Security Shorts Encrypt Docs Vista

  • Uploaded by: Wael Guirguis
  • 0
  • 0
  • May 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Security Shorts Encrypt Docs Vista as PDF for free.

More details

  • Words: 2,463
  • Pages: 13
INFORMATION TECHNOLOGY SECURITY SERVICES http://safecomputing.umich.edu

How to Encrypt Documents with EFS on Your Vista Computer ESTIMATED

TIME TO COMPLETE:

5

WHAT’S

MINS

What do you carry around on your laptop? Does it include things like your resume, transcripts, school or internship applications, or financial records? If you are using a laptop for your job, maybe you have files like human resources records, student applications, transcripts, human subject research data or payroll information. These documents likely include some form of SENSITIVE DATA, which is data whose unauthorized disclosure may have serious adverse effect on the University’s reputation, resources, services or individuals. If your laptop falls outside of your physical control due to loss or theft, you’ll want the data inside to be electronically inaccessible. Encryption is the standard technology used to protect sensitive data from unauthorized disclosure. Microsoft’s latest operating system, Vista, makes encryption easy by providing built-in tools: the Encrypting File System (EFS) and Bitlocker. EFS provides encryption for specific folders, while BitLocker provides full-drive encryption. Bitlocker is the recommended method for securing your information because: •

you don’t have to worry about getting documents in the encrypted folders,



you don’t have to worry about unencrypted sensitive data left over in temp files, page files, hibernation files etc.

Use EFS only if: •



you want to encrypt just a few selected folders rather than your whole hard drive--for example, if you share a computer and just want to encrypt your own files. your hardware or software versions prevent you from using full-drive encryption (i.e. you don’t have the Enterprise or Ultimate version of Vista).

BEFORE YOU PROCEED: These Security Shorts are intended for non-technical users who manage their own computers. If your laptop is managed by an IT department, do not proceed. Contact your IT administrator for further assistance.

IN

THIS DOCUMENT How to Encrypt Documents with Microsoft Vista…1 Step 0: Password Protect Your Account...2 Step 1: Encrypt Your Desktop and Documents Folder…3 Step 2: Back up Your File Encryption Key…6 Step 3: Store and Access Encrypted Documents…9 4: Backing Up Your EFS Encrypted Documents…10 To UnEncrypt an Individual File…11 To UnEncrypt a Folder and All Files in it…11 To Recover an Encrypted File or Folder…13

Please note that in order to complete this process, you will need a new back-up thumb drive that can’t be used for other purposes. Keep in mind: •

Disk encryption technologies such as EFS can protect your data from unauthorized access, but it does nothing to protect data that is transmitted over the network or via e-mail.



EFS does not protect your data when you log in and visit a malicious Web site or open a malicious e-mail.



Back up your data and encryption keys, or risk losing your data irretrievably.

U-M Information Technology Security Services

Safecomputing.umich.edu

page 2

How to Encrypt Documents with EFS on Your Vista Computer_021208

Step 0: Password Protect Your Account If you haven’t already, you need to build the first level of defense for your data, which is password protection. Consider using a pass-phrase, which is a more complex combination of letters than a typical password.

1. Press CTRL+ALT+DEL 2. Click Change a password… 3. Enter your old password 4. Create a strong password or pass-phrase by choosing a long but easily remembered phrase.

Here are some things to keep in mind when you create your new password: •

Select a unique password — not one you are using or have used elsewhere. Do not use a PIN number or a password used for other computing accounts like AOL or hotmail.



Use at least nine characters containing a mix of upper- (capital) and lower-case letters, numbers, and common punctuation. However, do not use a forward slash (/) or a space bar.



The best passwords are made up. (Of course, don't use any examples shown here.) o

Use the first letter of words in a phrase and include numbers and punctuation; for example, “Do you know the way to San Jose on US-12?” becomes “DyktwtSJoUS-12?”

o

Use an entire phrase, like Rudolph Is My Favorite Reindeer.

U-M Information Technology Security Services

Safecomputing.umich.edu

page 3

How to Encrypt Documents with EFS on Your Vista Computer_021208

Step 1: Encrypt Your Desktop and Documents Folder 1. Quit any application you may have open. 2. From the Start menu, click your user account name to open your home directory:

U-M Information Technology Security Services

Safecomputing.umich.edu

page 4

How to Encrypt Documents with EFS on Your Vista Computer_021208

3. Click the Documents folder 4. While the Documents folder is selected, press the Control key and click the Desktop folder •

Both the Desktop folder and the Documents folder should now be selected as shown in the screenshot below

5. Right-click the Documents folder and select Properties from the context menu 6. Click the Advanced button on the Properties dialog 7. Check the option that says Encrypt contents to secure data, and click OK

Note: If the option to encrypt cannot be selected, contact the systems administrator or IT specialist in your department and ask them for the recommended way to encrypt your sensitive documents. 8. Click OK again on the Properties dialog

U-M Information Technology Security Services

Safecomputing.umich.edu

page 5

How to Encrypt Documents with EFS on Your Vista Computer_021208

9. Turn on the button for Apply changes to this folder, subfolders and files. Click OK a third time to indicate that you want to encrypt all subfolders and files.

A progress dialog indicates the contents of your Documents folder are being encrypted:

U-M Information Technology Security Services

Safecomputing.umich.edu

page 6

How to Encrypt Documents with EFS on Your Vista Computer_021208

Step 2: Back up Your File Encryption Key After Vista has finished encrypting your Desktop and Documents folders, you should see a notification to “Back up your file encryption key.” This step is absolutely critical because if you forget your password or your on-disk key gets corrupted, there is no way to recover your data. If there were, the encryption process would be broken. Note: If this notification doesn’t appear, you can still click the Notification Icon (the lock and key) in the lower left corner of your screen to get started.

1. Click the Notification Icon to back up your file encryption key

2. Click the option to Back up now (recommended) which will launch the Certificate Export Wizard:

U-M Information Technology Security Services

Safecomputing.umich.edu

page 7

How to Encrypt Documents with EFS on Your Vista Computer_021208

3. On the Welcome page of the Certificate Export Wizard, click Next 4. On the Export File Format page, make sure the Personal Information Exchange - PKCS#12 (.PFX) format is selected and click Next

U-M Information Technology Security Services

Safecomputing.umich.edu

page 8

How to Encrypt Documents with EFS on Your Vista Computer_021208

5. On the Password page, type a strong password or pass-phrase, confirm it store it, and press Next 6. On the File to Export page a. Insert a USB flash drive into your computer b. An AutoPlay dialog window appears—note the drive letter assigned to your flash drive (G: in the picture below). Close the dialog window. d. Type in the drive letter of your flash drive followed by a backslash then a filename. In this example, G:\EFSFileEncryptionKey e. Click Next

7. On the Completion page, click Finish 8. A Certificate Export Wizard dialog appears, noting that “The export was successful.” Click OK

9. Eject the flash drive then store it in a safe place. For example, you may want to give it to your key admin to be locked in a safe. Don’t use the flash drive for other purposes. 10. Record the password that you entered in step 2.5 and store it in a safe place. If you do write down your password, store it separately from the flash drive, or be sure that your flash drive is physically secured in a way that an untrustworthy individual cannot access both the flash drive and your encrypted files. U-M Information Technology Security Services

Safecomputing.umich.edu

page 9

How to Encrypt Documents with EFS on Your Vista Computer_021208

Step 3: Store and Access Encrypted Documents Store any and all sensitive data files on your Desktop or in the Documents folder since these were the two folders encrypted above. When you save a file in an encrypted folder, the file will automatically be encrypted. You can tell that a file (or folder) is encrypted if the name of the file or folder is green:

Access and work with your encrypted documents just like you did before. You don’t have to do anything special since the computer automatically encrypts and decrypts the data for you. If you move or copy a file out of an encrypted folder, the filename may turn black, indicating that it is no longer encrypted.

U-M Information Technology Security Services

Safecomputing.umich.edu

page 10

How to Encrypt Documents with EFS on Your Vista Computer_021208

4: Backing Up Your EFS-Encrypted Documents This security short is primarily about encrypting data on laptop computers to prevent unauthorized access to sensitive data when the laptop is lost, stolen, confiscated, or otherwise physically compromised. With that in mind, we support creating clear-text (unencrypted) back-ups of sensitive data as long as those clear-text back-ups are physically secured away from the mobile laptop in a safe, vault, locked cabinet, server room etc. Creating clear-text back-ups has the added advantage of providing access to your data in the event that the key recovery process (also described in this document) fails for some reason (such as forgetting your recovery key password). To back up your EFS-encrypted documents in clear-text, simply copy them from your encrypted folder to a network server, external hard drive, CD ROM, USB flash drive, etc. When you perform that copy operation, Vista will inform you that your back-up copy will be unencrypted. Click Yes.

Note: If you click No then the file will not be copied at all in either format! If you currently use a back-up program (rather than manually copying your files) there are three ways that back-up product will interact with EFS-encrypted documents. Specifically, your current back-up solution will either: •

Fail when it attempts to back up your EFS-encrypted documents



Back-up your EFS-encrypted documents in clear-text format



Back-up your EFS-encrypted documents and keep them encrypted

You should test your back-up solution and verify that it minimally will make a clear-text back-up of your EFS-encrypted documents. If it fails to back-up your EFS-encrypted documents, you should contact the vendor to identify their EFS support plans. In the meantime, you can manually back-up the encrypted files as described above by copying them yourself. Note: Technically advanced users who want to back-up up their EFS-encrypted documents while preserving the encryption without paying for a third-party backup solution have a built-in option. Windows Vista includes a command line tool called robocopy.exe that has an /EFSRAW switch which will preserve the encryption of copied files. U-M Information Technology Security Services

Safecomputing.umich.edu

page 11

How to Encrypt Documents with EFS on Your Vista Computer_021208

To UnEncrypt an Individual File 1. In Windows Explorer, right-click the file you want to decrypt, and then click Properties 2. Click the Advanced button in the General tab on the Properties sheet 3. Clear the Encrypt contents to secure data check box, and then click OK 4. Click OK again on the Properties sheet

To UnEncrypt a Folder and All Files in it 1. In Windows Explorer, right-click the folder you want to decrypt, and then click Properties 2. Click the Advanced button in the General tab on the Properties sheet 3. Clear the Encrypt contents to secure data check box, and then click OK 4. Click OK again on the Properties sheet 5. On the Confirm Attribute Changes dialog, select the option to Apply changes to this folder, subfolders, and files, then click OK

U-M Information Technology Security Services

Safecomputing.umich.edu

page 12

How to Encrypt Documents with EFS on Your Vista Computer_021208

If you lose your thumb drive…

1. Open Certificate Manager by clicking Start, typing certmgr.msc into the Search box, and then pressing Enter 2. Click the arrow next to the Personal folder to expand it 3. Click Certificates 4. Click the certificate that lists Encrypting File System under Intended Purposes (You might need to scroll to the right to see this) 5. If there is more than one EFS certificate, you should back up all of them 6. Click the Action menu, point to All Tasks, then click Export 7. In the Certificate Export wizard, click Next, click Yes, export the private key, then click Next 8. Click Personal Information Exchange, then click Next 9. Type the password you want to use, confirm it, then click Next 10. The export process will create a file to store the certificate 11. Enter a name for the file and the location (include the whole path) or click Browse and navigate to the location, and then enter the file name 12. Click Finish

U-M Information Technology Security Services

Safecomputing.umich.edu

page 13

How to Encrypt Documents with EFS on Your Vista Computer_021208

To Recover an Encrypted File or Folder If you can see the file or folder, but are unable to decrypt it for some reason, follow these steps: Note: This information will not help recover a file from your back-up tape if your hard disk has crashed.

1. Insert the USB flash drive that contains your backed-up EFS certificate •

You backed up your EFS certificate and stored it in a safe place in Step 2 along with a written copy of your password

2. From the AutoPlay dialog, Open folder to view files •

If AutoPlay is disabled and no dialog pops up when you insert your flash drive, then navigate to the flash drive using Windows Explorer

3. Double click the (.pfx) file that contains your backed-up certificate •

In Step 2.6, the file was named EFSFileEncryptionKey



This opens the Certificate Import wizard

4. On the Welcome page, click Next. 5. On the File to Import page, click Next •

The filename should already be entered since you launched the Import wizard by clicking on the filename

6. Type the password, select the Mark this key as exportable check box, and click Next •

You entered a password in Step 2.5



You optionally recorded the password in Step 2.10



Do not enable strong private key protection

7. On the Certificate Store page, a. Select the option to Place all certificates in the following store b. Click the Browse button and select the Personal store then click OK c.

Click Next

8. On the Completion page, click Finish

After the certificate is imported, you should have access to the encrypted files.

U-M Information Technology Security Services

Safecomputing.umich.edu

Related Documents

Encrypt > Passwd
July 2020 11
G Encrypt
August 2019 19
Shorts Tracciato.pdf
April 2020 18
Weird Shorts
June 2020 12

More Documents from "Ginae B. McDonald"

Blockchain For Business.pdf
October 2019 19
April 2020 1
December 2019 5
December 2019 11