Chapter 6. EFS Basics
September 16, 2001the Hyatt Regency Hotel, Irvine, California. Qualcomm founder and self-made billionaire Irwin Jacobs turned from speaking with journalists and realized his laptop was missing. Just minutes before, he'd been using it to give a presentation to the Society of American Business Editors. On the laptop were company financial statements, secret data, email, and, of course, his contact list and pictures of his grandchildren. It was the first widely publicized laptop theft, and it was the first one to bring to everyone's attention the fact that laptop theft might not just be about pawning a piece of expensive hardware. There has been much speculation that the theft was not routine but instead was a case of corporate espionage. Jacobs's security? He relied on a BIOS password. None of the data on his computer was encrypted. As you know, a BIOS password is a good physical deterrent, especially on stationary computers. It is not, however, an effective security device for laptops. BIOS passwords can be circumvented by simply removing the hard drive, an especially simple task on a laptop. Had Jacobs encrypted his data and kept the keys separate from the laptop while in public places, he could have at least worried a little less about what thieves might be doing with his data. It's ironic that he certainly could have afforded the highest level of data encryption protection for his data but had none. But it's even more interesting because Windows 2000, which introduced the Encrypting File System (EFS), had been available for seven months. Data encryption would have been possible for him at no extra charge. Today, you can incorporate strong data encryption in your enterprise security design by using EFS, but you must understand EFS to avoid pitfalls and ensure data security, integrity, and recovery. This chapter will help you do so. |