Ngedatha yokuPhumela ngemvume evela kwiWindowsowecurity.com
Ikhono lokubethela idatha - zombini idatha kwi-transit (isebenzisa i- IPSec ) kunye nedatha egcinwe kwi disk (usebenzisa i- Encrypting File System ) ngaphandle kwemfuneko yesofthiwe yesithathu yenye yezona zinzuzo ezinkulu kwi-Windows 2000 kunye ne- XP / 2003 ngaphaya kweMicrosoft yangaphambili iinkqubo zokusebenza. Ngelishwa, abaninzi abasebenzisi beWindows abanakuyisebenzisela le miba yokhuseleko okanye, ukuba bayayisebenzisa, abayiqondi ngokupheleleyo into abayenzayo, indlela abayisebenzisayo ngayo, kunye neyona ndlela efanelekileyo yokuqhuba ngayo. Kule nqaku, ndiza kuxubusha i-EFS: ukusetyenziswa kwayo, ubunzima bayo, nokuba ingafikelela njani kwisicwangciso sakho sokukhuselwa kwenethiwekhi.
Ikhono lokubethela idatha - zombini idatha kwi-transit (isebenzisa i-IPSec) kunye nedatha egcinwe kwi disk (usebenzisa i-Encrypting File System) ngaphandle kwemfuneko yesofthiwe yesithathu yenye yezona zinzuzo ezinkulu kwi-Windows 2000 kunye ne-XP / 2003 ngaphaya kweMicrosoft yangaphambili iinkqubo zokusebenza. Ngelishwa, abaninzi abasebenzisi beWindows abanakuyisebenzisela le miba yokhuseleko okanye, ukuba bayayisebenzisa, abayiqondi ngokupheleleyo into abayenzayo, indlela abayisebenzisayo ngayo, kunye neyona ndlela efanelekileyo yokuqhuba ngayo.
Ndathetha ukusetyenziswa kwe-IPSec kwinqaku elidlulileyo; kule nqaku, ndifuna ukuthetha nge-EFS: ukusetyenziswa kwayo, ukusilela kwayo, nokuba ingaba njani kwisicwangciso sakho sokukhusela ukhuseleko lwenethiwekhi.
Injongo ye-EFS
IMicrosoft yenzelwe i-EFS ukubonelela iteknoloji esekelwe yoluntu eya kusetyenziswa njengendlela "yokugqibela yokukhusela" ukukhusela idatha yakho egciniweyo kubangaphakathi. Ukuba i-hacker eqhoshayo idlula eminye imiqathango yokukhusela - yenza i- firewall yakho (okanye ifumana ukufikelela ngokomzimba kwikhompyutheni), iyanqabela imvume yokufumana amalungelo okulawula - i-EFS inokumthintela ukuba akwazi ukufunda i uxwebhu olubhaliweyo. Oku kuyinyaniso ngaphandle kokuba umntu ongenakho ukungena ngemvume njengomsebenzisi obhala ngexwebhu (okanye, kwi-Windows XP / 2000, omnye umsebenzisi lowo umsebenzisi wabelane ngayo).
Kukho ezinye iindlela zokubethela idatha kwi disk. Uninzi lwabathengisi beprogram benza iimveliso zokubhaliweyo zedatha ezingasetyenziswa ngeenguqu ezahlukeneyo zeWindows. Ezi ziquka iSkramDisk, SafeDisk kunye nePGPDisk. Ezinye zalezi zixhobo zisebenzise i-encryption yamanqanaba okanye yenza i-drive encrypted drive, apho yonke idatha egcinwe kweso sahlulo okanye kwi-drive eyiyo iya kubhala. Abanye basebenzise i-encryption yenqanaba lefayile, okukuvumela ukuba ubhalelele idatha yakho kwifayile yefayili ngokungakhathaliseki ukuba bahlala phi. Ezinye zeendlela zisebenzisa iphasiwedi ukukhusela idatha; iphasiwedi ingenayo xa ubhala ngefayile kwaye kufuneka ungeniswe kwakhona ukuze uyiqhumise. I-EFS isebenzisa izatifikedi zedijithali ezibophelelwe kwi-akhawunti ethile yomsebenzisi ukuqinisekisa ukuba iifayile ingachithwa njani.
IMicrosoft yenzelwe i-EFS ukuba isebenzise umsebenzisi, kwaye ngokwenene iyasebenza ngokucacileyo kumsebenzisi. Ukufakela ifayile - okanye ifolda yonke - kulula njengokuba kukhangela ibhokisi yokukhangela kwifayile yefayile okanye kwiifayile eziphambili zeZakhiwo.
Qaphela ukuba ukubethela kwe-EFS kufumaneka kuphela kwiifayile kunye neefolda ezisekhompyutheni ezifomathiweyo ze-NTFS . Ukuba i-drive ishicilelwe kwi-FAT okanye i-FAT32, ayiyi kubakho iqhosha eliphambili kwiphepha leMpahla. Kwakhona qaphela ukuba nangona ukhetho lokunciphisa okanye ukubethela ifayile / ifolda lwenziwa kwi-interface njengemibhobho yokukhangela, ngokwenene basebenza njengamaqhosha okukhetha esikhundleni; oko kukuthi, ukuba ukhangele enye, enye ihlolwe ngokuzenzekelayo. Ifayile okanye ifolda ayikwazi ukubhalwa ngefayile kwaye icinezelwe ngexesha elinye.
Xa ifayile okanye ifolda ibhalwe ngefayile, ulwahlulo olubonakalayo kuphela ukuba iifayile ezifakwe kwiibhokisi / iifolda ziya kubonakala kwi-Explorer kumbala ohlukileyo, ukuba ibhokisi yokujonga ukubonisa i-encrypted okanye icinezelwe iifayile ze-NTFS kumbala kukhethwe kwiinketho zeFolda (ezilungiselelwe ngeThuluzi Izinketho zefolda | Jonga ithebhu kwi-Windows Explorer).
Umsebenzisi obhala ngexwebhu akumele abe nexhala malunga nokuchithwa kwalo ukufikelela kuyo. Xa evula, ngokuzenzekelayo kwaye ichithwe ngokucacileyo-ngokude nje ukuba umsebenzisi ungene ngemvume nge-akhawunti efanayo yomsebenzisi njengokuba i-encrypted. Ukuba omnye umntu uzama ukuyifumana, noko ke, loo mqulu awuyi kuvulwa kwaye umyalezo uza kwazisa umsebenzisi ukuba ufikelelo lungavunyelwa.
Yintoni eqhubekayo phantsi kweHood?
Nangona i-EFS ibonakala ilula ngokucacileyo kumsebenzisi, kukho into eninzi eyenziwa phantsi kwehood ukwenzela ukuba konke kwenzeke. Zomibini zomlinganiso (ukhiye ofihlakeleyo) kunye ne-asymmetric (ukhiye wesiqhelo esidlangalaleni) isetyenziselwa ukudibanisa ukuxhamla inzuzo kunye nokungahleleki komnye.
Xa umsebenzisi uqala ukusebenzisa i-EFS ukubethela ifayile, i-akhawunti yomsebenzisi ibelwe ibini eliphambili (ukhiye woluntu kunye nencoko yangasese ehambelanayo), okanye iveliswe iinkonzo zesaqinisekiso - ukuba kukho i-CA efakwe kwi-network-okanye isayinwe yi-EFS. Ukhiye woluntu usetyenziselwa ukubethela kunye nencoko yangasese isetyenziselwa ukuchithwa ...
Ukufunda iqaku elipheleleyo kwaye ubone imifanekiso epheleleyo yemifanekiso eqhosha apha: Kuphi i-EFS ifanelwe kwisicwangciso sakho soKhuseleko?