7-1 Security

> Encrypt data on a hard disk by using Encrypting File System (EFS).

Windows 2000 includes greater security than other versions of windows, with its Encrypting File System (EFS). It is based on public and private key encryption. The file system automatically generates an encryption certificate for the user along with a private key. You can encrypt individual files or folders, only on the NTFS file system.

When a user is logged on, they don't have to decrypt files to use them EFS automatically detects an encrypted file, locates the users private key and decrypts the file.

To encrypt a file or folder

In explorer select the file or folder you want to encrypt, choose properties

Choose advanced button to display the advanced attributes

Check the Encrypt Contents To Secure Data box

To remove encryption from a file or folder, follow directions above and uncheck the Encrypt Contents To Secure Data box.

You can also encrypt file and folders from the DOS command prompt using cipher.exe If you do not use any command line options cipher will just display the encryption status of the folder.

cipher [/e | /d] [/s:dir] [/i] [/q] [dirname]

/e Encrypts specified directory

/d Decrypts specified directory

/s : dir Specifies the directory to encrypt or decrypt

/i Ignors errors

/q Specifies a directory

dirname

> Implement, configure, manage, and troubleshoot local security policy.

Security

User-level security protects shared network resources by requiring that a security provider authenticate a user’s request to access resources. The domain controller , grants access to the shared resource by verifying that the user name and password are the same as those on the user account list stored on the network security provider. Because the security provider maintains a network-wide list of user accounts and passwords, each client computer does not have to store a list of accounts.

Share-level security protects shared network resources on the computer with individually assigned passwords. For example, you can assign a password to a folder or a locally attached printer. If other users want to access it, they need to type in the appropriate password. If you do not assign a password to a shared resource, every user with access to the network can access that resource.

Local security policies are based on the computer you are logged into, and the rights you have on that particular computer. Local security policies include:

• Audit policy: which security events are logged into the Security log.
• User rights assignment: the users or groups that have logon or task privileges on the computer.
• Security options: enables or disables security settings for the computer, such as digital signing of data, Administrator and Guest account names, floppy drive and CD ROM access, driver installation, and logon prompts.

> Implement, configure, manage, and troubleshoot local user accounts.

Implement, configure, manage, and troubleshoot auditing.

Security auditing is a feature of Windows 2000 that monitors various security-related events. Monitoring system events is necessary to detect intruders and to detect attempts to compromise data on the system. An example of an event that can be audited is a failed logon attempt.

The most common types of events to be audited are: Access to objects, such as files and folders Management of user and group accounts When users log on to and log off of the system In addition to auditing security-related events, Windows 2000 generates a security log and provides a way for you view the security events reported in the log. Finally, the Windows 2000 auditing feature generates an audit trail to help you keep track of all security administration events that occur on the system.

From Windows Explorer, right-click a file or folder select properties, and then click Security. Then click advanced.

From here select the auditing tab and select add or remove users.