mailing list archives
RE: Protect folder data.
From: "Beon Smal" <Beon.Smal () saoutsourcing com>
Date: Fri, 22 Nov 2002 07:23:39 +0200
NTFS provides a way to recover encrypted data, and this would not be a
solution to the issue. I'll suggest a third party encryption util.
"I need to make sure a person like our lan admin or desk top support
person can not figure out a way to get to the data."
If the owner's private key is unavailable, a person designated as the
recovery agent can open the file using his or her own private key, which
is applied to the DRF to unlock the list of file-encryption keys. If the
recovery agent is on another computer in the network, send the file to
the recovery agent. The recovery agent can bring his or her private key
to the owner's computer, but it is never a good security practice to
copy a private key onto another computer.
*After you encrypt the folder, when you save a file in that folder, the
file is encrypted by using file encryption keys, which are fast
symmetric keys designed for bulk encryption. The file is encrypted in
blocks, with a different file encryption key for each block. All of the
file encryption keys are stored and encrypted in the Data Decryption
Field (DDF) and the Data Recovery Field (DRF) in the file header
The default recovery agent is the administrator of the local computer
unless the computer is part of a domain. In a domain, the domain
administrator is the default recovery agent.
From: Sephiroth [mailto:sephiroth88 () inwind it]
Sent: Thursday, November 21, 2002 2:40 AM
To: Tony; SECURITY-BASICS () SECURITYFOCUS COM
Subject: Re: Protect folder data.
In data 19/11/2002 0.59, Tony - CIA;CISA;CDP;CPA;MBA ha scritto a
SECURITY-BASICS () SECURITYFOCUS COM il seguente messaggio:
I have some highly confidential data that I frequently access on in a
that is on my desktop computer (ie win2k). I want to make sure no one
me will able to see this data. Does anyone know of any
that will 1) en-crypt the data in the folder and/or 2) require a
to open up the folder? I need to make sure a person like our lan admin
desk top support person can not figure out a way to get to the data.
Win2k and XP with NTFS are able to encrypt files on your disk. Just
right click on your object and select Properties\Advanced. It's not
possible to see data without logging in with your account.
Linux Registered User:181013
Combatti lo Spam! Partecipa a EuroCAUCE: http://www.euro.cauce.org
- Re: Protect folder data., (continued)