Encrypting File System - offline?

[Brion Keagle]

Hi!
I have a user who has a specific security need for a particular project.
He needs to keep his data files for this project on a removable drive (USB
hard disk) and encrypt them. The trick is that he can ONLY work on the
documents while his computer is disconnected from the network. Will EFS
encryption work in this scenario? I'm just afraid that EFS won't work, or
will produce unpredictable results, if his XP machine cannot talk to our
2003 domain controllers while he is attempting to encrypt/decrypt files.
A companion question - is EFS the best way to go for this particular
need? This gentleman is the only user we have who needs to encrypt files.
I'm wondering if we should be purchasing a 3rd party encryption tool for him
instead, such as PGP or something.

Thanks!

 

[Harry Johnston]

I have a user who has a specific security need for a particular project.
He needs to keep his data files for this project on a removable drive (USB
hard disk) and encrypt them. The trick is that he can ONLY work on the
documents while his computer is disconnected from the network.

I don't know the answers to your questions, but can suggest that if the data is
this sensitive it should probably only be worked on using a separate standalone
computer which isn't *ever* attached to the network.

You might also consider using drive-level encryption for both the system and
data drives. There are various software and hardware vendors providing
drive-level encryption solutions, but I can't recommend any in particular as
I've never used them.

Harry.