Windows 7 / Security and Privacy

Data Theft

As mobile computers, network connectivity, and removable media have become more common, so has data theft. Many businesses and government organizations store extremely valuable data on their computers, and the cost of having the data fall into the wrong hands can be devastating.

Today, many organizations mitigate the risk of data theft by limiting access to data. For example, applications might not allow confidential files to be stored on mobile computers. Or, users simply might not be allowed to remove computers from the office. These limitations do successfully reduce the risk, but they also reduce employee productivity by not allowing the staff to benefit from mobile computing.

Windows Vista and Windows 7 provide data protection technologies designed to meet stricter security requirements while still allowing users to work with confidential data in a variety of locations. Consider the following common data theft scenarios and how Windows mitigates the risks of each.

Physical Theft of a Mobile Computer or a Hard Disk, or Recovering Data from a Recycled or Discarded Hard Disk

Operating systems can provide active protection for the data stored on your hard disk only while the operating system is running. In other words, file access control lists (ACLs), such as those provided by the New Technology File System (NTFS), cannot protect data if an attacker can physically access a computer or hard disk. In recent years, there have been many cases of stolen mobile computers whose confidential data was extracted from the hard disk. Data is often recovered from computers that are recycled (by assigning an existing computer to a new user) or discarded (at the end of a computer's life), even if the hard disk has been formatted.

Windows Vista and Windows 7 reduce the risk of this type of data theft by allowing administrators to encrypt files stored on the disk. As with Windows XP, Windows Vista and Windows 7 support Encrypting File System (EFS). EFS enables administrators and users to selectively encrypt files or to mark an entire folder to encrypt all files it contains. In addition to the capabilities offered by Windows XP, Windows Vista and Windows 7 enable you to configure EFS using Group Policy settings so that you can centrally protect an entire domain without requiring users to understand encryption.

EFS cannot protect Windows system files, however. Protecting Windows from offline attack (booting from removable media to access the file system directly or moving the hard disk to a different computer) helps ensure the integrity of the operating system even if a computer is stolen. BitLocker Drive Encryption in Windows Vista provides encryption for the entire system volume-thus protecting not only the operating system but also any data stored on the same volume (drive letter). In Windows 7, administrators can use BitLocker to protect both system and non-system volumes (as well as removable media, described in the next section). BitLocker can work transparently with supported hardware, or it can require multifactor authentication by requiring users to enter a password before allowing the volume to be decrypted. Depending on your security requirements, you can use BitLocker with existing computer hardware by storing the decryption keys on removable media or even by having users type a personal identification number (PIN) or password before Windows boots.

Copying Confidential Files to Removable Media

Organizations with strict security requirements often limit access to confidential data to computers on the local network and then do not allow those computers to be removed from the facility. Historically, these organizations would remove floppy drives from the computers to prevent users from saving confidential files. Recently, however, there has been a huge increase in the types of removable media available. Specifically, mobile phones, PDAs, portable audio players, and USB drives often have several gigabytes of storage capacity. Because they are small and extremely common, they might be overlooked even if a facility has security staff available to search employees entering or leaving a building.

Windows Vista and Windows 7 enable you to use Group Policy settings to limit the risk of removable media. Using the Group Policy settings in Computer Configuration\Policies \Administrative Templates\System\Device Installation\Device Installation Restrictions, administrators can:

  • Allow installation of entire classes of devices (such as printers) using the Allow Installation Of Devices Using Drivers That Match These Device Setup Classes setting.
  • Disallow all unsupported or unauthorized devices using the Prevent Installation Of Devices That Match Any Of These Device IDs setting.
  • Disallow any kind of removable storage device using the Prevent Installation Of Removable Devices setting.
  • Override these policies if necessary for troubleshooting or management purposes using the Allow Administrators To Override Device Installation Policy setting.

While Windows Vista focused on providing administrators with the control they needed to prevent users from saving files to removable media, Windows 7 includes technology to protect files when they are copied to removable media: BitLocker To Go. BitLocker To Go provides volume-level encryption for removable media. To decrypt the contents of removable media, a user must type a password or insert a smart card. Without the password or smart card, the contents of the BitLocker To Go-encrypted media are almost impossible to access.

Accidentally Printing, Copying, or Forwarding Confidential Documents

Often, users need to share confidential documents to collaborate efficiently. For example, a user might e-mail a document to another user for review. However, when the document is copied from your protected shared folder or intranet, you lose control of the document. Users might accidentally copy, forward, or print the document, where it can be found by a user who shouldn't have access.

There's no perfect solution to protect electronic documents from copying. However, the Windows Rights Management Services (RMS) client, built into Windows Vista and Windows 7, enables computers to open RMS-encrypted documents and enforce the restrictions applied to the document. With an RMS infrastructure and an application that supports RMS, such as Microsoft Office, you can:

  • Allow a user to view a document but not save a copy of it, print it, or forward it.
  • Restrict users from copying and pasting text within a document.
  • Make it very difficult to open the document using a client that does not enforce RMS protection.

Windows 7 provides built-in support for using RMS to protect XML Paper Specification (XPS) documents. To use RMS, you need an RMS infrastructure and supported applications in addition to Windows Vista or Windows 7. For more information about RMS, see the section titled "Rights Management Services" later in this tutorial.

[Previous] [Contents] [Next]