who shouldn’t have access to it. If anyone gains access to your system remotely or
by physically accessing your computer, he or she won’t be able to view the
encrypted data. For example, let’s say someone steals your laptop and starts the
computer in the hopes of viewing private information stored on your hard disk.
Because you’ve encrypted the data on the disk, they would be unable to view it
without a password or encryption key. An encryption key is an algorithm or
mathematical code that’s used to encrypt and decrypt the data.Without this key,
the person attempting to view the data is essentially locked out.
Encrypting data can be performed in a number of ways. Some operating systems
have native support for encryption, so you don’t have to install any thirdparty
programs on your computer to encrypt data. Using this feature, you can
encrypt files and folders on your system. Other operating systems don’t provide
this support, meaning that you need to install programs available from the
Internet. Some of these programs create a virtual disk, which is an encrypted file
on your hard disk that appears like a normal drive letter.We discuss each of these
in the paragraphs that follow. In Chapter 3, we discuss encryption further by
looking at how e-mail and file attachments can be encrypted using tools like
Pretty Good Privacy.
Windows XP and Windows 2000 provide the ability to encrypt data on hard
disks formatted to use the NTFS file system. NTFS provides encryption through
the Encrypting File System (EFS) that allows you to encrypt files or folders. If
you encrypt a folder, all files within the folder are also encrypted. EFS uses a
unique encryption key that is available to people who are authorized to view the
data, and it controls the encryption/decryption process.This goes on in the background,
however, making the process transparent.You’re not even aware that a file
is encrypted unless you’re not authorized to view the data.
Encrypting data in Windows 2000 and Windows XP is done through
Windows Explorer. In Windows Explorer, navigate through the folders to find
the file or folder you want to encrypt. After you’ve decided on what you want to
encrypt, follow these steps:
1. Right-click the file or folder, and then click the Properties item on the
menu that appears.
2. When the Properties dialog box appears, select the General tab, and
then click Advanced.
3. Click the Encrypt Contents To Secure Data checkbox. Ensure that a
checkmark appears in this checkbox to indicate that the file or folder is
to be encrypted.
4. Click OK.
Decrypting data in Windows 2000 and Windows XP is equally simple.The
same procedure you used to encrypt data is followed, except that you clear the
Encrypt Contents To Secure Data checkbox. After this checkbox is cleared,
the file or folder in question will be decrypted after you click the OK button.
EFS does have some limitations, and it will not allow you to encrypt every
file on your system. If compression is used on files and folders, you can’t encryptthem.You have the choice of either compressing or encrypting files and folders,
but you can’t do both.You also can’t encrypt files with the System attribute,
because this could cause problems with your system. Finally, and most importantly,
EFS can only be used on hard disks using the NTFS file system. If you’re
using any other file system, then EFS won’t be available to use.Aside from these
limitations, you can encrypt any other files and folders on your system.
Other operating systems might not have native encryption support, but they
can still benefit from third-party encryption tools. One such tool is BestCrypt,
which can be downloaded from Jetico’s Web site at www.jetico.com. BestCrypt
supports Windows 3.1/9x/Me/NT/2000/XP as well as DOS and Linux. It uses
several encryption algorithms, including Blowfish,Twofish, Rijndael, and GOST,
which ensures that your data is protected. Using the control panel shown in
Figure 2.8, BestCrypt creates a virtual drive on your hard disk that (as far as other
programs on your computer are concerned) functions as an actual drive on your
computer. Files saved to the virtual drive are automatically encrypted.
container is an encrypted folder that is mounted using BestCrypt and then
appears as another hard disk.When looking at Figure 2.8, C:\ is the actual hard
disk on the computer, D:\ is a CD-ROM, and E:\ is the mounted virtual drive.
Although E:\ can be used as an actual encrypted drive, it is really a file called
New Container.jbc, which is stored in C:\BestCryptContainer.When configuring
the container used for this drive, you can specify both the size and encryption
method used.Any data saved to the container is encrypted, and any data removedfrom the folder is automatically decrypted.To access any data in the container,
you need to use a special password created with the control panel.
The Cipher Tool in Windows 2000
Windows 2000 provides an additional method of encrypting data on
your computer. A tool called cipher.exe can be used from the command
prompt to display, encrypt, and decrypt data. To encrypt or decrypt data,
you type CIPHER with any command line switches and the name of the
file or directory being encrypted. The switches used with this tool are:
■ /E Encrypts the data
■ /D Decrypts the data
■ /S Performs the command on any subdirectories and files in
those directories
■ /I Continues performing the command after errors have
occurred
■ /F Forces encryption on directories, even if they are already
encrypted
■ /Q Reports the most essential information
While the cipher.exe option exists, encrypting and decrypting files
and folders through Windows Explorer is considerably easier, as
described earlier in this section.
No comments:
Post a Comment