 year useful lifes. If Certificate Services is installed, it
will give EFS certs a 1 or 2 life.

As far as EFS is concerned, the most useful thing about having a CA is
the ability to automatically back up all EFS keys, without end-user
intervention.

EFS is great, but if you use EFS, back up your EFS private keys.  Don't
use it without doing that. 

-----Original Message-----
From: Webbrain [mailto:webbrain () hotpop com] 
Sent: Tuesday, September 27, 2005 7:16 PM
To: 'webbrain'; Roger A. Grimes; Steve.Cummings () barclayscapital com;
gregor.pifko () gmail com; security-basics () securityfocus com
Subject: RE: Hard drive encryption in windows

EFS works on AD (with CA) environment if I'm not wrong. What about
personal laptops or home desktop hard drive encryption?

Regards
WB




-----Original Message-----
From: Roger A. Grimes [mailto:roger () banneretcs com]
Sent: Monday, September 26, 2005 2:27 PM
To: Steve.Cummings () barclayscapital com; gregor.pifko () gmail com;
security-basics () securityfocus com
Subject: RE: Hard drive encryption in windows

EFS is an excellent solution, as long as you back up the user's EFS key
or use a Data Recovery Agent (or Key Recovery Agent).

Roger

************************************************************************
***
*Roger A. Grimes, Banneret Computer Security, Consultant *CPA, CISSP,
MCSE: Security (2000/2003/MVP), CEH, CHFI, TICSA
*email: roger () banneretcs com
*cell: 757-615-3355
*Author of Honeypots for Windows (Apress)
*http://www.apress.com/book/bookDisplay.html?bID=281
************************************************************************
****

 

-----Original Message-----
From: Steve.Cummings () barclayscapital com
[mailto:Steve.Cummings () barclayscapital com]
Sent: Monday, September 26, 2005 1:20 PM
To: gregor.pifko () gmail com; security-basics () securityfocus com
Subject: Re: Hard drive encryption in windows

Sorry to say this but couldn't have ms for this, try a product called
safe boot
 

-----Original Message-----
From: Gregor Pifko <gregor.pifko () gmail com>
To: security-basics () securityfocus com
<security-basics () securityfocus com>
Sent: Thu Sep 22 19:41:21 2005
Subject: Re: Hard drive encryption in windows

Windows have support for EFS(Encrypting File System). I haven`t worked
with it so I`ll just paste a link for more information:
http://en.wikipedia.org/wiki/EFS

Hope it helps.


On 9/22/05, Cesc Santasusana <cesc.santasusana () nl thalesgroup com>
wrote:
> Hi,
>
> I am looking for a solution to encrypt the hard drives which contain
confidential info. Ideally, this tool would be transparent and usable on
all the drives on the computer/laptop  (from c: to z:). Ideally it would
be easy to set up and manage, not a problem if the tool is not free. Any
experience on this? What algorithm(s) does it use?
> Another option would be to use external encrypted drives to store the
info. What are the options here?
> I am looking for some background information, to short-list all the
options.
> Thanks for the help!
>
> Cesc
>
>
>
> Unclassified



------------------------------------------------------------------------
For more information about Barclays Capital, please visit our web site
at http://www.barcap.com.


Internet communications are not secure and therefore the Barclays Group
does not accept legal responsibility for the contents of this message.
Although the Barclays Group operates anti-virus programmes, it does not
accept responsibility for any damage whatsoever that is caused by
viruses being passed.  Any views or opinions presented are solely those
of the author and do not necessarily represent those of the Barclays
Group.  Replies to this email may be monitored by the Barclays Group for
operational or business reasons.

------------------------------------------------------------------------