Security And Confidentiality In Windows XP
3.1 Introduction
This subject is mainly for the network administrators and those concerned with networks security. It covers the security system in Windows 2000 Servers the added improvements in windows XP and It covers the encrypting techniques and security measures that Windows uses when browsing the Web.
3.2 Encryption
Windows XP uses encryption for several purposes;
1. Encrypting stored files on a disk (NTFS EFS).
2. Encrypting Transferred files using Secure Socket Layer (SSL).
3. Encrypting Transferred files between computer systems and networks, using virtual Private Network VPN.
3.3 Encrypting Confidential Information
Windows XP, just like Windows 2000, provides secure encrypting to user important folders and files. This is in addition to the security provided by the NTFS permissions.
3.4 Remarks on EFS encryption
1. When Encrypting stored files on a disk (EFS) for the first time, Windows will automatically provides a personal identification certification with a general and private keys for encrypting and decrypting, without which encrypted files and folders can not be reached. This certification can be made by using the encryption tool Cipher.exe on the command line.
2. The EFS encryption is well secure to a point that data cannot be accessed if the decrypting key is lost.
3. System files can not be encrypted, and if transferred to FAT it will be decrypted.
4. Other properties with EFS, such as making an agent for data recovery and making a copy of your identification certification, are also possible.
3.5 Enabling Secure encrypted connection
The Internet Information Service IIS can use a secure socket layer SSL, to create an encrypted connection between the Web and the users at a speed of 40 or 128 bits. DNS database will include three types of certificates which are the server certificates, client certificates and the certification authority.
3.6 Virtual Private Network (VPN)
The Virtual Private Network VPN, is the extension of a private network that encompasses encapsulated, encrypted, and authenticated links across shared or public networks. VPN connections can provide remote access and routed connections to private networks over the Internet. Windows XP can use Point-to-Point Tunneling Protocol (PPTP), Layer Two Tunneling Protocol (L2TP), or IPSec Mode.
3.7 System Control Annex:
Windows XP provides security features to the Manager of the System or the Network for a better control, through the System Access Control List ACL, which grants or denies access to resources for each user. Windows XP stores this information in the System event, the Application event or the Security event records. The Security Event Record shows any unauthorized attempt to access the system and monitors all the system files, folders and printer.