Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
programming4us
Windows 7

Advanced File Management : Encrypting Information (part 1) - Using the Encrypting File System

3/20/2011 9:47:40 PM
Windows 7 provides the following encryption tools for preventing the loss of confidential data:
  • Encrypting File System (EFS) encodes your files so that even if someone is able to obtain the files, he or she won't be able to read them. The files are readable only when you log on to the computer using your user account (which, presumably, you have protected with a strong password). In fact, even someone else logging on to your computer won't have access to your encrypted files, a feature that provides protection on systems that are shared by more than one user.

  • BitLocker Drive Encryption, introduced with Windows Vista, provides another layer of protection by encrypting entire hard-disk volumes. By linking this encryption to a key stored in a Trusted Platform Module (TPM) or USB flash drive, BitLocker reduces the risk of data being lost when a computer is stolen, or when a hard drive is stolen and placed in another computer. A thief's standard approach in these situations is to boot into an alternate operating system and then try to retrieve data from the stolen computer or drive. With BitLocker Drive Encryption, that type of offline attack is effectively neutered.

  • BitLocker To Go, new in Windows 7, extends BitLocker encryption to removable media, such as USB flash drives.

EFS is available on systems running Windows 7 Professional or Ultimate/Enterprise. Encrypting a drive using BitLocker or BitLocker To Go requires Ultimate/Enterprise edition. You can use a flash drive encrypted with BitLocker To Go in any edition of Windows 7.

1. Using the Encrypting File System

The Encrypting File System (EFS) provides a secure way to store your sensitive data. Windows creates a randomly generated file encryption key (FEK) and then transparently encrypts the data, using this FEK, as it is being written to disk. Windows then encrypts the FEK using your public key. (Windows creates a personal encryption certificate with a public/private key pair for you the first time you use EFS.) The FEK, and therefore the data it encrypts, can be decrypted only with your certificate and its associated private key, which are available only when you log on with your user name and password. (Designated data recovery agents can also decrypt your data.) Other users who attempt to use your encrypted files receive an "access denied" message. Even administrators and others who have permission to take ownership of files are unable to open your encrypted files. EFS, which uses Advanced Encryption Standard (AES) with a 256-bit key as its default encryption algorithm, provides extremely strong protection against attackers.

You can encrypt individual files, folders, or entire drives. (You cannot encrypt the boot volume—the one with the Windows operating system files—using EFS, however. For that, you must use BitLocker Drive Encryption.) We recommend that you encrypt folders or drives instead of individual files. When you encrypt a folder or drive, the existing files it contains are encrypted, and new files that you create in that folder or drive are also encrypted automatically. This includes temporary files that your applications create in the folder or drive. (For example, Microsoft Office Word creates a copy of a document when you open it for editing. If the document's folder isn't encrypted, the temporary copy isn't encrypted—giving prying eyes a potential opportunity to view your data.) For this reason, you should consider encrypting your %Temp% and %Tmp% folders, which many applications use to store temporary copies of documents that are open for editing, in addition to encrypting the folders where your sensitive documents are stored.

To encrypt a folder, follow these steps:

  1. In Windows Explorer, right-click the folder, choose Properties, click the General tab, and then click Advanced, which displays the dialog box shown next. (If the properties dialog box doesn't have an Advanced button, the folder is not on an NTFS-formatted volume and you can't use EFS.)



  2. Select Encrypt Contents To Secure Data. (Note that you can't encrypt compressed files. If the files are already compressed, Windows clears the Compressed attribute.

  3. Click OK twice. If the folder contains any files or subfolders, Windows then displays a confirmation message.




Note:

If you select Apply Changes To This Folder Only, Windows doesn't encrypt any of the files currently in the folder. Any new files that you create in the folder, however, including files that you copy or move to the folder, will be encrypted.


After a file or folder has been encrypted, Windows Explorer displays its name in green. This minor cosmetic detail is the only change you are likely to notice. Windows will decrypt your files on the fly as you use them and re-encrypt them when you save.


Warning:

Before you encrypt anything important, you should back up your file recovery certificate and your personal encryption certificate (with their associated private keys), as well as the data recovery agent certificate, to a USB flash drive (UFD). Store the UFD in a secure location. If you ever lose the certificate stored on your hard drive (because of a disk failure, for example), you can restore the backup copy and regain access to your files. If you lose all copies of your certificate (and no data recovery agent certificates exist), you won't be able to use your encrypted files. No back door exists, nor is there any practical way to hack these files. (If there were, it wouldn't be very good encryption.)


To encrypt one or more files, follow the same procedure as for folders. You'll see a different confirmation message to remind you that the file's folder is not encrypted and to give you an opportunity to encrypt it. You generally don't want to encrypt individual files, because the information you intend to protect can too easily become decrypted without your knowledge. For example, with some applications, when you open a document for editing, the application creates a copy of the original document. When you save the document after editing, the application saves the copy—which is not encrypted—and deletes the original, encrypted document. Static files that you use for reference only—but never for editing—can safely be encrypted without encrypting the parent folder. Even in that situation, however, you'll probably find it simpler to encrypt the whole folder.

Other -----------------
- Advanced File Management : Relocating Personal Data Folders
- Synchronizing Files Between Multiple Computers (part 6) - Staying in Sync with Windows Live Sync
- Synchronizing Files Between Multiple Computers (part 5) - Staying in Sync with Live Mesh
- Synchronizing Files Between Multiple Computers (part 4) - Managing Disk Space & Removing Offline Access to Files and Folders
- Synchronizing Files Between Multiple Computers (part 3) - Setting Up a Synchronization Schedule & Setting Caching Options on the Server
- Synchronizing Files Between Multiple Computers (part 2) - Working Offline & Understanding Synchronization and Resolving Sync Conflicts
- Synchronizing Files Between Multiple Computers (part 1) - Making Folders and Files Available Offline
- Advanced File Management : Recovering Lost, Damaged, and Deleted Files and Folders
- Organizing Files and Information : Managing File Properties and Metadata
- Organizing Files and Information : Arranging Data in Windows Explorer
 
 
Top 10 video Game
-   Minecraft Mods - MAD PACK #10 'NETHER DOOM!' with Vikkstar & Pete (Minecraft Mod - Mad Pack 2)
-   Minecraft Mods - MAD PACK #9 'KING SLIME!' with Vikkstar & Pete (Minecraft Mod - Mad Pack 2)
-   Minecraft Mods - MAD PACK #2 'LAVA LOBBERS!' with Vikkstar & Pete (Minecraft Mod - Mad Pack 2)
-   Minecraft Mods - MAD PACK #3 'OBSIDIAN LONGSWORD!' with Vikkstar & Pete (Minecraft Mod - Mad Pack 2)
-   Total War: Warhammer [PC] Demigryph Trailer
-   Minecraft | MINIONS MOVIE MOD! (Despicable Me, Minions Movie)
-   Minecraft | Crazy Craft 3.0 - Ep 3! "TITANS ATTACK"
-   Minecraft | Crazy Craft 3.0 - Ep 2! "THIEVING FROM THE CRAZIES"
-   Minecraft | MORPH HIDE AND SEEK - Minions Despicable Me Mod
-   Minecraft | Dream Craft - Star Wars Modded Survival Ep 92 "IS JOE DEAD?!"
-   Minecraft | Dream Craft - Star Wars Modded Survival Ep 93 "JEDI STRIKE BACK"
-   Minecraft | Dream Craft - Star Wars Modded Survival Ep 94 "TATOOINE PLANET DESTRUCTION"
-   Minecraft | Dream Craft - Star Wars Modded Survival Ep 95 "TATOOINE CAPTIVES"
-   Hitman [PS4/XOne/PC] Alpha Gameplay Trailer
-   Satellite Reign [PC] Release Date Trailer
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 windows Phone 7 windows Phone 8
programming4us programming4us
 
Popular keywords
HOW TO Swimlane in Visio Visio sort key Pen and Touch Creating groups in Windows Server Raid in Windows Server Exchange 2010 maintenance Exchange server mail enabled groups Debugging Tools Collaborating
programming4us programming4us
PS4 game trailer XBox One game trailer
WiiU game trailer 3ds game trailer
Trailer game
 
programming4us
Natural Miscarriage
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Game Trailer