EFS limitation ?

[Guest]

A file can be encryped using EFS on Windows 2003 or XP.

But, then, the file is decrypted when it's move it to a diskett.

So, how does EFS provide security on a laptop?

====================================

I believe that there are tools that can reset the Windows password. This, it
seems to me, makes EFS useless for securing a stand-alone PC. If EFS can be
used to secure files on a stand-alone PC, what am I missing? How?

Thanks for your help with this question.

M.

 

[Bob I]

The files on a NTFS laptop can be secured with EFS also. What seems to
be puzzling you about that?

 

[Guest]

Yes. I encrypt a file on the NTFS file system of the laptop. Then, I move the
encrypted [green] file to a diskett in the A: drive of the laptop. The
problem is that the file on the diskett is no longer encrypted.

 

[Aarohi Johal]

Yes. I encrypt a file on the NTFS file system of the laptop. Then, I move the
encrypted [green] file to a diskett in the A: drive of the laptop. The
problem is that the file on the diskett is no longer encrypted.

True, and thats what makes it a part of the NTFS Encryption System. To
answer the question you asked earlier, EFS provides security in a laptop
when the files you copy/move are transferred across the NTFS platform,
not onto a floppy. The person who enabled EFS on the file has access to
it, and if he's the one copying it from the machine to the floppy,
where's the security breach?

You have other security mechanisms if you want to secure your media over
a removable diskette.

 

[Guest]

My question is "How can I secure the files on a stand-alone laptop [with
EFS], given the details outlined above?

Yes. I encrypt a file on the NTFS file system of the laptop. Then, I move the
encrypted [green] file to a diskett in the A: drive of the laptop. The
problem is that the file on the diskett is no longer encrypted.

The files on a NTFS laptop can be secured with EFS also. What seems to
be puzzling you about that?

 

[Guest]

You have other security mechanisms if you want to secure your media over

a removable diskette.

1. Could you give me an example?

2. But, returning to my original question, what if someone uses a tool to
reset the password and, as a result, has access to the encrypted file system

Yes. I encrypt a file on the NTFS file system of the laptop. Then, I move the
encrypted [green] file to a diskett in the A: drive of the laptop. The
problem is that the file on the diskett is no longer encrypted.

The files on a NTFS laptop can be secured with EFS also. What seems to
be puzzling you about that?

M wrote:


A file can be encryped using EFS on Windows 2003 or XP.

But, then, the file is decrypted when it's move it to a diskett.

So, how does EFS provide security on a laptop?

====================================

I believe that there are tools that can reset the Windows password. This, it
seems to me, makes EFS useless for securing a stand-alone PC. If EFS can be
used to secure files on a stand-alone PC, what am I missing? How?

Thanks for your help with this question.

M.

True, and thats what makes it a part of the NTFS Encryption System. To
answer the question you asked earlier, EFS provides security in a laptop
when the files you copy/move are transferred across the NTFS platform,
not onto a floppy. The person who enabled EFS on the file has access to
it, and if he's the one copying it from the machine to the floppy,
where's the security breach?

You have other security mechanisms if you want to secure your media over
a removable diskette.

 

[Bob I]

Hello! If I have your laptop, you've got a problem! ANYTIME someone has
PHYSICAL control of your computer you have lost security. Now IF you
have a BIOS password and A BOOT password and EFS on the laptop and NO
floppy normally installed you have a fighting chance that someone will
destroy the sensitive data before they can copy it. BUT NO guarantee.

You have other security mechanisms if you want to secure your media over
a removable diskette.

1. Could you give me an example?

2. But, returning to my original question, what if someone uses a tool to
reset the password and, as a result, has access to the encrypted file system

Yes. I encrypt a file on the NTFS file system of the laptop. Then, I move the
encrypted [green] file to a diskett in the A: drive of the laptop. The
problem is that the file on the diskett is no longer encrypted.



:


The files on a NTFS laptop can be secured with EFS also. What seems to
be puzzling you about that?

M wrote:


A file can be encryped using EFS on Windows 2003 or XP.

But, then, the file is decrypted when it's move it to a diskett.

So, how does EFS provide security on a laptop?

====================================

I believe that there are tools that can reset the Windows password. This, it
seems to me, makes EFS useless for securing a stand-alone PC. If EFS can be
used to secure files on a stand-alone PC, what am I missing? How?

Thanks for your help with this question.

M.

True, and thats what makes it a part of the NTFS Encryption System. To
answer the question you asked earlier, EFS provides security in a laptop
when the files you copy/move are transferred across the NTFS platform,
not onto a floppy. The person who enabled EFS on the file has access to
it, and if he's the one copying it from the machine to the floppy,
where's the security breach?

You have other security mechanisms if you want to secure your media over
a removable diskette.

 

[Guest]

efs can only be used to encrypt files on a NTFS files system. a floppy uses
a FAT file system. so, when someone (usually the creator of the file) copies
it to a floppy, it becomes decrypted. the best way to secure files on
removable media is to use a backup program (like NTbackup which comes with
Windows) that will maintain encryption. run the backup wizard and save to
the removable media. restore on the other machine.

but remember, the second machine (assuming you're moving it between 2
machines) must have the encryption certificate to be able to decrypt the file.

on laptops, you're not really in that much danger as long as you implemented
EFS correctly. on WinXP, when a user password is reset by any means other
than loging into the account, the user certificate is destroyed in the
process. no certificate = no decryption.

My question is "How can I secure the files on a stand-alone laptop [with
EFS], given the details outlined above?

Yes. I encrypt a file on the NTFS file system of the laptop. Then, I move the
encrypted [green] file to a diskett in the A: drive of the laptop. The
problem is that the file on the diskett is no longer encrypted.

The files on a NTFS laptop can be secured with EFS also. What seems to
be puzzling you about that?

M wrote:

A file can be encryped using EFS on Windows 2003 or XP.

But, then, the file is decrypted when it's move it to a diskett.

So, how does EFS provide security on a laptop?

====================================

I believe that there are tools that can reset the Windows password. This, it
seems to me, makes EFS useless for securing a stand-alone PC. If EFS can be
used to secure files on a stand-alone PC, what am I missing? How?

Thanks for your help with this question.

M.