Re: How can I encrypt files on a HTTPS file server?
From: George Valkov (null_at_somewhere.com)
Date: 08/01/04
- Next message: Doug Thews: "Re: Can't Activate Upgrade of W2K3 (Repost)"
- Previous message: Alex: "Problem Authorizing DHCP Server"
- Next in thread: Ace Fekay [MVP]: "Re: How can I encrypt files on a HTTPS file server?"
- Reply: Ace Fekay [MVP]: "Re: How can I encrypt files on a HTTPS file server?"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 1 Aug 2004 22:52:57 +0300
Thank You, Ace!
This was good to know!
Finally I found a work around and now it's working.
1. The target aim was a transparent work with encrypted files (using EFS) on
the server.
2. Because I use a limited account (A) when I work locally on the server, I
have to login to the HTTPS site as another user (B). At that point
everything will work fine except for the access to encrypted files and
folders. I found out that the site uses Integrated Windows Authentication by
default. The server will mix up my credentials and finally deny access.
I changed the authentication mode to Clear Text and now it uses the correct
credentials allowing me to work transparently with encrypted files. I will
investigate remote sessions to see if I can use the Integrated Windows
Authentication.
3. No, I really doubt that anyone has any reason to crack the session.
Actually parts from this are for testing and learning. Certification
Authority is installed on my server, so I decided to request a 8192 bits RSA
certificate. Is there at least one performance or other reason to use
smaller? Can You tell me what encryption algorithm is recommended for HTTPS
sites?
4. The local security policy is set to allow only NTLM2 authentication. This
will apply for the HTTPS session only if I use the Integrated Windows
Authentication, right?
5. Some special characters based on ALT+number will increase the password
strength. For local logon this is not a problem, but for logon to HTTPS
sites, the password is received incorrectly by the server. Is there a work
around for this?
George Valkov
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:#wELNZpdEHA.3616@TK2MSFTNGP10.phx.gbl...
> In news:eJaJAAhdEHA.3512@TK2MSFTNGP12.phx.gbl,
> George Valkov <null@somewhere.com> asked for help and I offered my
> suggestions below:
> > Hello Ace,
> > I know that the HTTPS session is clear text HTTP travelling over a
> > secure (encrypted) channel.
> > I wrote encrypt files. NTFS supports Encrypted File System (EFS). I
> > want files on the server's hard disk to be encrypted.
> > I use Windows Explorer / Internet Explorer 6.0 to open Web Folders and
> > connect to the HTTPS site. The folders and files appear just like
> > local folders.
> >
> > 1. I encrypted a folder on the client's desktop and then uploaded it
> > to the server. The folder content was decrypted and then uploaded.
> >
> > 2. I encrypted one folder on the server, but then I can't neither
> > read nor write files from it.I can only view it's content.
> >
> > Note: I use one and same user account to logon locally on the server
> > and establish the HTTPS connection.
>
> If using EFS, yes, the files are encrypted locally, but when you transfer
> them across the network using a UNC or mapped drive, they are transferred
in
> clear text but then encrypted again at the other end, depending on if that
> folder is set to be encrypted or not.
>
> Using HTTPS encrypts the session, so not sure what you mean. Are you
afraid
> that someone is evesdropping on the session or do you believe that they
have
> cracked the session? The whole idea of using HTTPS for secure
transactions,
> such as credit card transactions is for security. So far I do not know if
> anyone has cracked an HTTPS session to day.
>
> So you are saying you are using webfolders when going thru a browser?
That's
> good. That's using NTLM authentication at least, but the HTTPS is
protecting
> the communication.
>
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
>
> Security Is Like An Onion, It Has Layers
> HAM AND EGGS: A day's work for a chicken;
> A lifetime commitment for a pig.
> --
> =================================
>
>
- Next message: Doug Thews: "Re: Can't Activate Upgrade of W2K3 (Repost)"
- Previous message: Alex: "Problem Authorizing DHCP Server"
- Next in thread: Ace Fekay [MVP]: "Re: How can I encrypt files on a HTTPS file server?"
- Reply: Ace Fekay [MVP]: "Re: How can I encrypt files on a HTTPS file server?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
