2.8.3 EFS – Part 1

Part 1 of 2.8.3 EFS by Val BakhThe security of the information we store on our computers has become a major concern as the world of IT (information technology) grows more complex every day. We must accept that IT security is a necessity, just like we sometimes have to go to work when we are suffering from migraines. It is a fact that there is no other way. It’s like locking your door when you leave for work. There is always the possibility that your house keys might get lost or left behind at work, but it is not as feasible to leave the door unlocked as it was a few decades ago. We must also protect our data. Now the question is: How? Data security is a fascinating and complex subject. There are many different technologies and methods that can be combined to create a multilayered, impregnable fortress.
This blog post will discuss Encrypting File System (or EFS). EFS provides file-level encryption and enhances the NTFS filesystem.
Before we get into the details of EFS, let us first define encryption. Encryption is simply a way to modify a document so that no one can see what’s inside. Although it sounds similar to permissions, it is not the same thing. The NTFS permissions granted to a file don’t change its content. They only prevent unauthorized users from opening it in a regular fashion. An attacker or intruder with malicious intent can easily bypass permissions if they have physical access to your computer. The attacker only needs to connect the hard drive holding your document to another computer he or she can control. The attacker can also install an OS on your computer. The attacker can then change your permissions and gain complete access to all your data.
The file is encrypted so its contents cannot be viewed quickly and easily. The algorithm for this modification doesn’t have to be secret. However, in order to run it backward, or to “unscramble the data”, you will need to know a long string of binary data (or a key) that you must keep secret from others. It should not be revealed to anyone but those you trust. If you want your colleagues to have access to the file, you should give them their own keys.
Here’s how it works. Encrypting a file is done using a key that can be used in both directions — to lock it and unlock it. This key is known as a file encryption key (or FEK). The algorithm you used to encrypt the file was designed to decrypt large amounts of data quickly. Now that you have encrypted the file using a FEK, the next step is to protect the FEK. As a regular, physical key, the FEK can be thought of as a regular key. You could secure it by placing it in a safe-box. Then lock it with another key. This new key is a different type. It can lock or unlock, but not both. This key is known as the public key, because it can be shared with anyone. After you have locked your FEK using your public key, nobody can unlock it with the same public keys. You will need a separate key, which is the public key’s twin. This is your private key. Keep it safe at all costs. The public key and private keys complement each other. What has been locked with a public key can only be unlocked with the private key. The reverse is true as well: what you lock with the public key can only be unlocked with your private key. Although the algorithm for encrypting FEK is more secure than that for encrypting files, it is also more resource-intensive and is not well suited to encrypting large quantities of data.

Comments are closed