Re: Protecting sensitive files on a Windows file server



We already have a RSA infrastructure in place (used to authenticate
our VPN). Are their any RSA authentication solutions which works at
folders/file level.

The cost to build a seperate server is prohibited at the moment.
There is a RSA Windows Agent avaliable but it only works to
authenticate Windows OS logons and not at the folder/file level.

On 21/06/06, Tyler, Grayling <ggtyler@xxxxxxxxxxxx> wrote:
The most secure is going to be the two factor from RSA but it is also
the most cumbersome to work with for the end users. Depends on just how
sensitive the files are.

All communication regarding everyday IT support needs such as IT
problems / incidents should be directed to the ITCRC team at x2848
instead of contacting the various associates directly within the IT
department.
By logging all problems / incidents with the ITCRC team, this will
provide us more visibility into the various types of calls we are
receiving, trending of these calls, numbers of calls, etc. The ITCRC
team will bring more attention to your issues and allow prompt
resolution to your calls.

-----Original Message-----
From: paul.johnson8@xxxxxxxxx [mailto:paul.johnson8@xxxxxxxxx]
Sent: Monday, June 19, 2006 7:39 PM
To: security basics
Subject: Protecting sensitive files on a Windows file server

We are looking for a secure way to store very sensitive files on our
Windows servers. The data is shared. We will turn on full auditing,
create hidden shares and a security group.

Which type of protection would be most suitable:

Office 2003 encryption
Windows EFS
Winzip 9.x encrypted archives
RSA SecurID Windows Agent (2 factor authentication)
PGP Desktop Pro

Our concern with the Windows/Office encryption types is that it could
be cracked - ie. someone could get hold of the file and run some kind
of password recovery on the file and access the data.

Any ideas on how to approach this would be much appreciated.
**************************************************************************
This electronic message may contain confidential or privileged information
and is intended for the individual or entity named above. If you are
not the intended recipient, be aware that any disclosure, copying,
distribution or use of the contents of this information is prohibited.
If you have received this electronic transmission in error, please notify
the sender immediately by using the e-mail address or by telephone
(704-633-8250).
**************************************************************************