Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [encrypting-file-system]

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption.

72 questions
16
votes
2 answers

Auto-booting and Securing a Linux Server with an Encrypted Filesystem

I'm setting up some new Ubuntu servers, and I'd like to secure the data on them against theft. The threat model is attackers desiring the hardware or rather naïve attackers desiring the data. Please take note of this section. The threat model does…
cjs
  • 1,385
  • 1
  • 12
  • 23
7
votes
3 answers

Backup AWS EFS to S3

I've been desperately trying to find a way to backup my AWS EFS file system to S3, but cannot seem to find one. There's several EC2 instances running all having access to the mentioned EFS. In order to reduce traffic, I already tried launching a…
wahtye
  • 71
  • 1
  • 1
  • 2
5
votes
1 answer

Windows Task Scheduler cannot access EFS encrypted folder despite running as a user with access

I have a batch file set to run via Task Scheduler in Windows Server 2008 R2. The batch file is being used to rotate and compress MySQL logs, and the folder containing these logs is encrypted using the Windows built in EFS encryption. I found a VBS…
zako42
  • 173
  • 6
4
votes
2 answers

Encrypt at rest existing AWS EFS instances - is it possible?

Based on my understanding of AWS documentation it appears that the only way to encrypt at rest existing EFS instances with some data is to create new EFS instances with encryption enabled and copy the files from unencrypted EFS to encrypted EFS and…
Darko Miletic
  • 195
  • 1
  • 1
  • 8
3
votes
1 answer

Can an EFS encrypted folder be backed up in an Azure Recovery Services Vault?

When I try to back up a Windows EFS encrypted folder on a physical server to an Azure Recovery Services Vault the file size is modified upon recovery and the files cannot be opened (are unrecognizable). Am I doing something wrong or is this simply…
saminpa
  • 141
  • 5
3
votes
1 answer

Access denied to EFS encrypted files after PC joins domain

I'm experiencing strange behavior with Windows Encrypted File System: I have a machine that is in workgroup mode (not joined to a domain) I encrypt an entire directory structure on the machine (basically a folder and subfolders with data files for…
Mike Marshall
  • 98
  • 2
  • 10
3
votes
2 answers

Can root become user and access encrypted home?

The home is mounted unencrypted on login. I tried accessing it after doing 'su sampleuser', but it was encrypted, which is the expected behavior I guess. I also tried changing the user's password, and then logging in, but I was redirected to the…
HappyDeveloper
  • 654
  • 2
  • 6
  • 13
3
votes
3 answers

Can EFS be set on a per group basis?

I've been asked to create some file store for our directors that will contain sensitive information. They have asked that it not be possible for other admins to read the data. I immediately thought of EFS, but I seem to recall this can only be done…
Bryan
  • 7,628
  • 15
  • 69
  • 94
3
votes
2 answers

Disabling EFS--what to do if there are any encrypted files?

I am in the process of retiring an old Windows-integrated CA and bringing online a new, properly-configured one (several, actually). Most of our systems are unable to use EFS thanks to Group Policy... but due to some misconfiguration, a handful of…
ewall
  • 1,064
  • 3
  • 15
  • 23
3
votes
2 answers

How to mount LUKS partition securely on server

I'm curious if it is possible to mount a partition encrypted by cryptsetup with LUKS securely and automatically on Ubuntu 10.0.4 LTS. For example, if I use the key for the encrypted partition, than that key has to be presented on a device that is…
Ency
  • 1,231
  • 1
  • 19
  • 27
3
votes
1 answer

Why make random file for loopback device for encrypted file system?

I have read a few tutorials on setting up an encrypted file system using cryptsetup. They all start with the following creation of a random file dd if=/dev/urandom of=/etc/cryptfile bs=1M count=10 This file would be further used to create a…
Amit S
  • 153
  • 1
  • 6
3
votes
1 answer

Heavy NFS metadata traffic flooding NFSv4.1 Server (AWS EFS)

We are observing a massive uptick in metadata requests to an NFSv4.1 (AWS EFS) network drive that is linked to a one or more web servers. This started happening about a week ago across a number of stacks. I've done a bunch of diagnostics; nfsiostat…
Az Ilari
  • 71
  • 4
2
votes
1 answer

It it possible to implement per-user quotas on Amazon EFS?

I'm would like to have a filesystem for network-mounted home directories that can scale easily (per user) at a low cost. EFS seems well-suited to this (especially with Infrequent Access enabled). However, I cannot see a way to set quotas on a…
Ben Davis
  • 280
  • 1
  • 6
  • 18
2
votes
1 answer

Is possible execute crypttab config without rebooting making the encrypted device mapped and available?

I need turn a file into a encrypted device mapped on /dev/mapper/ and to do it the easier way I found is adding a named entry to /etc/crypttab pointing to image file and key file, it works fine and map the device but only on next reboot. Im doing it…
Mark
  • 91
  • 1
  • 9
2
votes
2 answers

Is it possible to secure a VPS from its seller/provider?

I have bought a VPS hosted in the USA through an Iranian company (I live there, it's quite hard to buy one directly.), and I am wondering if it is possible to secure the system against potential spying by the Iranian authorities. Partial,…
HappyFace
  • 151
  • 1
  • 9
1
2 3 4 5