The level of pst-encryption you can choose for when creating the pst-file is
for storing the file in an encrypted format. This however doesn't mean that
the data is secured since you can open it with any version of Outlook
(Outlook is the decryptor). It is however secured from opening it in
Notepad. If you choose No Encryption although you would see a lot of
additional information (like headers, HTML tags etc...) you would see the
actual message in Plain Text as well. If you choose High Encryption the
level of encryption would be higher but not compressible so the pst-file
will be a lot bigger.
In the solution I gave you in the newsgroups NTFS permissions will take care
of unauthourized access. Since this can be breached for instance when you
place the harddisk in another system and/or log on as an administrator the
file itself still isn't protected. When you encrypt the file from winthin
Windows the decryptor is a certificate bound to that specific user. Without
this certificate there is absolutely no way the data in the pst-file can be
compromised.
To take it a step further; store the certificate on an external medium (like
a SmartCard) that has to be in the system before the user is able to log on.
This takes away the risk that the username and password gets compromised and
the encrypted data can be accessed as they would now have to steal both the
SmartCard, Laptop (or other machine), Username and password. Whenever this
happens I suggest you get a bodyguard as well ;-)
--
Robert Sparnaaij [MVP-Outlook]
www.howto-outlook.com
Tips of the month:
-Backup and Restore
-Create an Office XP CD slipstreamed with Service Pack 3
-----
Fennis said:
Hi thanks for reply.
However, the solution of setting encryption on NTFS
permissions will not help if the person who wants to read
the email is on a shared network who has access to the
pst file. Is this right? I.e. if the people we are
worried about are internal people.
Would you happen to know what type of encryption is used
in Outlook anyway, or where I could find this out?
Thanks
Fennis
-----Original Message-----
This is not a secure way to work with your pst-files.
A more secure way would be to work with NTFS permissions on folder level.
Additionally you can encrypt a file/folder by rightclicking it->
Properties-> Advanced...-> option Encrypt contents to secure data. Once
encrypted you can press the Details buttons to manage the certificate needed
to view the data. Now when the harddisk gets stolen there is no way to
retrieve the data as the certificate is not available.
You might want to take a look here for additional info about security
techniques;
http://www.microsoft.com/technet/security/topics/identity /default.mspx
--
Robert Sparnaaij [MVP-Outlook]
www.howto-outlook.com
Tips of the month:
-Backup and Restore
-Create an Office XP CD slipstreamed with Service Pack 3
-----
Hey,
I am currently doing a project on Email Recovery, and I
am looking in to methods to protect the PST file.
Obviously the two features which Outlook provide are
encryption and password protection.
In Outlook there are 3 options for PST encryption.
No Encryption
Compressible Encryption
High Encryption
With Compressible wencryption, it is still possible to
crack this encrytion with tools available.
I want to know what type of encrytion is being used in
the compressible encyption and the high encryption.
Do you know of any tool that is able to bypass the
encryption?
Thanks,
Fennis
.
