RE: [BULK] - RE: Encrypting data on fileserver

["Ramsdell, Scott" <sramsdell () stinsonmoheck com>]

Yes, I was referring to EFS in combination with Cert Server 2003.  A
Windows Server 2003 file server will allow for shared encrypted
directories, and Cert Server 2003 will allow for key escrow.  Two cool
improvements over Windows 2000.

Thanks David, you're right, if the info needs to be encrypted on the
drive it should also be encrypted in transit.

Best Regards,
Scott Ramsdell 

-----Original Message-----
From: David Gillett [mailto:gillettdavid () fhda edu] 
Sent: Monday, May 15, 2006 2:47 PM
To: Ramsdell, Scott; 'Nick Vaernhoej'; security-basics () securityfocus com
Subject: [BULK] - RE: Encrypting data on fileserver

  Are you're referring to EFS?  That will encrypt the data while it's on
the drive(s), but not in transit -- you need to also require IPSEC to
get that coverage.  (Which you should do, in any case....)

David Gillett


> -----Original Message-----
> From: Ramsdell, Scott [mailto:sramsdell () stinsonmoheck com]
> Sent: Friday, May 12, 2006 11:15 AM
> To: Nick Vaernhoej; security-basics () securityfocus com
> Subject: RE: Encrypting data on fileserver
>
> Nick,
>
> If you're in an AD environment, you already have the capability to do 
> this.  Ideally, you'd run a Server 2003 installation as your cert 
> server so you could escrow keys.
>
> Check out Microsoft's recommendations on creating an internal PKI, 
> installing cert server, and key management best practices.
>
> Best Regards,
> Scott Ramsdell
>  
>
> -----Original Message-----
> From: Nick Vaernhoej [mailto:nick.vaernhoej () capitalcardservices com]
> Sent: Thursday, May 11, 2006 11:59 AM
> To: security-basics () securityfocus com
> Subject: Encrypting data on fileserver
>
> Hello
>
> My question is about encryption.
> Aside from encrypting emails with PGP a long time ago my experience is

> very limited on this field.
> I have been asked to find solutions for encrypting the shares of the 
> company fileserver and I am not even sure this is possible.
> Can I somehow encrypt the contents of a fileserver and then install a 
> client on the company workstations so that all this is invisible to 
> the end users?
>
> Thank you
> Nick Vaernhoej
>  
>  
> This communication is from a law firm and may contain confidential 
> and/or privileged information. If it has been sent to you in error, 
> please contact the sender for instructions concerning return or 
> destruction, and do not use or disclose the contents to others.
 
 
This communication is from a law firm and may contain confidential and/or privileged information. If it has been sent 
to you in error, please contact the sender for instructions concerning return or destruction, and do not use or 
disclose the contents to others.