Join Lisa Bock for an in-depth discussion in this video Encrypting offline folders and software restriction policies, part of IT Security Foundations: Network Security.
- Encrypting File System uses encryption to encrypt files and folders to ensure confidentiality. It's simple and secure, and a folder or file that is encrypted will be shown in green. Now let's take a look. I'm in Server 2008. I'm going to create a folder, and I'll name it Secret. Now, because I want to protect it, I'm going to right-click and I'm going to go to Properties.
At the General tab, you'll see Advanced. Click Advanced, and here are the choices. You can compress or encrypt. I'm going to encrypt to secure data, and I'll say OK. And Apply, and OK. I've located the folder, and as you can see, it is in green because it's encrypted. What about the remote user accessing folders on a network share? When a remote user connects to a shared folder in the network, the files are downloaded to an offline cache on the user's system where they can read and edit files while not connected to the network share.
Whenever he or she reconnects, the files are synchronized. Once they reconnect, the share is updated to the most recent change. On the server side, each share on the system must be configured to allow offline files. Each client must also be enabled for offline file support for each share. Offline encryption protects the data while it's on the user's system. Here's an example. When accessing a share on the network, the file is decrypted and then it is sent across the network in plain text.
If saved to a folder on the local drive that's marked for encryption, it is encrypted locally. Steps should be taken to encrypt the data as it travels the network by using something such as a VPN connection. Software Restriction Policies are used to protect clients by allowing only authorized software to run. In Server 2008, security levels can be set to disallow all, and then defining what software can be allowed to run in the form of an exception.
We see that there are three security levels: disallowed, which blocks all software, basic user, only software needed to run, and unrestricted, which is the default, allows all software to run. I'm going to take a look at the Local Security Policy. The Local Security Policy, here I can expand the Security Restriction Policies, and as you can see, here are my three levels, and once the administrator defines these, exceptions can be made.
AppLocker is a newer option which allows you to set rules on what programs are allowed, based on group policy. This gives us more granular control. You can use AppLocker or software restriction policies, but not both. However, using either one of those will help you to prevent malware from running, including Cryptolocker. Let's take a look at the comparison. When we take a look at the Software Restriction Policies, it'll apply to all users.
However, AppLocker gives us more granular control, as we can apply it to a specific user or group.
Note: This training maps to a number of the exam topics on the Microsoft Technology Associate (MTA) Security Fundamentals exam (98-367). See https://www.microsoft.com/learning/en-us/exam-98-367.aspx for more information.
- Implementing secure content management (SCM)
- Implementing unified threat management (UTM)
- Introducing VLANs
- NAT addressing
- Network sniffing
- Understanding common attack methods, such as password attacks
- Protecting clients with antivirus software
- Implementing physical security