Considerations For Using A File Recovery Strategy That Uses Self-signed Certificates

By Author: The MCITP: Enterprise Desktop Support Technician
Total Articles: 128
Comment this article

File recovery is the process of either restoring a backup of the original keys and then continuing to use the microsoft exams(http://www.mcitp-70-620.com)
, or using a file recovery agent to decrypt a file and then returning the file to the owner for encryption. Relying on self signed certificates makes it difficult to ensure EPS file recovery for more than a few users. Consider the following when designing a file recovery strategy that uses self-signed certificates:
Consider users and EPS key backup.Users do not understand the need to back up encryption keys, or they might back up keys and not store them safely.
If a backup key is available to an attacker, it can be used to obtain access to the data in encrypted files. There is no centralized way of organizing and storing backup keys. An administrator would have to collect backup files from all users (or make them himself) and provide a secure storage area. It is impractical to manage the storage of thousands of backed-up keys.
Consider the file recovery agent keys.The recovery agent keys can also be damaged or lost. File recovery keys also need to ...
... be backed up. They also need to be available before files are encrypted. Creating or making available the recovery agent CCNA certification(http://www.certtopper.com)
(and thus the public key) after a file is encrypted does not provide a way to recover the file if the user's keys are damaged or lost.
Consider the file recovery agent.The default file recovery agent is an administrator. Determine whether the administrator is the right person for this responsibility. In many organizations, sensitive files are encrypted to prevent unauthorized individuals within the organization from reading them. If the administrator is the recovery agent, you must ensure that she is authorized to read the encrypted files,because she will be able to.
Consider the storage of backed-up keys.
EPS keys are backed up by exporting them to a file. The file should be password-protected and stored safely. What is a safe place? Is it safe to allow users to store this data in a place of their choosing? Should a central place be designated? How practical is the storage and maintenance of backup keys?
Consider the password protection of EFS keys.The password is chosen by the user and might be weak. It must be remembered in order to recover the keys.
Users might back up the keys and never need them, or not need them until a lot of time has passed. They might not remember the password and thus be unable to
install the backed-up keys. They might not trust their memory and therefore write down the password and keep it with the backup keys, thus making the keys available to anyone Microsoft exam(http://www.upcert.com)
who can access the disk.