Security at LSU: Encrypting File System (EFS) at LSU
Disclaimer: To use EFS, please consult your Technology Support Professional or IT Contact.
What is Encrypting File System?
The EFS or Encrypting File System is a file system available in Microsoft's Windows operating systems. The technology transparently allows files to be stored encrypted on NTFS file systems to protect confidential data from attackers with physical access to the computer.
NOTE: EFS uses public key cryptography to encrypt files seamlessly within Windows.
NOTE: NTFS or New Technology File System is the standard file system of Windows.
EFS will not protect files transferred from one computer to another. It is only file system level encryption. EFS cannot be used to encrypt an entire drive’s contents because it is only used to decrypt in the context of a user’s rights. Hence, system files accessed by the system once encrypted under a user’s rights will no longer be viewable by the system.
EFS is a very powerful and potentially dangerous tool. With this in mind, consider carefully what files and folders to encrypt. For most users the best practices are to encrypt “My Documents” folder, the Outlook Application folder within the Documents and Settings folder, the Desktop Folder and any other folders used to store day-to-day documents and data.
EFS Advantages in LSU’s Environment:
Information Technology Services (ITS) put into production an internally trusted Certificate Authority which can issue certificates that are very secure and plug directly into our Active Directory. Certificates can be issued automatically and files can be seamlessly encrypted. This is especially useful on laptops in the event that they are stolen to protect documents that may contain Personally Identifiable Information (PII). There is also a recovery key that is assigned to IT Security and Policy Office personnel that can be used to recover files if needed.
How hard is it to take advantage of EFS?
EFS can be utilized almost immediately. Once your IT administrator/contact has set up your options on the OU level, you will be able to encrypt/decrypt files with a simple right-click procedure. Consult your IT administrator/contact for this setup.
What happens if I can’t decrypt my data?
EFS has to be used in the context of a user’s profile. If you have access to data that was encrypted using someone else’s profile or for some reason you can’t log on to your machine, IT Security and Policy Office personnel will be able to recover the data for you. The data will need to be copied to another computer, decrypted, and copied back. Your IT administrator/contact working in conjunction with IT Security and Policy Office will be able to recover encrypted files.
Some helpful EFS files are available at TigerWare.
11/5/2012 1:30:47 PM
Note: If you have any questions or concerns please contact the IT Security and Policy Office at email@example.com
We love feedback! Please help us improve this article.