From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_018B_01C4B631.674FC3F0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   See =
http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en=
-us/Default.asp?url=3D/resources/documentation/windows/xp/all/reskit/en-u=
s/prnb_efs_kcef.asp, =
http://www.microsoft.com/smallbusiness/gtm/securityguidance/articles/prot=
ect_data_efs.mspx, and =
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx=
.

Rich

  "Mike N."  wrote in message =
news:4kian0tsqlcisuurtek0invfsetcupneun{at}4ax.com...
  Here are some questions I have on using Encrypting File System in an
  environment-

    Standalone XP SP2  workstation (laptop) with the goal of protecting
  confidential data in EFS files from a sophisticated cracker in the =
event
  the laptop is stolen.

   Set security policies to prevent use of LophCrack 5 on login password =
or
  SAM file:
   - Do not store LAN manager hash value.
   - LANman auth level : NTLMV2 only=20

   Prevent single DES attacks on files-
   -  Use FIPS compliant algorithms for encryption: Enable
  - Shutdown: Clear virtual memory pagefile: Enabled

   Create a recovery agent so that encrypted files on tapes created by
  NTBackup can be unencrypted.   Export recovery certificate to external
  safekeeping and delete it from the machine.  (Are files backed up by
  NTBackup encrypted or plain text?)

    I'm assuming that the primary EFS certificate residing on the =
machine in
  the certificate store is not a security risk.   Without the login it =
will
  be protected at least as securely as the EFS files themselves.

     A cracker could grab all filenames (not important in this case).

    Anything else I should look for?

     Thanks,

      Mike

------=_NextPart_000_018B_01C4B631.674FC3F0
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








   See http://www.microsoft.com/resources/documentation/Windows/XP/all/r=
eskit/en-us/Default.asp?url=3D/resources/documentation/windows/xp/all/res=
kit/en-us/prnb_efs_kcef.asp">http://www.microsoft.com/resources/documenta=
tion/Windows/XP/all/reskit/en-us/Default.asp?url=3D/resources/documentati=
on/windows/xp/all/reskit/en-us/prnb_efs_kcef.asp,=20
http://www.microsoft.com/smallbusiness/gtm/securityguidance/artic=
les/protect_data_efs.mspx">http://www.microsoft.com/smallbusiness/gtm/sec=
urityguidance/articles/protect_data_efs.mspx,=20
and http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryp=
tfs.mspx">http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cr=
yptfs.mspx.
 
Rich
 

  "Mike N." <mike{at}u-spam-u-die.net>">mailto:mike{at}u-spam-u-die.net">mike{at}u-spam-u-die.net>
=
wrote in=20
  message news:4kian0tsqlc=
isuurtek0invfsetcupneun{at}4ax.com...Here=20
  are some questions I have on using Encrypting File System in=20
  anenvironment-  Standalone XP
SP2  workstation =
(laptop)=20
  with the goal of protectingconfidential data in EFS files from a=20
  sophisticated cracker in the eventthe laptop is =
stolen. Set=20
  security policies to prevent use of LophCrack 5 on login password =
orSAM=20
  file: - Do not store LAN manager hash
value. - =
LANman auth=20
  level : NTLMV2 only  Prevent single DES attacks on=20
  files- -  Use FIPS compliant algorithms for
encryption:=20
  Enable- Shutdown: Clear virtual memory pagefile:=20
  Enabled Create a recovery agent so that
encrypted files =
on tapes=20
  created byNTBackup can be unencrypted.  
Export recovery =

  certificate to externalsafekeeping and delete it from the =
machine. =20
  (Are files backed up byNTBackup encrypted or plain =
text?) =20
  I'm assuming that the primary EFS certificate residing on the machine=20
  inthe certificate store is not a security risk.   =
Without the=20
  login it willbe protected at least as securely as the EFS files=20
  themselves.   A cracker could grab
all filenames =
(not=20
  important in this case).  Anything else I
should look=20
  for?  
Thanks,   =20
Mike

------=_NextPart_000_018B_01C4B631.674FC3F0--

--- BBBS/NT v4.01 Flag-5