The Internet is the greatest research tool ever invented. With it, you can learn almost anything—the symptoms of obscure diseases and their treatments, the names and birthdates of your distant ancestors, the favorite restaurants of your favorite restaurant critics—you name it. While you're out roaming and combing, however, keep in mind that parties on the other side of your screen are also busy conducting research. The object of their study is you. Unless you take certain precautions, putting the world at your fingertips can also mean having the world in your face.
In this chapter, we survey the major privacy hazards attendant on your computer use, at home and at work. We show you how to configure the privacy features in Microsoft Windows and Microsoft Internet Explorer and where to find alternatives that offer additional protection. Finally, we outline strategies for protecting what's yours to protect and for avoiding embarrassment in circumstances where your privacy is, to some extent, already compromised.
Security Checklist: Protecting Your Privacy
--------------------------------------------------------------------------------
Here's a quick checklist of practices you might want to adopt to help keep the "researchers" at bay:
Make sure that any Internet site requesting a credit card number, your Social Security number, or your driver's license number is using a secure protocol such as Secure Sockets Layer (SSL) or Secure Electronic Transaction (SET).
Be suspicious of anyone requesting personal identification numbers via e-mail. If you must send such information via e-mail, use S/MIME (Secure/Multipurpose Internet Mail Extensions) or PGP (Pretty Good Privacy) encryption.
On any computer that's not under your exclusive control, do not use Internet Explorer's AutoComplete feature for forms or passwords. Decline offers from all Web sites to remember your logon credentials.
Teach your children how to surf the Web safely. In particular, be sure they understand that they should never reveal their real names or addresses on chat sites and never arrange face-to-face meetings with Internet contacts.
If you're using Internet Explorer 5, upgrade to version 6 for its superior cookie management.
Establish a cookie policy that gives you an acceptable balance of convenience and privacy. As one possibility, you might block all third-party cookies, accept all session cookies, and accept or block persistent first-party cookies on a case-by-case basis, adding the names of trusted sites to your browser's per-site list so that you don't continue to receive prompts for their cookies. (This approach is only one of many possibilities. Take the time to learn about the different types of cookies, as explained in "A Cookie Taxonomy," and about your browser's cookie-filtering options; then find the configuration that works for you.)
Don't give away information that isn't requested. On Internet forms, fill out required fields only.
Clear the Allow Sites To Uniquely Identify Your Player option in Windows Media Player.
Acquire and use a spyware detector, such as Lavasoft's free Ad-aware program.
Assume that your computer activities at work, both online and offline, are being monitored. Don't use your employer's computer for personal business without your employer's awareness and consent.
Saturday, December 8, 2007
Network Security 101
Securing a stand-alone computer is challenging enough, but when you begin connecting computers in a network, the security risks increase dramatically. Setting up a secure network requires that you strike a delicate balance between providing authorized users with easy access to shared resources and locking out those who have no business poking around in your files.
In this chapter, we discuss procedures for setting up and securing a local area network (LAN) over which you have administrative rights. Our focus is on computers that are part of a small group, whether in your home, in a small office, or in a department within a larger enterprise. In this scenario, users often have a need to share some resources freely and a corresponding need to protect personal and confidential information from other users on the same network. (On large networks, you're more likely to be part of a Microsoft Windows domain, with dedicated servers and a staff of support professionals whose sole job is keeping the network running smoothly.)
After your LAN is up and running, you can choose one of several ways to configure the network so that all computers can access the Internet, making it a wide area network (WAN). Although we briefly touch on issues related to the LAN-to-WAN connection in this chapter, a full discussion of the subject is in Chapter 15, "Sharing an Internet Connection."
Security Checklist
--------------------------------------------------------------------------------
Don't let your network fall prey to outside attackers. Follow these steps to secure your borders.
On a computer running Windows XP, use the Network Setup Wizard to configure your network properly. This wizard sets permissions, enables file sharing, configures the Guest account, and turns on the Internet Connection Firewall, if needed.
If you share an Internet connection through a hub or switch (not a recommended configuration) disable sharing on TCP/IP and install IPX/SPX instead.
Disable file sharing on your Internet connection.
On a computer running Windows XP Professional, consider disabling Simple File Sharing for extra security.
Don't share the root folder of any drive unless that drive contains only nonsensitive data files.
On systems that contain extremely sensitive data, consider disabling all administrative shares.
In this chapter, we discuss procedures for setting up and securing a local area network (LAN) over which you have administrative rights. Our focus is on computers that are part of a small group, whether in your home, in a small office, or in a department within a larger enterprise. In this scenario, users often have a need to share some resources freely and a corresponding need to protect personal and confidential information from other users on the same network. (On large networks, you're more likely to be part of a Microsoft Windows domain, with dedicated servers and a staff of support professionals whose sole job is keeping the network running smoothly.)
After your LAN is up and running, you can choose one of several ways to configure the network so that all computers can access the Internet, making it a wide area network (WAN). Although we briefly touch on issues related to the LAN-to-WAN connection in this chapter, a full discussion of the subject is in Chapter 15, "Sharing an Internet Connection."
Security Checklist
--------------------------------------------------------------------------------
Don't let your network fall prey to outside attackers. Follow these steps to secure your borders.
On a computer running Windows XP, use the Network Setup Wizard to configure your network properly. This wizard sets permissions, enables file sharing, configures the Guest account, and turns on the Internet Connection Firewall, if needed.
If you share an Internet connection through a hub or switch (not a recommended configuration) disable sharing on TCP/IP and install IPX/SPX instead.
Disable file sharing on your Internet connection.
On a computer running Windows XP Professional, consider disabling Simple File Sharing for extra security.
Don't share the root folder of any drive unless that drive contains only nonsensitive data files.
On systems that contain extremely sensitive data, consider disabling all administrative shares.
Sharing an Internet Connection
Protecting a local area network in a home or small office is relatively easy. You can sit down in front of each computer to check its security settings, and you can stroll down the hallway and see exactly who's using each computer on the network. But all that changes as soon as you connect your network to the Internet.
Unless you carefully consider security when configuring your Internet connection, you could end up inadvertently extending the borders of your local area network far beyond those you intended. In a worst-case scenario, where your Internet connection is inadequately protected and you haven't installed the latest security patches for Microsoft Windows, a stranger from halfway around the world could join your network, which would then no longer seem nearly so local. Given enough time and motivation, an attacker from the outside could poke around in confidential data, sabotage files, or hijack your connection and use it as a launching pad for attacks on other Internet hosts.
As we explain in this chapter, you can choose from a wide range of options for connecting your local network to the Internet. Cost and complexity are the two considerations that most people focus on first, but we believe security should be at the top of your list.
Security Checklist
--------------------------------------------------------------------------------
Here's a list of steps you should be sure to take in securing your network's Internet connection.
Add a router or residential gateway to your network, or use Internet Connection Sharing. Either solution uses Network Address Translation (NAT) to hide your local computers from the outside world and thereby increase your network's security.
Disable file and printer sharing on your Internet connection.
Add a personal firewall to protect your Internet connection from outside attacks. If you have Windows XP, the Network Setup Wizard performs this task automatically.
If you have a router that doesn't support Universal Plug and Play (UPnP), look for a UPnP-compatible firmware upgrade or consider replacing the hardware.
Set a strong password on your router.
Disable access to Web-based administrative tools from the Internet.
Unless you carefully consider security when configuring your Internet connection, you could end up inadvertently extending the borders of your local area network far beyond those you intended. In a worst-case scenario, where your Internet connection is inadequately protected and you haven't installed the latest security patches for Microsoft Windows, a stranger from halfway around the world could join your network, which would then no longer seem nearly so local. Given enough time and motivation, an attacker from the outside could poke around in confidential data, sabotage files, or hijack your connection and use it as a launching pad for attacks on other Internet hosts.
As we explain in this chapter, you can choose from a wide range of options for connecting your local network to the Internet. Cost and complexity are the two considerations that most people focus on first, but we believe security should be at the top of your list.
Security Checklist
--------------------------------------------------------------------------------
Here's a list of steps you should be sure to take in securing your network's Internet connection.
Add a router or residential gateway to your network, or use Internet Connection Sharing. Either solution uses Network Address Translation (NAT) to hide your local computers from the outside world and thereby increase your network's security.
Disable file and printer sharing on your Internet connection.
Add a personal firewall to protect your Internet connection from outside attacks. If you have Windows XP, the Network Setup Wizard performs this task automatically.
If you have a router that doesn't support Universal Plug and Play (UPnP), look for a UPnP-compatible firmware upgrade or consider replacing the hardware.
Set a strong password on your router.
Disable access to Web-based administrative tools from the Internet.
Wireless Networking and Remote Access
Wireless Networking and Remote Access
Wireless networks were once an expensive, esoteric choice, used only in specialized business applications where their benefits outweighed their tremendous cost and complexity. In recent years, however, the price of wireless networking hardware has plummeted to very affordable levels. Setting up a wireless network no longer takes an advanced engineering degree, either—if you use Windows XP, wireless adapters literally configure themselves, and the task of setting up a cable-free network usually takes only a few minutes.
The benefits of wireless networking are practically irresistible. Using a lightweight notebook computer equipped with an inexpensive wireless LAN adapter, you can browse the Web and access shared files and printers from anywhere within radio range of your wireless access point. At home, you can use your computer on the couch, on the back porch, or while lying in bed. In the office, you can bring your computer to a conference room and still have access to information on your company's intranet or on the Web, and you can e-mail the minutes of the meeting the minute it's over.
Unfortunately, all that convenience comes at the expense of serious security trade-offs. If you can connect to your network from a distance, so can anyone with a computer, a wireless adapter, and a little determination. Although you can implement some simple security measures, the most popular wireless standard includes some gaping security holes that demand your attention.
In this chapter, we explain what you should and shouldn't do with a wireless connection. We also explain how to allow remote access to your Windows network without compromising security. As it turns out, the most secure form of remote access—the virtual private network, or VPN—makes an excellent addition to wireless networks as well!
Security Checklist
--------------------------------------------------------------------------------
If you have a wireless network, follow these steps to safeguard your shared resources.
Configure your wireless access point with a strong password.
Consider disabling remote administration of the access point; if you need to change settings, you can do so directly, using the Ethernet connection or a cable.
Upgrade the firmware of your wireless hardware to the most recent versions, which may incorporate security fixes.
Change the network name (SSID) of your access point to one that doesn't match the hardware defaults and doesn't give away any information about you or your business.
Use MAC access control, if it's available.
Turn on Wired Equivalent Privacy (WEP) and set strong keys.
Change your WEP keys at least monthly and preferably weekly.
Scan your wireless network to determine whether you are vulnerable to attack from widely used hacking tools.
Consider using virtual private networks for wireless connections.
Wireless networks were once an expensive, esoteric choice, used only in specialized business applications where their benefits outweighed their tremendous cost and complexity. In recent years, however, the price of wireless networking hardware has plummeted to very affordable levels. Setting up a wireless network no longer takes an advanced engineering degree, either—if you use Windows XP, wireless adapters literally configure themselves, and the task of setting up a cable-free network usually takes only a few minutes.
The benefits of wireless networking are practically irresistible. Using a lightweight notebook computer equipped with an inexpensive wireless LAN adapter, you can browse the Web and access shared files and printers from anywhere within radio range of your wireless access point. At home, you can use your computer on the couch, on the back porch, or while lying in bed. In the office, you can bring your computer to a conference room and still have access to information on your company's intranet or on the Web, and you can e-mail the minutes of the meeting the minute it's over.
Unfortunately, all that convenience comes at the expense of serious security trade-offs. If you can connect to your network from a distance, so can anyone with a computer, a wireless adapter, and a little determination. Although you can implement some simple security measures, the most popular wireless standard includes some gaping security holes that demand your attention.
In this chapter, we explain what you should and shouldn't do with a wireless connection. We also explain how to allow remote access to your Windows network without compromising security. As it turns out, the most secure form of remote access—the virtual private network, or VPN—makes an excellent addition to wireless networks as well!
Security Checklist
--------------------------------------------------------------------------------
If you have a wireless network, follow these steps to safeguard your shared resources.
Configure your wireless access point with a strong password.
Consider disabling remote administration of the access point; if you need to change settings, you can do so directly, using the Ethernet connection or a cable.
Upgrade the firmware of your wireless hardware to the most recent versions, which may incorporate security fixes.
Change the network name (SSID) of your access point to one that doesn't match the hardware defaults and doesn't give away any information about you or your business.
Use MAC access control, if it's available.
Turn on Wired Equivalent Privacy (WEP) and set strong keys.
Change your WEP keys at least monthly and preferably weekly.
Scan your wireless network to determine whether you are vulnerable to attack from widely used hacking tools.
Consider using virtual private networks for wireless connections.
Extreme Security
Securing Ports and Protocols
Controlling network access is an important part of system security, and on a network such as the Internet, based on Transmission Control Protocol/Internet Protocol (TCP/IP), that means controlling access to ports. By monitoring and limiting the types of connections that applications and computers make to your system, you can greatly reduce the chances that the system will be compromised.
In this chapter, we first explain how ports and protocols work. We then show you how to determine which ports are being used and, more important, which programs are using them. Armed with that information, you can restrict access to ports other than the ones legitimately used by your programs, as we explain in the next section.
The rest of the chapter covers the topic of services, specialized programs that perform functions to support other programs and services. Many services control, to one degree or another, the use of ports. For this reason—and because services typically run in the context of a privileged user account such as System or Local Service—understanding and managing services are important steps in securing your computer and your network. The final sections of the chapter provide more details about a particular collection of services—Internet Information Services, or IIS—that allow other users to connect to your computer over the Internet. Naturally, you'll want to take extra care in configuring these services.
Security Checklist: Ports, Protocols, and Services
--------------------------------------------------------------------------------
See which ports are open for incoming connections.
Determine which services and applications are using the open ports.
Use TCP/IP filtering to block access to ports other than ones you explicitly need open.
Disable unneeded services.
If you use Internet Information Services (IIS) as a server for Web, FTP, or SMTP access, disable the services you don't need.
Unless you're using IIS for public Internet access, disable anonymous access.
Run the IIS Lockdown tool.
Encrypting Files and Folders
Throughout this book, we explain various methods for keeping snoops away from your data: password-protected user -accounts, restrictive NTFS permissions, prudent network sharing, firewalls, and so on. But what if, despite your best efforts, your files fall into the wrong hands? This is certainly a risk if you travel with a portable computer—a popular target for thieves. But even offices and homes in low-crime neighborhoods are sometimes burglarized, putting your desktop computers at risk. A stealthier thief—perhaps a coworker or someone who manages to penetrate your computer's defenses through the Internet—can also make off with your files.
Nearly every computer, whether it's in a business or a home, contains some sensitive data that must never be available outside your most trusted circle (or, in some cases, to anyone else at all). In addition to financial data—such as your accounting records or personal finance files—your computer might be the repository for marketing plans, trade secrets, medical history, diaries, address books, and similar information. If someone can obtain a file by downloading it from your computer or by borrowing (or stealing) your portable computer, they know your secrets.
In this chapter, we discuss the Encrypting File System (EFS), a feature of Microsoft Windows XP Professional and Windows 2000 that can prevent the loss of such confidential data. EFS encodes your files so that even if thieves are able to obtain a file, they can't read it. The files are readable only when you log on to the computer with your user account (which, presumably, you have protected with a strong password). In fact, even someone else logging on to your computer won't have access to your encrypted files, which provides protection on systems that are shared by more than one user.
If you use Windows 2000, install Service Pack 2 or the High Encryption Pack to enable 128-bit encryption.
Encrypt a file or folder to create a personal encryption certificate.
Export the personal encryption certificate for each account.
If you use Windows XP, be sure you have a Password Reset Disk. Also consider creating and designating a data recovery agent.
Export and protect the private keys for recovery accounts, and then remove them from the computer. This prevents someone from accessing your files using the data recovery agent account.
Encrypt the My Documents folder and any other local folder you use for storing documents.
Always encrypt folders, not files. When a folder is encrypted, all files created in that folder are encrypted. (Many programs save a new copy of the document you are editing. This copy will be encrypted if you encrypt the folder, but it will be not be encrypted if you encrypt only the original file.)
Don't destroy file recovery certificates and private keys when you change data recovery agent policies. Keep them until you are sure that all the files they protect have been updated.
Configure a policy so that the page file is cleared when you shut down your computer. Otherwise, data from files that were decrypted during a working session might remain in the page file, which a thief could peruse. (For details, see Exploring Security Options).
Disable hibernation (a power-saving option you configure in Control Panel, Power Options). If your system goes into hibernation while encrypted files are open (and therefore decrypted), the data is accessible to a thief who views the Hiberfil.sys file.
Using the Encrypting File System
The Encrypting File System allows you to encrypt files on an NTFS volume so that only you can use them. This offers a level of protection beyond that provided by NTFS permissions, which you can use to restrict access to your files by others who log on to your computer. NTFS permissions are vulnerable for a couple of reasons. First, all users with administrative privileges can grant themselves (or others) permission to access your files. What's worse, anyone who gains physical access to your computer can boot from a floppy disk (or from another operating system, if your computer is set up for dual booting) and use a utility such as NTFSDOS (available from Sysinternals, http://www.sysinternals.com) to read the files on your hard disk—without having to provide a user name or password. Portable computers, which are more easily stolen, are especially vulnerable to this type of information loss.
TIP
--------------------------------------------------------------------------------
Require a startup password on portable computers
On most computers, you can use BIOS settings to construct another obstacle for anyone who steals your computer. Set your BIOS so that a password is required to start the computer or to enter the BIOS setup program, and set the boot options so that the computer can't be booted from a floppy disk or CD. Unfortunately, this type of protection can also be circumvented. For example, removing the hard disk and installing it in another computer makes its files available to someone with the proper tools.
A much more effective method is to remove the Syskey startup key from the computer. To start the computer, you'll then need to enter a password (or insert a floppy disk that contains the startup key, depending on how you set up Syskey protection) before you can log on. For details about configuring this protection, see Adding Another Layer of Protection with Syskey.
EFS provides a secure way to store your sensitive data. Windows creates a randomly generated file encryption key (FEK) and then transparently encrypts the data using this FEK as data is written to disk. Windows then encrypts the FEK using your public key. (Windows creates a personal encryption certificate with a public/private key pair for you the first time you use EFS.) The FEK is a symmetric key (that is, the same key is used for encrypting and decrypting data), which is orders of magnitude faster than public key encryption. The FEK, and therefore the data it protects, can be decrypted only with your certificate and its associated private key, which are available only when you log on with your user name and password. (Designated data recovery agents can also decrypt your data. For information about data recovery agents, see Recovering Encrypted Data.) Other individuals who attempt to use your encrypted files receive an "access denied" message. Even administrators and others who have permission to take ownership of files are unable to open your encrypted files.
You can encrypt individual files, folders, or entire drives. We recommend that you encrypt folders instead of individual files. If you have hard disk volumes that contain only data (that is, drives other than the system drive and boot drive), consider encrypting the entire drive. When you encrypt a folder or drive, the existing files it contains are encrypted, and new files that you create in the folder or drive are encrypted automatically, as are temporary files that your applications create in the folder or drive. (For example, Microsoft Word creates a copy of a document in the folder where it's stored when you open the document for editing. If the document's folder isn't encrypted, the temporary copy isn't encrypted—giving prying eyes a potential opportunity to view your data.) For this reason, you should also consider encrypting your %Temp% and %Tmp% folders, which many applications use to store temporary copies of documents that are open for editing. (Note, however, that doing so might slow your system considerably, and it might prevent some installation programs from running properly.)
Before You Begin: Learn the Dangers of EFS
EFS provides secure encryption of your most important information. The encryption is so secure that if you lose the key that allows you to decrypt your data, the information is effectively lost. By default, Windows provides no "back door" if your private key is lost, nor is there any practical way to hack these files. (If there were, it wouldn't be very good encryption.)
You can innocently lose your key in a number of ways. Suppose, for example, that you have stored your data in encrypted folders on a second volume (such as drive D). You notice that your computer is running sluggishly and its hard disk is overflowing with junk files—so you decide to reinstall Windows from scratch. Not worrying about your files on another partition, you format drive C and reinstall Windows. Although it's not apparent, reinstalling Windows creates new security identifiers (SIDs) for each user, even if you do everything exactly the same way as the last time you ran Setup. As a result, each user's encryption certificates are also different from the ones they replaced, and they can't be used to access the encrypted data stored on drive D. Even the Administrator account—which also has a new SID—can't decrypt the files from a different Windows installation.
Fortunately, with a little care, you can prevent these drastic scenarios. To learn about EFS and then begin safely using it for your important files, we recommend that you follow this approach:
Create an empty folder and encrypt it. (For details, see the next section, "Encrypting Your Data.")
Create a nonessential file in the encrypted folder (or copy a file to the folder)—and check to see that you can use it just as you would any ordinary file.
If your computer is not part of a domain, create a data recovery agent, a second user account that can be used to decrypt files should your personal encryption certificate become lost or corrupt. (For details, see Creating a Data Recovery Agent. )
Back up your file recovery certificate and your personal encryption certificate along with their associated private keys. (For details, see Backing Up Your Certificates.)
Note that you won't have a certificate to back up until you have encrypted at least one folder or file. A new Windows installation doesn't have encryption certificates; one is created the first time a user encrypts a folder or file.
Begin using EFS for your important confidential files.
In summary: If you encrypt files on a computer that is not joined to a domain, be sure to set up a data recovery agent. Back up both your personal certificate and the data recovery agent's file recovery certificate.
Controlling network access is an important part of system security, and on a network such as the Internet, based on Transmission Control Protocol/Internet Protocol (TCP/IP), that means controlling access to ports. By monitoring and limiting the types of connections that applications and computers make to your system, you can greatly reduce the chances that the system will be compromised.
In this chapter, we first explain how ports and protocols work. We then show you how to determine which ports are being used and, more important, which programs are using them. Armed with that information, you can restrict access to ports other than the ones legitimately used by your programs, as we explain in the next section.
The rest of the chapter covers the topic of services, specialized programs that perform functions to support other programs and services. Many services control, to one degree or another, the use of ports. For this reason—and because services typically run in the context of a privileged user account such as System or Local Service—understanding and managing services are important steps in securing your computer and your network. The final sections of the chapter provide more details about a particular collection of services—Internet Information Services, or IIS—that allow other users to connect to your computer over the Internet. Naturally, you'll want to take extra care in configuring these services.
Security Checklist: Ports, Protocols, and Services
--------------------------------------------------------------------------------
See which ports are open for incoming connections.
Determine which services and applications are using the open ports.
Use TCP/IP filtering to block access to ports other than ones you explicitly need open.
Disable unneeded services.
If you use Internet Information Services (IIS) as a server for Web, FTP, or SMTP access, disable the services you don't need.
Unless you're using IIS for public Internet access, disable anonymous access.
Run the IIS Lockdown tool.
Encrypting Files and Folders
Throughout this book, we explain various methods for keeping snoops away from your data: password-protected user -accounts, restrictive NTFS permissions, prudent network sharing, firewalls, and so on. But what if, despite your best efforts, your files fall into the wrong hands? This is certainly a risk if you travel with a portable computer—a popular target for thieves. But even offices and homes in low-crime neighborhoods are sometimes burglarized, putting your desktop computers at risk. A stealthier thief—perhaps a coworker or someone who manages to penetrate your computer's defenses through the Internet—can also make off with your files.
Nearly every computer, whether it's in a business or a home, contains some sensitive data that must never be available outside your most trusted circle (or, in some cases, to anyone else at all). In addition to financial data—such as your accounting records or personal finance files—your computer might be the repository for marketing plans, trade secrets, medical history, diaries, address books, and similar information. If someone can obtain a file by downloading it from your computer or by borrowing (or stealing) your portable computer, they know your secrets.
In this chapter, we discuss the Encrypting File System (EFS), a feature of Microsoft Windows XP Professional and Windows 2000 that can prevent the loss of such confidential data. EFS encodes your files so that even if thieves are able to obtain a file, they can't read it. The files are readable only when you log on to the computer with your user account (which, presumably, you have protected with a strong password). In fact, even someone else logging on to your computer won't have access to your encrypted files, which provides protection on systems that are shared by more than one user.
If you use Windows 2000, install Service Pack 2 or the High Encryption Pack to enable 128-bit encryption.
Encrypt a file or folder to create a personal encryption certificate.
Export the personal encryption certificate for each account.
If you use Windows XP, be sure you have a Password Reset Disk. Also consider creating and designating a data recovery agent.
Export and protect the private keys for recovery accounts, and then remove them from the computer. This prevents someone from accessing your files using the data recovery agent account.
Encrypt the My Documents folder and any other local folder you use for storing documents.
Always encrypt folders, not files. When a folder is encrypted, all files created in that folder are encrypted. (Many programs save a new copy of the document you are editing. This copy will be encrypted if you encrypt the folder, but it will be not be encrypted if you encrypt only the original file.)
Don't destroy file recovery certificates and private keys when you change data recovery agent policies. Keep them until you are sure that all the files they protect have been updated.
Configure a policy so that the page file is cleared when you shut down your computer. Otherwise, data from files that were decrypted during a working session might remain in the page file, which a thief could peruse. (For details, see Exploring Security Options).
Disable hibernation (a power-saving option you configure in Control Panel, Power Options). If your system goes into hibernation while encrypted files are open (and therefore decrypted), the data is accessible to a thief who views the Hiberfil.sys file.
Using the Encrypting File System
The Encrypting File System allows you to encrypt files on an NTFS volume so that only you can use them. This offers a level of protection beyond that provided by NTFS permissions, which you can use to restrict access to your files by others who log on to your computer. NTFS permissions are vulnerable for a couple of reasons. First, all users with administrative privileges can grant themselves (or others) permission to access your files. What's worse, anyone who gains physical access to your computer can boot from a floppy disk (or from another operating system, if your computer is set up for dual booting) and use a utility such as NTFSDOS (available from Sysinternals, http://www.sysinternals.com) to read the files on your hard disk—without having to provide a user name or password. Portable computers, which are more easily stolen, are especially vulnerable to this type of information loss.
TIP
--------------------------------------------------------------------------------
Require a startup password on portable computers
On most computers, you can use BIOS settings to construct another obstacle for anyone who steals your computer. Set your BIOS so that a password is required to start the computer or to enter the BIOS setup program, and set the boot options so that the computer can't be booted from a floppy disk or CD. Unfortunately, this type of protection can also be circumvented. For example, removing the hard disk and installing it in another computer makes its files available to someone with the proper tools.
A much more effective method is to remove the Syskey startup key from the computer. To start the computer, you'll then need to enter a password (or insert a floppy disk that contains the startup key, depending on how you set up Syskey protection) before you can log on. For details about configuring this protection, see Adding Another Layer of Protection with Syskey.
EFS provides a secure way to store your sensitive data. Windows creates a randomly generated file encryption key (FEK) and then transparently encrypts the data using this FEK as data is written to disk. Windows then encrypts the FEK using your public key. (Windows creates a personal encryption certificate with a public/private key pair for you the first time you use EFS.) The FEK is a symmetric key (that is, the same key is used for encrypting and decrypting data), which is orders of magnitude faster than public key encryption. The FEK, and therefore the data it protects, can be decrypted only with your certificate and its associated private key, which are available only when you log on with your user name and password. (Designated data recovery agents can also decrypt your data. For information about data recovery agents, see Recovering Encrypted Data.) Other individuals who attempt to use your encrypted files receive an "access denied" message. Even administrators and others who have permission to take ownership of files are unable to open your encrypted files.
You can encrypt individual files, folders, or entire drives. We recommend that you encrypt folders instead of individual files. If you have hard disk volumes that contain only data (that is, drives other than the system drive and boot drive), consider encrypting the entire drive. When you encrypt a folder or drive, the existing files it contains are encrypted, and new files that you create in the folder or drive are encrypted automatically, as are temporary files that your applications create in the folder or drive. (For example, Microsoft Word creates a copy of a document in the folder where it's stored when you open the document for editing. If the document's folder isn't encrypted, the temporary copy isn't encrypted—giving prying eyes a potential opportunity to view your data.) For this reason, you should also consider encrypting your %Temp% and %Tmp% folders, which many applications use to store temporary copies of documents that are open for editing. (Note, however, that doing so might slow your system considerably, and it might prevent some installation programs from running properly.)
Before You Begin: Learn the Dangers of EFS
EFS provides secure encryption of your most important information. The encryption is so secure that if you lose the key that allows you to decrypt your data, the information is effectively lost. By default, Windows provides no "back door" if your private key is lost, nor is there any practical way to hack these files. (If there were, it wouldn't be very good encryption.)
You can innocently lose your key in a number of ways. Suppose, for example, that you have stored your data in encrypted folders on a second volume (such as drive D). You notice that your computer is running sluggishly and its hard disk is overflowing with junk files—so you decide to reinstall Windows from scratch. Not worrying about your files on another partition, you format drive C and reinstall Windows. Although it's not apparent, reinstalling Windows creates new security identifiers (SIDs) for each user, even if you do everything exactly the same way as the last time you ran Setup. As a result, each user's encryption certificates are also different from the ones they replaced, and they can't be used to access the encrypted data stored on drive D. Even the Administrator account—which also has a new SID—can't decrypt the files from a different Windows installation.
Fortunately, with a little care, you can prevent these drastic scenarios. To learn about EFS and then begin safely using it for your important files, we recommend that you follow this approach:
Create an empty folder and encrypt it. (For details, see the next section, "Encrypting Your Data.")
Create a nonessential file in the encrypted folder (or copy a file to the folder)—and check to see that you can use it just as you would any ordinary file.
If your computer is not part of a domain, create a data recovery agent, a second user account that can be used to decrypt files should your personal encryption certificate become lost or corrupt. (For details, see Creating a Data Recovery Agent. )
Back up your file recovery certificate and your personal encryption certificate along with their associated private keys. (For details, see Backing Up Your Certificates.)
Note that you won't have a certificate to back up until you have encrypted at least one folder or file. A new Windows installation doesn't have encryption certificates; one is created the first time a user encrypts a folder or file.
Begin using EFS for your important confidential files.
In summary: If you encrypt files on a computer that is not joined to a domain, be sure to set up a data recovery agent. Back up both your personal certificate and the data recovery agent's file recovery certificate.
Subscribe to:
Posts (Atom)