Windows XP operating system provides many enhancements in data protection - especially Encrypting File System (EFS). This article details the specifics of performing cryptographic operations on offline files and seeks to help system designers and administrators develop the best way to create data recovery and data protection strategies with Windows XP.
Encryption operation for offline files
The Windows 2000 operating system introduces the function of performing cache processing on offline files (also known as client-side caching
technology
[CSC]). This IntelliMirror Management Technology
will allow network users to implement access calls for file shares based on network shares, even if the client computer and network system connection are disconnected.
For example, when a mobile user views the share while offline, he (she) can still be performed for the target file browsing, reading and editing operations, mainly because the relevant documents The buffer memory that has been read into the client computer. When the user connects to the server later, the system will coordinate with the server for the relevant modifications.
Windows XP clients can use the encrypted file system to set offline files and folders to accept encryption processing. Some professionals travel a lot and need to work offline on a regular basis while keeping their data secure. This feature is especially attractive for such users.
Universal Database
A general-purpose database based on the local computer can be used to perform storage operations on all user files, and the access call object is limited to the above file scope through an accurate access control list (ACL). Inside. The database can display related files in a special way - hide the database structure and format, and show the appearance of the ordinary folder. Other user files and folders are neither displayed nor accessible to other users. When the offline file is encrypted, the entire database will be encrypted with the aid of the EFS computer certificate. Individual files and folders will not be selected for decryption. In this way, the entire offline file database will be protected from malicious attacks using the localized EFS features that have been activated by default.
a limiting factor
encrypted offline file database inherent limiting factors embodied, files and folders can not be presented to the user in an alternate color working offline. Remote servers may also selectively apply file and folder encryption features while online, so when you display encrypted files online and offline, users will see different effects.
Important:
CSC usually runs as a SYSTEM process and is therefore available for any user to implement access calls. Not only that, but other processes that also run in the SYSTEM process or temporarily act as the SYSTEM process can also make access calls to the CSC. This includes administrators based on local computers. For this reason, whenever sensitive data is stored to an offline folder, administrative access should be restricted to specific users, and SYSKEY should be used to defend against offline attacks.
Encryption for offline files
Users can select the Folder Options command on the Tools menu in Windows Explorer and the subsequent dialogs The settings for the folder options are set in the box to set the encrypted offline file feature to active.
Description: This option is only available in Windows XP Professional.
Please select the Offline Files tab as shown below.
Select the Offline Files tab
Check both Enable Offline Files and Encrypt offline files to secure data to encrypt offline files for data security. Check box.
Click OK.
Offline files will be encrypted while being read into the local cache with the help of private keys and certificates provided to client computer users.
Important: Do not encrypt files that have been stored in the roaming user configuration. This is mainly because the file cannot be opened once the file is loaded during the login process. .