Re: Protecting sensitive files on a Windows file server
- From: simonis@xxxxxxxxxx
- Date: 21 Jun 2006 13:45:39 -0000
I suppose the best answer to this question lies in what threat you are trying to mitigate. By restricting access to the share properly, you go a long way to protect sensitive data from the remainder of the user community. If you want to protect from the administrator of the fileserver, a wise goal, or have a technical adversary who you think may intercept on the wire, then encryption is a good solution.
I wouldn't think about EFS. I'm not aware of how it handles encrypting for multiple users, if it does at all. Winzip, using AES, isn't bad, but you run the risk of the shared secret being commonly reused from archive to archive and/or being written down.
Two factor login with RSA is just a stronger access control, which speaks to a different problem. Admins still need to have broad access, regardless of how they authenticate.
Have you looked at PGP NetShare? It is new, so you might not have seen it, but it seems to be exactly what you'd need.
-Ds
- Prev by Date: RE: Desktops - is disabling TCP/445 or TCP/139 more secure?
- Next by Date: Digital / Interactive TV Security
- Previous by thread: Re: Protecting sensitive files on a Windows file server
- Next by thread: Re: Protecting sensitive files on a Windows file server
- Index(es):
