RE: [NTSysADM] EFS and Temporary files

[Melvin Backus]

I realize it may create a different set of security problems, but using another 
browser would also eliminate that step since AFAIK IE is the only one that does 
the download to the temp folder first. Most others download it as a temp file 
into the target location instead.  I’ve actually had issues with that specific 
characteristic when downloading large files targeted for secondary drives 
because the temp folder on C: runs out of space. ☹


--
There are 10 kinds of people in the world...
         those who understand binary and those who don't.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Eric Wittersheim
Sent: Tuesday, September 6, 2016 12:49 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] EFS and Temporary files

Paul,

I don't believe the Apache server has sftp configured.  There is a web 
application built already that is set to severely limit access to these files.  
My guess is they would have to rebuild that back end to make it happen. But, 
that's a good idea and if the security team pushes I will suggest that as an 
option.

Eric

On Tue, Sep 6, 2016 at 11:31 AM, Maglinger, Paul 
<pmaglin...@scvl.com<mailto:pmaglin...@scvl.com>> wrote:
Can you use sftp to transfer the files?

-Paul

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Eric Wittersheim
Sent: Tuesday, September 06, 2016 11:19 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] EFS and Temporary files

I have a project that is in a highly secured environment and is governed by our 
PCI policies.  The project will allow a user to log into a locked down Hyper V 
VM that is running Windows 2012 R2 server and open IE 11 to download WAV files 
from a second Apache server on the local subnet.  The download directory has 
been redirected to a folder that is encrypted using EFS so all files are 
encrypted as well.  Once the project time frame is complete the downloads are 
deleted with evidence provided that the files are removed.  We can't securely 
erase the hard drives because multiple projects will be running at the same 
time.  So it has been determined that a deleted file that was encrypted meets 
the security team requirements.

What my main concern is the actual download process of the file.  I believe the 
file might be going to a temp folder in the users profile folder unencrypted 
before being copied over by the OS to the EFS encrypted folder.  Thus leaving 
those unencrypted bits on the hard drive.  At this point I don't know of any 
way of getting around this problem.

1. Has anyone successfully used EFS on the users iNetCache (or IE temp 
directory)?
2. Does anyone have any ideas on how to do this differently?


Thank you in advance for any pointers,

Eric