Security Basics mailing list archives
Re: Protecting sensitive files on a Windows file server
From: "Gaddis, Jeremy L." <jeremy () linuxwiz net>
Date: Tue, 20 Jun 2006 23:09:05 -0400
paul.johnson8 () gmail com wrote:
We are looking for a secure way to store very sensitive files on our Windows servers. The data is shared. We will turn on full auditing, create hidden shares and a security group.
Don't stick with "just one" method. Just like you have layers of firewalls, IDS, etc., do the same thing here, depending on *how* sensitive these files are.
Assuming a standard Windows domain-based environment, obviously I'd suggest the use of EFS (properly secured, of course). This can be a pain in the ass for sharing of files, however, depending on how "technical" your users are or whether you can teach them they have to explicitly allow users access on an individual basis.
If EFS isn't sufficient to your needs, put another layer on top of it. TrueCrypt, PGP, etc. come to mind here.
Our concern with the Windows/Office encryption types is that it could be cracked - ie. someone could get hold of the file and run some kind of password recovery on the file and access the data.
Indeed it can. I didn't realize just how easy it was until a few weeks ago. It took all of five minutes to download an applet, enter credit card details, and download the "plain text" file. This was a document created with Microsoft Office Word 2003, by the way, and "secured" by standard password protection.
-j -- Jeremy L. Gaddis, GCWN, MCP http://www.linuxwiz.net/
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Protecting sensitive files on a Windows file server paul.johnson8 () gmail com (Jun 20)
- Message not available
- Re: Protecting sensitive files on a Windows file server paul.johnson8 () gmail com (Jun 21)
- RE: Protecting sensitive files on a Windows file server Roger A. Grimes (Jun 21)
- Re: Protecting sensitive files on a Windows file server paul.johnson8 () gmail com (Jun 21)
- Message not available
- Re: Protecting sensitive files on a Windows file server Gaddis, Jeremy L. (Jun 21)
- Re: Protecting sensitive files on a Windows file server paul.johnson8 () gmail com (Jun 22)
- Re: Protecting sensitive files on a Windows file server Gaddis, Jeremy L. (Jun 22)
- Re: Protecting sensitive files on a Windows file server paul.johnson8 () gmail com (Jun 23)
- Re: Protecting sensitive files on a Windows file server paul.johnson8 () gmail com (Jun 22)
- <Possible follow-ups>
- Re: Protecting sensitive files on a Windows file server simonis (Jun 21)
- Re: Protecting sensitive files on a Windows file server paul.johnson8 () gmail com (Jun 21)
- Re: Protecting sensitive files on a Windows file server RandyW (Jun 22)
- RE: Protecting sensitive files on a Windows file server Tyler, Grayling (Jun 22)
- RE: Protecting sensitive files on a Windows file server Roger A. Grimes (Jun 22)
- RE: Protecting sensitive files on a Windows file server David Gillett (Jun 23)
- RE: Protecting sensitive files on a Windows file server Roger A. Grimes (Jun 22)
- RE: Protecting sensitive files on a Windows file server Tyler, Grayling (Jun 22)