Encrypting search index using EFS

Encrypting search index using EFS "Is there anything wrong with encrypting the search index with EFS while letting the search service index encrypted files? I've encrypted the directory %ProgramData%\Microsoft\Search and I've added SYSTEM user by using ""cipher /ADDUSER /certhash:""SYSTEMHASH"" /s:thedirectory, and it looks like the SYSTEM account has no problem indexing my files."
Asked by: Guest \| Views: 157

Total answers/comments: 1

Comments display order:

Guest [Entry]

"Read the reasoning for not just encrypting just the index in this TechNet page

Encrypting the Index
To encrypt the
index file itself, we recommend that
you encrypt the entire volume
containing the index with BitLocker or
another 3rd party full-volume
encryption option. This provides
strong protection against offline
attacks; online attacks are still
possible by users with administrator
access. BitLocker Drive Encryption
provides enhanced protection against
data theft by encrypting data
operating system and data volumes. In
Windows 7, BitLocker Drive Encryption
works on removable drives. We strongly
recommend also BitLocking operating
system volumes if you BitLock data
volumes.

While the Encrypting File System (EFS)
can also be used, it is not
recommended. The Windows Search
service runs under the LocalSystem
account and needs access to the index
files. As a result, EFS keys
associated with the LocalSystem
account must be used to encrypt the
index files. Consequently, the index
files are open to the following
attacks:

Online: Any administrative user can
gain access to the encrypted index
files by simply impersonating the
LocalSystem account. (Existing tools
on the web make this a trivial task.)
Offline: The key that is used by the
LocalSystem account to decrypt files
is stored on the machine in an
obfuscated state. Someone with
physical access to the machine can use
existing tools on the web to retrieve
this key and access the encrypted
index files."