EFS is a function of the NTFS file system and is not compatible with the
compression function of the NTFS file system. It's fine to encrypt files
compressed with ZIP for instance, but if you try to check both "encrypt"
and "compress" in the NTFS options for a file system object, you will
find that only one or the other may be selected.
There are a couple of articles at kb.berkeley.edu that cover some of
your questions: http://kb.berkeley.edu/kb1175 and
http://kb.berkeley.edu/kb1025.
Options for encrypting shared files on a file server are limited and are
generally expensive and/or difficult to implement. To be clear, data
privacy standards/best-practices only require the data to be encrypted
across network segments, or when stored on machines vulnerable to loss
or theft, especially laptops or desktop computer in public areas. There
is no requirement to encrypt data on a properly secured file server
located in a secure area. I would be interested to learn if any campus
departments have had success in implementing encryption on shared files,
but if your resources are limited I would recommend focusing efforts on
protecting file servers and moving restricted data off workstations.
Allison Henry
System and Network Security
University of California, Berkeley
http://security.berkeley.edu
Jack Burris wrote:
> Howdy!
> Pardon the long subject line.
>
> In trying to implement Encrypted File System on a workstation with
> emails containing potentially sensitive data, I wondering how others are
> encrypting their live Eudora mailboxes that may contain sensitive data?
>
> I'm looking at the EFS document at:
>
> http://sis.berkeley.edu/SIS/sis-training/security/encryption/efs-encrypt-folder.htm
>
>
> and it says:
>
> "Files or folders that are compressed cannot also be encrypted. If the
> user marks a file or folder for encryption, that file or folder will be
> uncompressed."
>
> This could be rather disruptive for an email attachments folder, where
> sometimes compressed files containing different versions of the same
> document could overwrite each other if uncompressed to the same folder.
>
> What are others doing to comply with campus-wide data privacy standards
> when it comes to:
>
> 1) securing email files and folders on workstations
>
> 2) shared folders on servers where more than one person needs access (I
> understand using permissions just fine, but how about EFS with more than
> one user?)
>
> Thanks,
> Jack Burris
> SSCL
>
> ------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> For information about Micronet, including subscribing to
> or unsubscribing from its mailing list and finding out
> about upcoming meetings, please visit the Micronet Web site:
> <http://micronet.berkeley.edu/>.
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Wed Jan 31 2007 - 10:24:17 PST
This archive was generated by hypermail 2.2.0 : Wed Jan 31 2007 - 10:24:18 PST