Introduction

In the previous chapter, we discuss how encryption (in the form of EFS) can be used to protect data stored on disk. Equally important to today's network administrator is the protection of sensitive data as it travels across a network. In the early days of networking, local area networks (LANs) were lone entities. These isolated networks typically ran NetBEUI in small workgroups of fewer than 200 computers and were not connected to any other networks. The major security concerns in an isolated environment typically revolved around employees located at the site. You could focus your security efforts on local access controls, such as locking down disk drives on employee workstations and checking briefcases and handbags for printed materials. Especially sensitive data could be encrypted on the disk.

Today's networks are very different from the isolated NetBEUI networks of yesteryear. Most likely, your network is connected to other networks, including the global Internet, via dedicated leased lines or your organizational remote access server. Some workstations on your LAN might even have their own link to the outside via a modem and phone line.

Each of these points of access represents an ever-increasing security risk. In the "olden" days, electronic documents had to be copied to a disk or printed in order to leave the company's premises; now, transporting data is as easy as sending an e-mail attachment over the Internet. Your organization's prized database can easily be posted to an electronic newsgroup. Hackers can penetrate the network and gain usernames...