Where Does EFS Fit into your Security Plan?
The ability to encrypt data - both data in transit (using IPSec) and data stored on the disk (using the Encrypting File System) without a need for third party software is one of the biggest advantages of Windows 2000 and XP/2003 over earlier Microsoft operating systems. Unfortunately, many Windows users don't take advantage of these new security features or, if they do use them, don't fully understand what they do, how they work, and what the best practices are to make the most of them.
I discussed the use of IPSec in a previous article; in this article, I want to talk about EFS: its use, its vulnerabilities, and how it can fit into your overall network security plan.
The Purpose of EFS
Microsoft designed EFS to provide a public key based technology that would act as a sort of "last line of defense" to protect your stored data from intruders. If a clever hacker gets past other security measures -- makes it through your firewall (or gains physical access to the computer), defeats access permissions to gain administrative privileges - EFS can still prevent him/her from being able to read the data in the encrypted document. This is true unless the intruder is able to log on as the user who encrypted the document (or, in Windows XP/2000, another user with whom that user has shared access).
There are other means of encrypting data on the disk. Many software vendors make data encryption products that can be used with various versions of Windows. These include ScramDisk, SafeDisk and PGPDisk. Some of these use partition-level encryption or create a virtual encrypted drive, whereby all data stored in that partition or on that virtual drive will be encrypted. Others use file level encryption, allowing you to encrypt your data on a file-by-file basis regardless of where they reside. Some of these methods use a password to protect the data; that password is entered when you encrypt the file and must be entered again to decrypt it. EFS uses digital certificates that are bound to a specific user account to determine when a file can be decrypted.
Microsoft designed EFS to be user-friendly, and it is indeed practically transparent to the user. Encrypting a file - or an entire folder - is as easy as checking a checkbox in the file or folder's Advanced Properties settings (see Figure 1).
Note that EFS encryption is only available for files and folders that are on NTFS-formatted drives. If the drive is formatted in FAT or FAT32, there will be no Advanced button on the Properties sheet. Also note that even though the options to compress or encrypt a file/folder are presented in the interface as checkboxes, they actually work like option buttons instead; that is, if you check one, the other is automatically unchecked. A file or folder cannot be encrypted and compressed at the same time.
Once the file or folder is encrypted, the only visible difference is that encrypted files/folders will show up in Explorer in a different color, if the checkbox to Show encrypted or compressed NTFS files in color is selected in the Folder Options (configured via Tools | Folder Options | View tab in Windows Explorer, shown in Figure 2).
The user who encrypted the document never has to worry about decrypting it to access it. When he/she opens it, it is automatically and transparently decrypted - so long as the user is logged on with the same user account as when it was encrypted. If someone else tries to access it, however, the document will not open and a message will inform the user that access is denied (as shown in Figure 3).
What's Going on under the Hood?
Although EFS seems amazingly simple to the user, there's a lot going on under the hood to make this all happen. Both symmetric (secret key) and asymmetric (public key) encryption are used in combination to take advantage of the benefits and disadvantages of each.
When a user initially uses EFS to encrypt a file, the user account is a assigned a key pair (public key and corresponding private key), either generated by the certificate services - if there is a CA installed on the network - or self-signed by EFS. The public key is used for encryption and the private key is used for decryption.
Now whenever the user encrypts a file, there is a random number, called the File Encryption Key (FEK) assigned to the file. The DESX algorithm (a symmetric key algorithm based on DES but with additional functionality) is used to encrypt the file with the FEK as the secret key. The FEK itself is encrypted with the public key, using the RSA algorithm. Thus the file, which may be large in size, is encrypted using secret key cryptography, which is fast. The FEK is small in size, so it can be encrypted using public key cryptography, which is more secure but is slower. This provides a better level of security without sacrificing performance.
How Secure is It?
EFS, like any security method, has vulnerabilities, especially on a standalone computer such as a laptop. Because the system files cannot be encrypted, an intruder is still able to boot the operating system. If the intruder is able to crack the administrator password (using one of many methods for doing so), he/she may be able to decrypt the encrypted files of any user. This is because by default, the administrator is the EFS recovery agent. The recovery agent is an EFS feature that is designed to make it possible to recover encrypted files if, for example, an employee who encrypted them leaves the company or dies.
Because of this vulnerability, Microsoft recommends that the recovery agent should back up the recovery certificate and its private key to a secure location (using the Export command from the Certificates MMC) and then delete the recovery certificate, so an intruder will not have access to the recovery certificate. Even if you do this, though, the intruder who is logged on as an administrator can simply change the passwords for all the user accounts, then log on as each user until he finds the account that encrypted the file(s). When logged on as that user, the files will be transparently decrypted.
If the computer belongs to a domain, you have a bit more security, but there are still ways for a savvy intruder to defeat EFS protections (such as using captured logon credentials or accessing the user's private key, which is stored on the hard disk of the machine where the encrypted file resides).
How to Make EFS More Secure
Best practices require that you take steps, beyond the default configuration, to make your EFS encrypted files more secure. Although it may not deter a determined and knowledgeable intruder, you should still follow Microsoft's advice to backup and then delete the recovery agent. As an administrator, you can also use the Syskey utility to store the startup key on a floppy, so that the intruder can't boot the computer without having the floppy inserted in the drive or, as a second option that can be applied with Syskey, set it so that a passphrase must be entered to complete the boot process. If the intruder is able to disable Syskey to boot the system, he/she still will not be able to get at the encrypted files because they're made inaccessible when Syskey is disabled.
Other best practices for using EFS include:
In assigning recovery agents, balance the need for access and the need for security. Obviously, the fewer agents the better for security purposes - but if there is only one agent assigned, and that agent's recovery certificate is lost, you may lose all access to data in encrypted files.
Don't assign recovery agent certificates to accounts that are used on a routine basis. Of course, you shouldn't be using the administrator account for daily work, but it's best to create special accounts for recovery agents that are used for nothing else. It goes without saying that the recovery agent account(s) should have very strong passwords, like any administrative account.
If you have roaming profiles set up, be aware that users' private keys are included in their profiles and thus are downloaded during logon. Thus you should use an IPSec policy on the domain controller, and configure the clients to use IPSec to be sure this information is encrypted when it is sent across the network.
Ensure that the Temp directory is encrypted. Programs often save temporary copies of documents to c:\temp so this folder and any others used by applications for temporary files should be encrypted.
Take strong measures to prevent an intruder from cracking users' passwords, which will give him/her access to any files encrypted by that user. This means setting strong password policies or, even better, using smart card or biometric authentication for logon.
Make sure that all drives are formatted in NTFS. This is important because when you copy an encrypted file to a FAT/FAT32 drive, it will be decrypted (in addition, file level access permissions can only be set on files and folders on NTFS partitions).
Finally, remember that EFS should be only one of several layers in a multi-layered security plan. Be sure to use it in conjunction with - not as a substitute for - NTFS file level access permissions, a good firewall, and strong passwords. Also remember that EFS does nothing to protect a file when you send it across the network; for that, you'll need IPSec.