RE: Laptop Security - Microsoft EFS

From: Bryan Allerdice (bryan@professionalhacker.com)
Date: 09/03/02 

From: "Bryan Allerdice" <bryan@professionalhacker.com>
To: <security-basics@securityfocus.com>
Date: Tue, 3 Sep 2002 09:52:44 -0700

One potential weakness to watch out for concerns Recover Agents.

When you use EFS (Encrypting File System), you can assign Recovery Agents
who can also decrypt the respective persons info. This is useful in a work
environment where an employee is allowed to encrypt their files, but when
they get fired and their replacement needs to continue working on their
projects, that info needs to be decrypted.

If the private key for the recovery agent sits on the very computer you are
trying to protect, then you may as well not encrypt anything, because it's
that key which an attacker would love to get their hands on. Recovery Agent
private keys should be exported to removable media and kept separate (and
safely secured) away from the computer.

BRYAN ALLERDICE

> -----Original Message-----
> From: larrylou@hushmail.com [mailto:larrylou@hushmail.com]
> Sent: Friday, August 30, 2002 11:22 AM
> To: security-basics@securityfocus.com
> Subject: Laptop Security - Microsoft EFS
>
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi everyone,
> I am reseaching data protection for my company laptop user. I
> have tested Guardian PC, the encryption time is long and very
> pricy. Have anyone heard if there is a way to performa a mount
> attack to MS EFS?
>
> Thanks,
>
> LL
>
> -----BEGIN PGP SIGNATURE-----
> Version: Hush 2.1
> Note: This signature can be verified at https://www.hushtools.com
>
> wl0EARECAB0FAj1vt9QWHGxhcnJ5bG91QGh1c2htYWlsLmNvbQAKCRAh5X9HwBwRQvnL
> AKCfEY5VIyR5wCVCPZPHCA1HypQkGACfWcmcqRJRsizwHF+TiSS/wh31LUE=
> =d9pc
> -----END PGP SIGNATURE-----
>
>
>
>
> Get your free encrypted email at https://www.hushmail.com
>

Relevant Pages

  • Re: VS2005 website deployment problems with EFS
    ... It is not WIndows EFS, but it does encrypt. ... publish website or copy website deployment methods without manually ... If I manual decrypt the files then the manual copy the files it is quick as ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: Laptop Security - Microsoft EFS
    ... With EFS the keyare unique to the drive. ... EFS to encrypt system files. ... cleartext during a mount attack, but the easiest way for an attacker to gain ... who can also decrypt the respective persons info. ...
    (Security-Basics)
  • Re: Event ID 6032
    ... see who is the recovery agent by opening the properties of an encrypted file ... decrypt the files by reversing the process in which you encrypted them. ... to encrypt, you should just be able to un-click the box to decrypt. ... and import the recovery agent certificate from the server. ...
    (microsoft.public.windows.server.sbs)
  • Re: Info regd Hard Disk Encryption required.
    ... Another similar solution is to run a virtual machine and encrypt its entire ... EFS can handle that. ... > An alternative to EFS is the older PGP Disc. ... >> decrypt it while the system is booting. ...
    (microsoft.public.win2000.security)
  • Re: EFS and Biometrics? Other options?
    ... There is no password involved in EFS. ... specified recovery agent and available keys. ... To decrypt the file, the machine must be able to access either the user's ... the private key that corresponds to the public key that was used to encrypt ...
    (Focus-Microsoft)