Criptografando o índice de pesquisa usando o EFS

7

Há algo de errado em criptografar o índice de pesquisa com o EFS e permitir que o índice do serviço de pesquisa criptografe os arquivos? Eu criptografei o diretório% ProgramData% \ Microsoft \ Search e adicionei o usuário SYSTEM usando "cipher / ADDUSER / certhash: "SYSTEMHASH" / s: o diretório, e parece que a conta SYSTEM não tem problemas para indexar meus arquivos.

No entanto, a recomendação diz-me para indexar apenas ficheiros encriptados quando é utilizada uma encriptação de disco completo. Esta é uma prática errada?

    
por wbkang 07.02.2010 / 23:28

1 resposta

5

Leia o raciocínio para não apenas criptografar apenas o índice nesta página do TechNet

Encrypting the Index To encrypt the index file itself, we recommend that you encrypt the entire volume containing the index with BitLocker or another 3rd party full-volume encryption option. This provides strong protection against offline attacks; online attacks are still possible by users with administrator access. BitLocker Drive Encryption provides enhanced protection against data theft by encrypting data operating system and data volumes. In Windows 7, BitLocker Drive Encryption works on removable drives. We strongly recommend also BitLocking operating system volumes if you BitLock data volumes.

While the Encrypting File System (EFS) can also be used, it is not recommended. The Windows Search service runs under the LocalSystem account and needs access to the index files. As a result, EFS keys associated with the LocalSystem account must be used to encrypt the index files. Consequently, the index files are open to the following attacks:

  • Online: Any administrative user can gain access to the encrypted index files by simply impersonating the LocalSystem account. (Existing tools on the web make this a trivial task.)

  • Offline: The key that is used by the LocalSystem account to decrypt files is stored on the machine in an obfuscated state. Someone with physical access to the machine can use existing tools on the web to retrieve this key and access the encrypted index files.

    
por 07.02.2010 / 23:36