Since the advent of PCs, encryption technology has evolved at a spectacular rate. Whereas before, the real problem in deciphering an encrypted message lay in the need to make large-scale calculations, computers have made it possible to carry out such calculations at amazing speeds. These same machines have also enabled encryption systems to be made both more accurate and complex.
Nowadays, it is unthinkable that data of any consequence should be transmitted without having previously been encrypted to prevent exposure to the prying eye. Unfortunately though, the common perception of data transmission is limited to the Internet and therefore many other systems that can and should be protected with encryption are generally ignored.
Laptop computers have now become a standard accessory for today's highly mobile business people, meaning also that all information stored on these computers is highly mobile and needs to be adequately protected. Although passwords can be used to impeded unauthorized access, they are little obstacle to the skilled and determined intruder.
With these kinds of problems in mind, Microsoft has incorporated an encryption system in its operating systems to prevent unauthorized access to information on disk. This system, the 'Encryption File System' (EFS), allows files and folders to be encrypted so that if a laptop or disk were to fall into the wrong hands, it would be impossible to decipher the information it contained.
To further heighten security, EFS includes various layers of encryption. Each file has its own unique encryption key, which is essential in order to be able to work with the file. This key, which is also encrypted, is only available to users authorized to access each file. EFS is actually integrated into the file system, thus reinforcing security against unauthorized access and at the same time making administration easier for users. The encryption and decryption of data is completely transparent and requires no user interaction other than selecting the file to encrypt.
One of the biggest potential problems presented by any file encryption system concerns access to these files after encryption, not just by the users who encrypted them, but also by others, such as network administrators or company bosses. If the password holder is unavailable at any time, even the IT staff will not be to access the encrypted files. To prevent such situations from occurring, the EFS in Windows XP and Windows Server 2003 allows the administrator to recuperate encrypted files using 'recovery agents' that can access all users' passwords.
Even though EFS, or any other encryption system, can offer great security advantages, they are also negative implications for protection against viruses. When a file is encrypted, its content becomes unintelligible, not just to people but also to any processes that don't know either the file's password or the generic administrator password.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.