Windows 2000 provides a means of securing file system data through encryption. The Windows 2000 Encrypting File System (EFS) allows users to encrypt and decrypt files on the fly, while offering an effective security mechanism that is essentially transparent to the user. In this Daily Feature, I’ll explain how EFS works.

Providing file system security with EFS
All Windows 2000 platforms, including Windows 2000 Professional, include EFS, which allows users and administrators alike to protect the file system from unauthorized access. If you use NTFS and faithfully review and apply permissions to secure your data, you might be wondering why you would need EFS.

EFS is primarily intended to protect the file system on a computer that is not physically secure. For example, a server kept behind locked doors that has no removable storage devices is not a likely candidate for EFS, as someone would have to break into your server room, remove the drive(s), and get out without being caught if they wanted to steal the information on the drives (assuming you’ve protected the data adequately from network-borne attacks.) However, systems that are physically insecure are a candidate for EFS.

For example, any notebook that contains company-sensitive data should use encryption to protect its contents. Consider the thefts in recent years of notebook computers—many of which contained sensitive information—from government employees in public airports and even government offices, and you can appreciate the need to protect your own portable data.

Protecting notebooks is just one use for EFS. Desktop systems that are publicly accessible, such as those in public offices, courtrooms, government offices, and other locations where the public has access to systems and where the systems contain sensitive or private information, should be protected by EFS to prevent data theft and the potential embarrassment, legal trouble, or even loss of business that could ensue. In the server realm, removable storage devices such as Storage Area Network (SAN) devices that contain sensitive data should be protected through encryption. It only takes one unscrupulous or disgruntled employee to hand a drive over to your competition to destroy your company.

Encrypting individual files is certainly a start, but that doesn’t really provide the level of security you might need. Applications typically create temporary files containing at least portions of a document, and if these files are not protected by encryption, they pose a security risk. So, rather than look to solutions that provide file-by-file encryption or encrypting individual files with EFS, you need a solution that can automatically encrypt and decrypt files in an entire folder or volume. EFS does just that.

To use EFS, you must also use NTFS, as EFS relies on NTFS reparse points and an installable NTFS file system filter that handles the encryption/decryption process (both new features of NTFS 5.0). You can’t protect FAT volumes or folders with EFS for that reason. In addition, EFS does nothing the encrypt network traffic, so when a user accesses encrypted files from a server or transfers encrypted files from his workstation to another computer, those files are sent unencrypted across the network and are therefore subject to the same security risks as unencrypted files. If you need the highest possible security for your data and added security for network transfers, implement a network encryption mechanism such as IPSec in addition to EFS.

How EFS Works
The implementation of EFS in Windows 2000 uses the Data Encryption Standard X (DESX), which provides 128-bit encryption. Windows 2000 encrypts each file with a randomly generated, unique file encryption key, independent of the user’s public/private key pair. Using a unique encryption key for each file provides an excellent level of security and makes it extremely difficult to break the encryption on an entire volume or even a single folder. Brute force attempts would eventually succeed on a single file, but the time required to decrypt a large amount of data would be impractically large.

However, this underscores the need to use passwords that are difficult to hack—you wouldn’t want to go to the trouble of encrypting data on a user’s notebook only to have the thief guess the user’s password. You should also configure policies to prevent the last logon account from appearing in the logon dialog box, which would otherwise give the thief a significant leg up on cracking into the system.

Out of the box, Windows 2000 provides the ability to encrypt and decrypt files. Because EFS automatically creates a public key pair and file encryption certificate when a user encrypts a file, you don’t have to create or deploy certificates specifically for that purpose. Windows 2000 automatically stores the encryption certificates and keys in the user’s profile, making them available to the user in each logon session.

EFS automatically generates a bulk symmetric encryption key and encrypts the file using that key. It then encrypts the bulk encryption key (called a File Encryption Key [FEK]) with the user’s public key. EFS stores the FEK for an encrypted file within the encrypted file in an attribute called the Data Decryption Field (DDF). It also encrypts the bulk encryption key using the recovery agent’s public key. This FEK is stored in the Data Recovery Field (DRF) of the file. The DRF can contain data for multiple recovery agents. Each time EFS saves the file, it generates a new DRF using the current recovery agent list, which is based on the recovery policy.

Encryption and decryption is transparent to the user and happens automatically as the file is read from and written to the disk. You can open an encrypted document using the document’s parent application—either inside or outside of the application—without any special preparation or procedure. The encryption/decryption happens at the file system level and is completely independent of the application, so the application need not be EFS-aware. EFS uses the private portion of the user’s key pair to decrypt the FEK and enable the user to view the data.

EFS automatically pulls the necessary certificate from the user’s certificate store for that purpose, and if the certificate isn’t available, which occurs if this isn’t the user who encrypted the file or the certificates have been removed, the user receives an Access Denied message.

There has always been a lot of talk about how insecure Microsoft’s Windows products are. However, when you look at things like EFS, you quickly discover that Microsoft has included security features in Windows 2000 that make it more secure than one might expect.