Drew
Wed Jan 28 19:39:27 CST 2004
I can't say what's "secure enough". Really - our lawyers would frown on
that. Before they fired me, of course.
What I can say is that if you're not encrypting in system context, the
weakest point in the files' security is probably the user's password. If
someone can log on as that user, the data is theirs. Using strong passwords
and changing those passwords once in a while is mitigation against that
attack.
You'll have to encrypt each of those dirs in the context of the account that
uses it, unfortunately. On the bright side, once a directory is "marked for
encryption" any new files created in it (not just renamed on the same
volume) will be encrypted in the context of the user who created them - you
only have to do the tedious stuff once. If you're bothered about logging in
as each user, encrypting, logging out, next user, etc., you could cut the
time down by using the cmdline:
runas /u:IUSR_someuser cmd.exe
(prompted for password, then a new instance of cmd.exe is spawned)
(in the new cmd.exe)
cipher /e /a /s:<that_user's_root_directory>
(while you're at it, it might be a good idea to back up the cert/key pair)
cipher /x that_user's_keys.pfx
(and you'll be prompted for password protection of the pfx, blah, blah,
blah)
(you can put the .pfx on some removable media and store it in a safe or
something)
By now you can probably see why I'm not a tech writer by profession. ;-)
--
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
"RoChess" <anonymous@discussions.microsoft.com> wrote in message
news:2C0188F9-A06F-47F4-B9BB-1EB9EEA1AC4A@microsoft.com...
> Like Torgeir says, that same tool (among other attacks) can make
someone
> with physical access an administrator. A parallel install will also
allow
> an attacker to bypass any NTFS ACLs. As would many other tools that
can
> raw-read the volume.
>
> Yeah, that's what I was worried about, for which I thought EFS would be
the solution.
>
> But that brings up another point, since it will be a remote server, I will
not be able to use the highest EFS security mode, in which a floppy or other
media that has the key will be used to open the system for usage.
>
> So the key will be stored on the system. Do you think that will be secure
enough, even if they gain physical access?
>
> And trust me on the backup, I usually backup and store such information at
multiple secure locations.
>
> But that aside, encrypting all the seperate websites with each account
looks like a lot of extra workload (and I still don't know if it will make
IIS fully function), sure they pay me, but my BOFH genes rebel quick :) And
I'm already planning on using a very high database encryption with MySQL. So
I'm contemplating not even trying, at least not now.
>
>
> And you're not being paranoid - you're just concerned about security.
> That's probably why the bosses pay you. :-)
>
> Clients, but yeah :-)
>
> With Win2k boxes, I used 3rd party encryption utilities, but in this case
I'm on a very strict budget, that was one of the reasons Web Edition was
used, so I'm trying to squeeze the most out of what comes bundled with it.
>
> I was already very dissapointed that the simple firewall was removed from
the Web Edition (had another thread for that), which eventually I had to
solve with a Tinysoftware firewall solution. Thankfully it is only $79, so
that was still doable.