Bitlocker and encrypt the entire volume(s)? On Tue, Sep 6, 2016 at 12:18 PM, Eric Wittersheim < [email protected]> wrote:
> I have a project that is in a highly secured environment and is governed > by our PCI policies. The project will allow a user to log into a locked > down Hyper V VM that is running Windows 2012 R2 server and open IE 11 to > download WAV files from a second Apache server on the local subnet. The > download directory has been redirected to a folder that is encrypted using > EFS so all files are encrypted as well. Once the project time frame is > complete the downloads are deleted with evidence provided that the files > are removed. We can't securely erase the hard drives because multiple > projects will be running at the same time. So it has been determined that > a deleted file that was encrypted meets the security team requirements. > > What my main concern is the actual download process of the file. I > believe the file might be going to a temp folder in the users profile > folder unencrypted before being copied over by the OS to the EFS encrypted > folder. Thus leaving those unencrypted bits on the hard drive. At this > point I don't know of any way of getting around this problem. > > 1. Has anyone successfully used EFS on the users iNetCache (or IE temp > directory)? > 2. Does anyone have any ideas on how to do this differently? > > > Thank you in advance for any pointers, > > Eric > > > >
