Benefit from Windows file encryption
Although most people don't realize it, Windows 2000 gives you the ability to encrypt the data on your hard drive right out of the box. Although this feature is only available for files and folders on NTFS volumes, it is exceptionally easy to configure, and once configured, it is transparent to the user.
To encrypt your data, right click on a file or folder from Windows Explorer and select Properties. Then click the "Advanced" button on the first page. The last line offers you a check-box. Click it and then "OK". You will be prompted to apply the encryption setting to all the sub-folders and files, or just the one you selected. Once you choose what you want to encrypt, you're done!
This 30-second process is all that is required to encrypt your data with the popular DES standard. Optionally, you can order an Encryption PAK from Microsoft, which will allow you to use 3DES. It encrypts all the files, and when you access them, it decrypts them behind the scenes and re-encrypts them when you're done. However, if another user attempts to access the file, by opening, renaming, moving, etc., they will receive an access-denied message. Only the user that encrypted the file can open it.
While the merits of file encryption on the users' desktops and particularly laptops are obvious, there is much more you can do with this encryption to enhance security. For instance, if you run Windows Web servers with IIS, consider encrypting any related directories to prevent tampering or Web site defacement. (Note that you'll probably have to encrypt them while logged in using the same account that is used for log-on by the WWW service.
Also consider encrypting your temp folder. While many programs like Word and Excel have passwords and such, they are famous for not properly closing temporary files in the temp directory, and if someone gains access to this folder, there's a good chance they could retrieve some of your data. By encrypting the temp folder, you can make this prohibitively difficult. (Note that you will need to have all programs closed or you may get "access-denied: file in use" messages.)
Note that we have previously published a tip about the Encrypting File System (EFS). Read that tip here.
Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.
This was first published in February 2002