Windows 2000 includes the ability to encrypt files and folders. This type of encryption involves the use of software keys to scramble and restore data. The different types of keys and how they work together are described later in this section. First, you have to determine if the benefits of encryption outweigh the possible consequences.
Because encryption is standard on every Windows 2000 computer, by default, almost anyone with a user account on the network can encrypt files and folders. If a user has encrypted files and folders and leaves the company or otherwise loses the recovery key, it can cause a lot of headaches. Most of the time, with some effort, the encrypted files can be fully recovered. This can become very time consuming if there is a large number of files in multiple locations or if many different encryption keys were used.
The Windows 2000 encryption and decryption process is transparent to the user. After a folder has been configured to encrypt its contents by checking a box in the folder’s advanced properties, the owner of the file can treat the file just like an unencrypted file. The decryption is performed automatically when the authorized user opens the file. The file is reencrypted when the user closes the file. Storing a file in a folder that’s set up to encrypt its contents is all that’s needed to take full advantage of the built-in Windows 2000 encryption system.
There are a few basic limitations of EFS that may convince you not to bother with EFS at all. If you choose not to use EFS, you have to explicitly disable its use. Otherwise, anyone who wants to can use EFS. These limitations include the following:
There is no multiple-user or group encryption. Encrypted files are associated with a particular user account.
Encryption and compression are mutually exclusive.
Encrypted data may be left in the paging file as clear text.
If an encrypted file is in a shared folder, any user with permissions to delete files from that folder can delete another user’s encrypted file.
There are a few terms you’ll have to be familiar with to understand how the Encrypted Filesystem actually works. Remember, a key is the piece of software that scrambles and unscrambles the data:
- File encryption key (FEK)
A key that is associated with a particular user account.
- Recovery agent key
The recovery agent key is also used to encrypt and decrypt files along with the FEK. If the FEK is unavailable, the recovery agent key can be used to decrypt the file.
- Data recovery field (DRF)
The section of an encrypted file that contains information regarding the FEK and recovery agent keys.
- Public key
The key that is used to encrypt files. It is stored within the files it has encrypted.
- Private key
The key that is used to restore encrypted files. It is kept private and is used to restore files that were encrypted with its matching public key.
- Key store
The location where private keys are stored.
- Protected storage service
Generates a master key that is used to encrypt a user’s private key.
- Master key
An EFS key that encrypts the user and recovery keys so that either key can recover the file.
- System key
An optional security measure that can be used to encrypt all the master keys generated by the protected storage service.
The Windows 2000 Encrypted Filesystem is designed to be to be as transparent to the user as possible. All you have to do to encrypt your files is right-click on their folder and change the properties to encrypt the contents of that folder. From then on, the owner of the files uses them normally and won’t even notice they’re encrypted.
A file is encrypted using a user’s public file encryption key (FEK). The FEK is stored inside the encrypted file in an area called the data decryption field (DDF) The user’s FEK is also encrypted with the recovery agent’s private key, and that copy of the FEK is stored within the encrypted file in the data recovery field (DRF). Every encrypted file has its own data decryption field and data recovery field.
The protected storage service encrypts the user’s private recovery key and the recovery agent’s private recovery key with a master key. For added security, all the master keys can be encrypted with the system key.
There are two types of keys public and private. Public keys are readily accessible, but private keys need to be kept in a more secure location. Users’ public keys are stored inside certificates. These certificates are stored in the Certificates folder of the My subdirectory. The My folder is buried quite a few folders down in the Documents and Settings folder.
Private keys are stored in encrypted form in the RSA folder. RSA refers to Rivest, Shamir, and Adleman, who developed cryptographic algorithms, which are used by many operating systems, including Windows 2000. The path to the RSA folder is similar to the public key path, but at the Microsoft folder, instead of going into the SystemCertificates folder, you go into the Crypto folder, inside of which is the RSA folder. If you want to find a master key, look in the Protect subfolder of the Microsoft folder using the same upstream path.
A default recovery policy is included with Windows 2000, but you can modify the policy using the Microsoft Management Console’s Group Policy snap-in. In addition to your normal data protection plan, which should include nightly backups and anti-virus software, you can maintain the security of your encrypted files by limiting access to computers that store the master and private keys.
As long as the recovery agent’s keys are kept safe, you should be able to recover any file on your network. If a recovery agent key is lost, be sure to reencrypt the file and obtain a valid recovery agent key for it as soon as possible, just in case the user’s private key also becomes unavailable.
There are a few options you might want to consider if the standard EFS setup doesn’t meet your needs. If you need more security, you can become your own certificate authority (CA) or establish a relationship with a trusted outside CA. The CA would then issue certificates instead of using the standard certificates generated by the EFS. You can also use the system key to encrypt all of your master keys and store them in a highly secure location.
The most important option for EFS is who is allowed to use it. Only use EFS when it is necessary and when it will improve security. Remember, there are performance and convenience costs to encrypting files. There is also a small risk that the file will be unrecoverable if all the relevant keys are lost.