MCSE/MCSA Implementing & Administering Security in a Windows 2000 Network Study Guide (Exam 70-214)

Chapter 5 discussed how encryption (in the form of the Encrypting File System [EFS]) can be used to protect data stored on disk. Equally important to today's network administrator is the protection of sensitive data as it travels across a network. In the early days of networking, local area networks (LANs) were lone entities. These isolated networks typically ran NETBIOS Extended User Interface (NetBEUI) in small workgroups of fewer than 200 computers and were not connected to any other networks. The major security concerns in this isolated environment typically revolved around employees located at the site. Security efforts focused on local access controls, such as locking down disk drives on employee workstations and checking briefcases and handbags for printed materials. Extremely sensitive data was encrypted onto disk.
Today's networks are very different from the isolated NetBEUI networks of yesteryear. Most likely, your network is connected to other networks, including the global Internet, by way of dedicated leased lines or your organizational remote access server (RAS). Some workstations on your LAN might even have their own link to the outside via a modem and phone line.
Each of these points of access represents an ever-increasing security risk. In the "old" days, electronic documents had to be copied to a disk or printed in order to leave the company's premises; now, transporting data is as easy as sending an e-mail attachment over the Internet. Your...