Best way to Encrypt on streaming files?

Best way to Encrypt on streaming files?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Best way to Encrypt on streaming files? Transam388 06-12-2006
Posted by =?Utf-8?B?VHJhbnNhbTM4OA==?= on June 12, 2006, 2:59 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
What would be the best way to encrypt data from a 2003 server going to a XP
workstation? The data will be media related, probably MPEG with audio being
the primary data but it is important that the information contained within
can be encrypted to the opening workstation. The files are going to be
centrally managed on the server and not downloaded to the workstation to
control the versions but due to security within company this needs encryption
at server and decrypted at workstation. Thanks as always for your help!

Posted by Mark Randall on June 12, 2006, 3:30 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
<snip>

PGP just came out with a new server toolkit that allows full encrypted
network communications on a windows server.

--
- Mark Randall
http://www.temporal-solutions.co.uk

"We're Systems and Networks..."
"It's our job to know..."



Posted by Steven L Umbach on June 12, 2006, 4:56 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Assuming the workstation is XP Pro use ipsec. Just keep in mind that
implementing ipsec requires that domain controllers be exempt from using or
even attempting to use ipsec for any traffic ESP/AH between domain
controllers and domain workstations but that can be easily done by having a
rule with a permit filter action for all the IP addresses of all domain
controllers for all traffic. Ipsec filters can specify destination/source
IP, ports, and protocols so that you do not have to encrypt all traffic but
just that you specify. I would not suggest implementing ipsec at the domain
level but would put the servers [assuming not domain controllers] in an OU
with an ipsec require policy for the ports/protocols in question and then
move the workstations to an OU and implement a client/respond policy on a
GPO linked to that OU. The links below explain more on ipsec. Ipsec can
also be used on non domain computers but not using Kerberos for computer
authentication. In that case preshared key and certificate authentication
could be used with certificate being the preferred method as the pre shared
key is stored in the registry in clear text if that would be a concern
making it easier for someone on a non authorized computer being able to
possibly discover and use the pre shared key. --- Steve

http://support.microsoft.com/?kbid=254949 --- important info before
implementing ipsec in a domain
http://www.microsoft.com/technet/itsolutions/network/ipsec/default.mspx ---
http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/ipsecapa.mspx

--- Appendix A: Overview of IPsec Policy Concepts
http://www.securityfocus.com/infocus/1559 --- good example of creating an
ipsec policy.

> What would be the best way to encrypt data from a 2003 server going to a
> XP
> workstation? The data will be media related, probably MPEG with audio
> being
> the primary data but it is important that the information contained within
> can be encrypted to the opening workstation. The files are going to be
> centrally managed on the server and not downloaded to the workstation to
> control the versions but due to security within company this needs
> encryption
> at server and decrypted at workstation. Thanks as always for your help!



Posted by =?Utf-8?B?VHJhbnNhbTM4OA==?= on June 12, 2006, 5:04 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hey thank you both for your input! Some good info here!

"Steven L Umbach" wrote:

> Assuming the workstation is XP Pro use ipsec. Just keep in mind that
> implementing ipsec requires that domain controllers be exempt from using or
> even attempting to use ipsec for any traffic ESP/AH between domain
> controllers and domain workstations but that can be easily done by having a
> rule with a permit filter action for all the IP addresses of all domain
> controllers for all traffic. Ipsec filters can specify destination/source
> IP, ports, and protocols so that you do not have to encrypt all traffic but
> just that you specify. I would not suggest implementing ipsec at the domain
> level but would put the servers [assuming not domain controllers] in an OU
> with an ipsec require policy for the ports/protocols in question and then
> move the workstations to an OU and implement a client/respond policy on a
> GPO linked to that OU. The links below explain more on ipsec. Ipsec can
> also be used on non domain computers but not using Kerberos for computer
> authentication. In that case preshared key and certificate authentication
> could be used with certificate being the preferred method as the pre shared
> key is stored in the registry in clear text if that would be a concern
> making it easier for someone on a non authorized computer being able to
> possibly discover and use the pre shared key. --- Steve
>
> http://support.microsoft.com/?kbid=254949 --- important info before
> implementing ipsec in a domain
> http://www.microsoft.com/technet/itsolutions/network/ipsec/default.mspx ---
>
http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/ipsecapa.mspx

> --- Appendix A: Overview of IPsec Policy Concepts
> http://www.securityfocus.com/infocus/1559 --- good example of creating an
> ipsec policy.
>
> > What would be the best way to encrypt data from a 2003 server going to a
> > XP
> > workstation? The data will be media related, probably MPEG with audio
> > being
> > the primary data but it is important that the information contained within
> > can be encrypted to the opening workstation. The files are going to be
> > centrally managed on the server and not downloaded to the workstation to
> > control the versions but due to security within company this needs
> > encryption
> > at server and decrypted at workstation. Thanks as always for your help!
>
>
>

Similar ThreadsPosted
Encrypt This September 29, 2006, 9:03 pm
Sign and encrypt mail February 21, 2008, 12:31 am
RE: how to encrypt entire drive? November 26, 2008, 6:26 pm
How do I encrypt a whole (external) USB harddisc (under Win2000 and WinXP)? July 11, 2005, 9:13 am
RSA frustrations - encrypt with private, decrypt with public - possible? October 24, 2005, 9:03 pm
Unable to un-encrypt a folder using Windows encryption - access de August 27, 2008, 7:39 pm
EFS with OST/PST files December 11, 2006, 6:37 pm
What creates these files? September 22, 2005, 3:36 am
HttpHandler for asp files November 17, 2005, 2:06 pm
Recovering EFS Files December 14, 2005, 10:09 am

The site map in XML format XML site map

Contact Us | Privacy Policy