Encryption provides you with the ability to protect your database file from prying eyes. It transforms the way data is stored on your disk so that individuals who do not know the database password can not open the database or use other techniques to view the file contents. Security professionals recommend the use of encryption to protect sensitive information.

The Encrypting File System (EFS) is a component of the NTFS file system on Windows 2000, Windows XP Professional, and Windows Server 2003. (Windows XP Home doesn't include EFS.) EFS enables transparent encryption and decryption of files by using advanced, standard cryptographic algorithms. Any individual or program that doesn't possess the appropriate cryptographic key cannot read the encrypted data. Encrypted files can be protected even from those who gain physical possession of the computer that the files reside on. Even persons who are authorized to access the computer and its file system cannot view the data. While other defensive strategies should be used, and encryption isn't the correct countermeasure for every threat, encryption is a powerful addition to any defensive strategy. EFS is the built-in file encryption tool for Windows file systems.

However, every defensive weapon, if used incorrectly, carries the potential for harm. EFS must be understood, implemented appropriately, and managed effectively to ensure that your experience, the experience of those to whom you provide support, and the data you wish to protect aren't harmed. This document will

• Provide an overview and pointers to resources on EFS.
• Point to implementation strategies and best practices.
• Name the dangers and counsel mitigation and prevention from harm.
  
  

Many online and published resources on EFS exist. The major sources of information are the Microsoft resource kits, product documentation, white papers, and Knowledge Base articles. This paper provides a brief overview of major EFS issues. Wherever possible, it doesn't rework existing documentation; rather, it provides links to the best resources. In short, it maps the list of desired knowledge and instruction to the actual documents where they can be found. In addition, the paper catalogs the key elements of large documents so that you'll be able to find the information you need without having to work your way through hundreds of pages of information each time you have a new question.

The paper discusses the following key EFS knowledge areas:

• What EFS is
• Basic how-tos, such as how to encrypt and decrypt files, recover encrypted files, archive keys, manage certificates, and back up files, and how to disable EFS
• How EFS works and EFS architecture and algorithms
• Key differences between EFS on Windows 2000, Windows XP, and Windows Server 2003
• Misuse and abuse of EFS and how to avoid data loss or exposure
• Remote storage of encrypted files using SMB file shares and WebDAV
• Best practices for SOHO and small businesses
• Enterprise how-tos: how to implement data recovery strategies with PKI and how to implement key recovery with PKI
• Troubleshooting
• Radical EFS: using EFS to encrypt databases and using EFS with other Microsoft products
• Disaster recover
• Where to download EFS-specific tools
  
  

Using EFS requires only a few simple bits of knowledge. However, using EFS without knowledge of best practices and without understanding recovery processes can give you a mistaken sense of security, as your files might not be encrypted when you think they are, or you might enable unauthorized access by having a weak password or having made the password available to others. It might also result in a loss of data, if proper recovery steps aren't taken. Therefore, before using EFS you should read the information links in the section "Misuse and Abuse of EFS and How to Avoid Data Loss or Exposure." The knowledge in this section warns you where lack of proper recovery operations or misunderstanding can cause your data to be unnecessarily exposed. To implement a secure and recoverable EFS policy, you should have a more comprehensive understanding of EFS.

There is nothing better than encrypting the system partition and all other partitions if you want to protect your files from unauthorized access. There are still ways around this but they require specialized equipment and access to the PC. Regular users on the other hand may be better off encrypting only their important documents and files, and other areas of the operating system that may reveal information about those files.

One of those is the Windows Pagefile, which is basically a hard drive cache for files. The file is used by Windows even if your computer has enough memory available. It is possible to delete the Pagefile on exit, but that does not guarantee that the information it contains cannot be recovered.

The only possible solution next to encrypting the system partition? Encrypting the page file. This thankfully can be done with the Windows program fsutil that is installed with the operating system.



Article source: http://technet.microsoft.com/en-us/library/cc700811.aspx
Article source:http://www.ghacks.net/2011/04/04/encrypt-your-windows-pagefile-to-improve-security/