File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006.

Slides:



Advertisements
Similar presentations
Secure Storage.
Advertisements

Encrypting stored data
Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.
Rambling on the Private Data Security
Vpn-info.com.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Secure storage Papers AES-CBC + Elephant diffuser A Disk Encryption Algorithm for Windows Vista Niels Ferguson, Microsoft,
BitLocker™ Drive Encryption A look under the covers Steve Lamb Technical Security Advisor, Microsoft UK
This presentation will take a look at to prevent your information from being discovered by and investigator.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Windows XP File System Management Group D. 3 Layers of Drivers Filter Drivers Filter Drivers –Virus protection, compression, encryption File System Drivers.
Security at the Operating System Level (Microsoft) By Birinder Dhillon.
SEC316: BitLocker™ Drive Encryption
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
File System Security Jason Eick and Evan Nelson. What does a file system do? A file system is a method for storing and organizing computer files and the.
Module 6: Managing Data Storage. Overview Managing File Compression Configuring File Encryption Implementing Disk Quotas.
PKI-Enabled Applications That work! Linda Pruss Office of Campus Information Security
1 Using Compressed Files and Folders Applications and operating systems read and write to compressed files. NTFS uncompresses the file before making it.
STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Windows Encryption File System (EFS) Tech Briefing July 18 th 2008
Encryption Methods By: Michael A. Scott
Secure Startup Hardware-Enhanced Security Peter Biddle Product Unit Manager Windows Security Microsoft Corporation Stacy Stonich Program Manager Windows.
Using Mobile Computers Lesson 12. Objectives Understand wireless security Configure wireless networking Use Windows mobility controls Synchronize data.
Information Security Principles Supervised By Ms. Eman El Ajramy Presented by Moamer.T.Sawafiri Steps To Secure Your Data.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features.
®® Microsoft Windows 7 for Power Users Tutorial 5 Comparing Windows 7 File Systems.
Session 4 Windows Platform Dina Alkhoudari. Learning Objectives Configure disk quotas Repairing and Defragmenting Set permissions to files and folders.
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 14 Windows XP Professional 1.
Microsoft ® Official Course Module 8 Securing Windows 8 Desktops.
Week #7 Objectives: Secure Windows 7 Desktop
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography.
Configuring Encryption and Advanced Auditing
Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Unit OS8: File System 8.3. Encrypting File System Security.
Cosc 4765 Trusted Platform Module. What is TPM The TPM hardware along with its supporting software and firmware provides the platform root of trust. –It.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 7 Windows 7 Security Features.
Ch 17 Securing the File System. Three Ways to Protect Files NTFS Permissions Encrypting File Service BitLocker full-disk encryption – BitLocker ToGo.
Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)
Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.
Lecture 18 Windows – NT File System (NTFS)
Windows 2000 Security Yingzi Jin. Introduction n Active Directory n Group Policy n Encrypting File System.
Module 5: Configuring and Managing File Systems. Overview Working with File Systems Managing Data Compression Securing Data by Using EFS.
Microsoft Windows XP Professional MCSE Exam
Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)
Understand Encryption LESSON 2.5_A Security Fundamentals.
1 Objectives Discuss File Services in Windows Server 2008 Install the Distributed File System in Windows Server 2008 Discuss and create shared file resources.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 7 Windows 7 Security Features.
Module 11: Managing Data Storage. Overview Managing File Compression Configuring File Encryption Configuring EFS Recovery Agents Implementing Disk Quotas.
What is BitLocker and How Does It Work? Steve Lamb IT Pro Evangelist, Microsoft Ltd
© ExplorNet’s Centers for Quality Teaching and Learning 1 Explain the importance of security and encryption. Objective Course Weight 2%
Using Mobile Computers Lesson 12. Objectives Understand wireless security Configure wireless networking Use Windows mobility controls Synchronize data.
Windows Vista Configuration MCTS : NTFS Security Features and File Sharing.
SQL Server Encryption Ben Miller Blog:
Systems Architecture Microsoft BitLocker -> securing data on mobile devices Johannes Marotzke
UNM Encryption Services in Development
Configuring Encryption and Advanced Auditing
Trusted Computing and the Trusted Platform Module
Hardware security: The use of a Trusted Platform Module
Trusted Computing and the Trusted Platform Module
תרגול 9 – Windows Security
Hiding Information, Encryption, and Bypasses
Bruce Maggs (with some slides from Bryan Parno)
Bruce Maggs (with some slides from Bryan Parno)
Presentation transcript:

File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006

Encrypting File System Protects sensitive data on computers and laptops from physical theft. Encryption at a lower level that all applications can use. EFS introduced in Windows 2000 Tied to the NTFS file system Encrypt individual files or folders

Encrypting File System Data encrypted with symmetric file encryption key (FEK)  DESX, 3DES, AES  Cipher block chaining FEK encrypted with user’s public key (RSA) Multiple users Recovery Agent in case user private key lost Header Version Checksum Data Decryption Field DDF Key Entry 1 … DDF Key Entry n Data Recovery Field DRF Key Entry 1 … DRF Key Entry n User SID Container Name Provider Name EFS Certificate Hash Encrypted FEK Key Entry:

EFS Security Issues On standalone system, all keys that protect the private key potentially on hard disk  EFS Private key  Master key  Password key  Syskey  Recommend removing syskey from system with floppy or password  Smartcard support planned for Vista Can’t encrypt system files, registry, file name, or page file  Allows attacker to boot system  File names can reveal information  Page file might accidentally store sensitive data

Full Volume Encryption Encryption at the block driver level underneath file system. Everything in the volume is encrypted. BitLocker in Vista BitLocker takes advantage of Trusted Platform Module (TPM)  Top level root key sealed in TPM  Root key encrypts disk encryption key, which encrypts sector data

BitLocker Secure Startup  Ensures boot integrity of the Windows volume before unsealing root key.  Verifies none of the boot code or critical system files have been tampered with offline.  Taking measurements of critical information at each step of the boot process.  Compare hash of measurements to hash of known secure system.  Recovery mechanism – removable storage or password BitLocker and EFS not mutually exclusive  BitLocker can protect system volume and root keys.  EFS can provide file granularity and multiple user control.

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.