Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Which Encryption should I use

Status
Not open for further replies.
kineticnrgynx

kineticnrgynx

IS-IT--Management
Mar 24, 2003
17
0
0
US
I have some highly sensitive information that I need to encrypt on a server. I want to give only certian people access to the folder and files.

I'm thinking of using a certificate authority service to accomplish this, but am a bit unclear on the ins and outs of it all.

If I install that certificate authority on a designated server then I should be able to assign a signature certificate to the folder and distribute that certificate through group policy to the people I want to have access...

Correct???

Also, can I make a backup copy of that certificate and save it on, say a CD or something and lock it away in case the unmentionable would ever happen.

If there is a simpler or better way of doing this... I'm definately open to suggestions.
 
Sort by date Sort by votes
A certificate authority (CA) is a trusted third party used to authenticate an entity's public key. Establishing a CA will not provide confidentiality. Additionally, a digital signature provides a means of verifying data integrity and non-repudiation, but does not provide confidentiality.

If I understand your situation correctly, you have private information that only select people should have access to. If that is the case, consider using a symmetric algorithm (like 3DES or Blowfish) to protect the data. Only people who need access to the data should have the secret (A.K.A the "key", which could be a password if you like).

You will need to take steps to protect the key, as well as have a plan for reencrypting the data with a new key should the current key be compromised (or if one of your trusted people quits their job or gets fired).

If you feel up to it, you could use an asymmetric algorithm (think public key / private key) to protect the data. If done properly, you could allow some people to be authors while others can only read the protected data. I will be happy to discuss this in more detail if it appeals to you.

Best of luck,
Jason
 
Upvote 0 Downvote
Jason, I would definately like to discuss this further... I'm still a bit of a novis in this area.

Like I said, I'm wanting to give certian people decryption rights to these files...

If you could point me to an article that would outline the procedure, or even direct me yourself... I would greatly appreciate it.

Thanks.
 
Upvote 0 Downvote
Kinetic,

Tell me a little about your resources. Will this be an in-house development effort, or will you be using third-party tools? If you're using third-party tools, I expect you'd prefer to leverage what you've already got instead of running out and buying something new (or perhaps use an Open Source solution). What operating system is used on the box that stores the data?

Thanks,
Jason
 
Upvote 0 Downvote
Well, it's an in house design... and we have about 3 people that we want to be able to decrypt the data at any time they want or need for useage.

The server is running M$ W2k adv serv.

We would like to keep from using too many third party tools because of increased cost. I would like to just secure the folder and files within the folder. Traffic to and from that server is not a problem, because we are using ipsec for security purposes.
 
Upvote 0 Downvote
Kinetic,

Having in-house design is a great position to be in. What language are you developing in?

If you're using C/C++, I recommend using the OpenSSL toolkit. This is available at
-Jason
 
Upvote 0 Downvote
I'm sorry jason, i think you've got me all wrong here... i'm not a programmer, i'm a network admin... when you start talking C+ and C++, i get totally lost... i'm just wanting to find out what polices to put into place within a w2k environment
 
Upvote 0 Downvote
I believe Windows 2000 has everything you need. You can encrypt the directories with EFS (Encrypted File System), which is described here:
You can then use Windows access controls to specify which users/groups can access those directories.

Do you feel this will accomplish your goals?

-Jason
 
Upvote 0 Downvote
Yes, this is what i was talking about... I've been working successfully with EFS since this project began, I'm just looking for a way to distribute the decryption keys that efs generates when you encrypt a file via policies in active directory so that it's seemless for the end user... if they have permission to decypt... it comes up...

Thanks for the article, I'm going to look into it and see if it will help me distribute those decryption keys. I'll let you know if it's what i needed.

kinetic
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

stanlyn
  • Question
Uncoupled Disk Encryption
Replies
0
Views
175
stanlyn
stanlyn
Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
148
Sameer258
Sameer258
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
126
XLNTech1
XLNTech1
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
150
Johnkite
Johnkite
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
177
Shmid
Shmid

Part and Inventory Search

Sponsor

Back
Top