Security Basics mailing list archives
RE: Protecting sensitive files on a Windows file server
From: "Tyler, Grayling" <ggtyler () foodlion com>
Date: Wed, 21 Jun 2006 14:52:29 -0400
Note: while there is indeed an RSA w/token based authentication product, they also have a file encryption piece. Unless you're driven by some mandate (SOX, PCI, HIPPA etc) to encrypt, then lock down the access and monitor for changes to the configuration and to the files. All communication regarding everyday IT support needs such as IT problems / incidents should be directed to the ITCRC team at x2848 instead of contacting the various associates directly within the IT department. By logging all problems / incidents with the ITCRC team, this will provide us more visibility into the various types of calls we are receiving, trending of these calls, numbers of calls, etc. The ITCRC team will bring more attention to your issues and allow prompt resolution to your calls. -----Original Message----- From: simonis () myself com [mailto:simonis () myself com] Sent: Wednesday, June 21, 2006 9:46 AM To: security-basics () securityfocus com Subject: Re: Protecting sensitive files on a Windows file server I suppose the best answer to this question lies in what threat you are trying to mitigate. By restricting access to the share properly, you go a long way to protect sensitive data from the remainder of the user community. If you want to protect from the administrator of the fileserver, a wise goal, or have a technical adversary who you think may intercept on the wire, then encryption is a good solution. I wouldn't think about EFS. I'm not aware of how it handles encrypting for multiple users, if it does at all. Winzip, using AES, isn't bad, but you run the risk of the shared secret being commonly reused from archive to archive and/or being written down. Two factor login with RSA is just a stronger access control, which speaks to a different problem. Admins still need to have broad access, regardless of how they authenticate. Have you looked at PGP NetShare? It is new, so you might not have seen it, but it seems to be exactly what you'd need. -Ds ************************************************************************** This electronic message may contain confidential or privileged information and is intended for the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic transmission in error, please notify the sender immediately by using the e-mail address or by telephone (704-633-8250). ************************************************************************** --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: Protecting sensitive files on a Windows file server, (continued)
- Re: Protecting sensitive files on a Windows file server Gaddis, Jeremy L. (Jun 21)
- Re: Protecting sensitive files on a Windows file server paul.johnson8 () gmail com (Jun 22)
- Re: Protecting sensitive files on a Windows file server Gaddis, Jeremy L. (Jun 22)
- Re: Protecting sensitive files on a Windows file server paul.johnson8 () gmail com (Jun 23)
- Re: Protecting sensitive files on a Windows file server paul.johnson8 () gmail com (Jun 22)
- Re: Protecting sensitive files on a Windows file server Gaddis, Jeremy L. (Jun 21)
- Re: Protecting sensitive files on a Windows file server simonis (Jun 21)
- Re: Protecting sensitive files on a Windows file server paul.johnson8 () gmail com (Jun 21)
- Re: Protecting sensitive files on a Windows file server RandyW (Jun 22)
- RE: Protecting sensitive files on a Windows file server Tyler, Grayling (Jun 22)
- RE: Protecting sensitive files on a Windows file server Roger A. Grimes (Jun 22)
- RE: Protecting sensitive files on a Windows file server David Gillett (Jun 23)
- RE: Protecting sensitive files on a Windows file server Roger A. Grimes (Jun 22)
- RE: Protecting sensitive files on a Windows file server Tyler, Grayling (Jun 22)
- RE: Protecting sensitive files on a Windows file server Tyler, Grayling (Jun 22)
- RE: Protecting sensitive files on a Windows file server Roger A. Grimes (Jun 22)
- RE: Protecting sensitive files on a Windows file server Beauford, Jason (Jun 23)