Data Security Technologies
Updated: March 28, 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Data Security Technologies
In a distributed computing environment, data exists in many locations. In some situations, data is stored on a centralized server. Other situations may call for a decentralized data storage scenario, where each user maintains his own data on his own computer. The most common scenario is a hybrid of these two, where some data is stored on a centralized server and retrieved by client computers, while other data is stored only on local computers and never shared.
All of these scenarios present some security issues to consider. In most environments, at the very least some of this data must be kept secure. To help provide data security in a variety of scenarios, there are several security technologies that can help protect sensitive data during storage and network transmission.
Data Security Architecture
There is no single data security component that protects all data against all forms of attack. There are, however, several technologies that can act in concert to provide a comprehensive security infrastructure that protects against many types of attacks. This type of attack defense is known as “defense in depth” and is the most appropriate method to ensure that sensitive data is not compromised. The data security components that provide the various data safeguards are described later in this overview.
Data Security Components
There are three main data security components in the Microsoft Windows operating system: Internet Protocol security (IPSec), Encrypting File System (EFS), and Syskey.
Internet Protocol Security
Internet Protocol security (IPSec) is a framework of open standards for ensuring private, secure communications over Internet Protocol (IP) networks, through the use of cryptographic security services. The implementation of IPSec in the Microsoft Windows Server 2003 operating system is based on standards developed by the Internet Engineering Task Force (IETF) IPSec working group.
IPSec provides aggressive protection against private network and Internet attacks through end-to-end security. The only computers that must know about IPSec protection are the sender and receiver in the communication. In Windows Server 2003, IPSec provides the ability to protect communication between workgroups, local area network computers, domain clients and servers, branch offices (which might be physically remote), extranets, and roving clients.
Although IPSec provides strong data security when data is transmitted on an IP network, it does not protect the data when it is stored by a computer on a disk drive. To help protect stored data, EFS must be used.
Encrypting File System
With Encrypting File System (EFS), you can store data securely. EFS does this by encrypting data in selected NTFS file system files and folders.
Because EFS is integrated with the file system, it is easy to manage, difficult to attack, and transparent to the user. This is particularly useful for securing data on computers that may be vulnerable to theft, such as mobile computers. However, EFS is useful in helping to protect sensitive data stored on any computer.
EFS is designed to store data securely on local computers. As such, it does not support the secure transmission of files over a network. Other technologies, such as Internet Protocol security (IPSec), can be used in conjunction with EFS to provide a larger solution.
Syskey is used to manage a computer’s startup key, which protects all of a system’s master keys. Users have their own master key, which is a cryptographic key that is used to protect other keys used by applications and services. At system startup, a startup key is used to decrypt the user’s master key, which is then used to encrypt all of the private keys on the computer, including private keys that are used for EFS. Startup keys are automatically generated and used for computers in a domain, but must be manually configured on stand-alone computers. Startup key security can be increased by storing the key on removable media or by requiring a system startup password. You can make those changes with Syskey.
Syskey is useful in protecting EFS keys that are stored on the local hard drive. Although it does not protect the EFS data itself, it protects the keys that can be used to access that data. By using Syskey in combination with EFS, you employ more than one layer of security between an attacker and your encrypted data.
Data Security Deployment Scenarios
There are several scenarios where data security technologies will help provide important safeguards for data. The following are two of the most common.
Portable laptops during travel
Laptops are, by their very nature, designed to be taken on trips. Modern laptops often contain large hard drives and powerful processors, enabling owners to work while they travel. These laptops can store any information the owner wants, including sensitive information such as trade secrets, undisclosed financial reports, personnel data, and so forth.
Unfortunately, laptops get stolen frequently. Without physical control of the computer, the user has no way to protect the data it contains. An attacker has numerous ways to extract the data from the laptop. If the data is unprotected, it’s a very simple matter.
To protect against these types of attacks, you should use both EFS and Syskey. EFS encrypts sensitive files so that they are cryptographically protected. This provides very strong protection, but the EFS key that is used for decryption must also be protected. Syskey is used to provide that strong protection of the EFS private keys. In combination, these two technologies make it computationally infeasible for an attacker to decrypt your data.
Insecure network infrastructure
Most modern building tenants share hollow walls with their neighbors. This is often a security concern because network wiring frequently runs through these common walls. An attacker can easily connect their own computer to a network without being detected by simply making a hole on the other side of the wall and splicing into the network wiring.
The insecure network infrastructure may not always be a building’s hollow walls. For example, remote users might use virtual private networks (VPNs) to communicate with the office. This VPN communication frequently uses the Internet to relay the data. Because the Internet is an insecure network itself, the data could easily be compromised during transmission.
This type of threat can be easily mitigated by using IPSec. You should use IPSec in this scenario to encrypt all network traffic that might contain sensitive data, such as file transfers and database interaction. Less sensitive network transmissions, such as identification broadcasts and Web surfing, might not require IPSec protection. IPSec can be configured to include or exclude any desired data to provide the appropriate amount of security.