Windows Server 2003 Security Infrastructures
This nuts and bolts guide is a must-read for anyone wants to know about Windows Server 2003 security and leverage the operating systems' security infrastructure.
TABLE OF CONTENTS Windows Server 2003 Security Infrastructures
Chapter 17: Windows Server 2003 PKI-enabled Applications
In the previous chapters we introduced Windows Server 2003 PKI. In this chapter we focus on three applications that can leverage your PKI investment: the Encrypting File System (EFS), S/MIME for secure messaging, and smart card enabled applications. Windows Server 2003 obviously supports many other PKI-enabled applications, some of which were covered in previous chapters (such as SSL/TLS for secure Web communications); others are out of the scope of this book (these include communication security solutions like IPsec, wireless authentication using 802.1x, and EAP-TLS).
One of the key messages you should remember from the previous chapters is that a PKI is an infrastructure, of which multiple applications can take advantage to provide strong public key cryptography based security to their users.
17.1 Encrypting File System
The disclosure of confidential information to unauthorized parties is a serious threat from which any organization should be protected. The Encrypting File System (EFS), a feature of the Windows 2000, XP, and Windows Server 2003 NTFS version 5 file systems, provides file system level encryption of files and folders stored on NTFS volumes. Before Windows 2000, NT users had to use the products of other vendors to implement an encryption solution.
17.1.1 The end user EFS experience
As in Windows 2000, Windows XP and Windows Server 2003 NTFS files and folders can be encrypted manually by checking the Encrypt contents to secure data box in the advanced properties or by choosing the Encrypt command on a file or folder s shortcut menu. If you set the encryption attribute on...
Copyright Hewlett-Packard Development Co., L.P. 2004 under license agreement with Books24x7
