Re: Protecting sensitive files on a Windows file server

[simonis () myself com]

I suppose the best answer to this question lies in what threat you are trying to mitigate.  By restricting access to 
the share properly, you go a long way to protect sensitive data from the remainder of the user community.  If you want 
to protect from the administrator of the fileserver, a wise goal, or have a technical adversary who you think may 
intercept on the wire, then encryption is a good solution.

I wouldn't think about EFS.  I'm not aware of how it handles encrypting for multiple users, if it does at all.  Winzip, 
using AES, isn't bad, but you run the risk of the shared secret being commonly reused from archive to archive and/or 
being written down.  

Two factor login with RSA is just a stronger access control, which speaks to a different problem.  Admins still need to 
have broad access, regardless of how they authenticate.  


Have you looked at PGP NetShare?  It is new, so you might not have seen it, but it seems to be exactly what you'd need. 
 

-Ds