Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: PCI, EFS and the future?

from [Roger A. Grimes] Network Security [Permanent Link]
Subject: RE: PCI, EFS and the future?
Date: Fri, 2 Feb 2007 17:07:16 -0500 
EFS is a very good, and more than adequate solution, with one caveat- it
is file/folder-level encryption versus drive or volume-level encryption;
and all that those differences entail.

EFS is free with Windows 2000 and above, and it is good encryption. You
don't want to lose the private or recovery keys. No matter what solution
you choose, make sure to automate backing up the recovery keys.

PCI and other commercial/public requirements don't care what the
specific solution is as long as it is a strong and reliable solution.
EFS fits that bill, and you gotta love the price.

Some folks like PGP or Truecrypt. Both are excellent solutions as well.

Other vendor solutions, which may cost, can also provide a good
solution, and some people feel third party mgmt tools make it easier
than free tools...but show me any encryption product and I'll show you
advantages and disadvantages. None are perfect.

I say try out a few solutions, including EFS, talk to other users who
have been using the products for awhile, and choose one that fits in
your environment. Don't just talk to the "EFS sucks" people, who haven't
spent time implementing it and using it. That's like an EFS-zealot
dogging Truecrypt without really using it or understanding it.

Properly setup and understood, there are many good solutions, including
EFS. 

Roger

*****************************************************************
*Roger A. Grimes, InfoWorld, Security Columnist 
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada...
*email: roger_grimes@infoworld.com or roger@banneretcs.com
*Author of Professional Windows Desktop and Server Hardening (Wrox)
*http://www.amazon.com/gp/product/0764599909
*****************************************************************



-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Nick Vaernhoej
Sent: Friday, February 02, 2007 12:04 PM
To: security-basics@securityfocus.com
Subject: PCI, EFS and the future?

Good morning list

In the past I have asked about encryption solutions to attain PCI
compliance.

There are numerous solutions our there and I have some questions about
EFS in particular.

We are trying to create a small area on our corporate fileserver to be
an encrypted location. When used with EFS this area should be
transparent to the end user since it ties into AD.

My gut feeling is telling me that EFS is the wrong solution and I fear
that it won't be in compliance with PCI's data at rest specs.

Does anyone have any experience with EFS file level encryption, PCI and
what the future outlook is?

Are you looking at a replacement product because the auditor didn't find
EFS adequate?

Thank you

Nick Vaernhoej
"Quidquid latine dictum sit, altum sonatur."
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Changing the domain password policy, Roger A. Grimes
Next by Date:  Re: One-Time Pad software?, profeten
Previous by Thread:  PCI, EFS and the future?, Nick Vaernhoej
Next by Thread:  Re: PCI, EFS and the future?, Saqib Ali
Indexes:  [Date] [Thread] [Top] [All Lists]