- Joined
- May 25, 2023
- Messages
- 1
- Reaction score
- 0
A little while back I was setting up Users to use EFS on a generally open server. Each had their own folder and generally this seemed to work. Their EFS certificate with public and private keys was on their CAC ID cards, a backup of these keys was escrowed at the Information Systems Command. So this should have been fine, but some loca IT admins did not like, that they could not read General's and Colonel's and every other Soldier's papers and documents. So they did a cute little 'security scan' and deleted every FEK (file encryption Key) from all the Users files. The response from those IT admins when asked "what has happend to these files?" was "Too bad, so sad, we have to be able to access all files. Therefore to prevent files from being encrypted, we periodically delete the metadata field that would contain FEKs and other malware data.", This is actually a lot of Hogwash, just because they are IT Admins, they are not authorized to have carte blanche access to all data, this is a real big security risk, think of Snowden and Manning.
So my question is: can the FEK be protected and/or backed up against such potentially malevolent insiders? What tools can be used to view and or copy the FEK, and what tools could be used to so selectivly erase the meta data field that contained the FEK?
So my question is: can the FEK be protected and/or backed up against such potentially malevolent insiders? What tools can be used to view and or copy the FEK, and what tools could be used to so selectivly erase the meta data field that contained the FEK?