Scribd Logo
Upload

Welcome to Scribd!

  • Tutorial 2

    Uploaded by

    Vũ Tùng Lâm Hoàng
    6 views19 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views19 pages

    Tutorial 2

    Uploaded by

    Vũ Tùng Lâm Hoàng

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 19

    NETWORK SECURITY

    Tutorial 2

    ENCRYPT FILES, DRIVES USING EFS & BITLOCKER

     Purpose
    On finishing this tutorial, students are expected to:
    - Recognize the importance of keep data secure
    - Understand the mechanism of how EFS & Bitlocker use to encrypt and
    decrypt data
    - Able to use some prompt commands of Windows
    - Able to encrypt and decrypt files and drives for data protection
    - Able to backup & recover certificates & keys in case of losing access to
    computer accounts.
     Discussion
    Students are required to read the slide uploaded on FIT portal & try to answer
    the following questions:
    - What is the encrypting mechanism of EFS?
    - What is the hardware requirements of Bitlocker?
    - What are differences between EFS and Bitlocker?
     Step-by-Step Guide
    Students are required to follow the step-by-step guide given to fulfill the
    following contents:
    - Encrypt the password file with EFS
    - Backup certs & keys for recovery purpose
    - Create other accounts
    - Access to the password files using other accounts
    - Recover /import the certs & keys
    - Encrypt/decrypt drives using BitLocker

    NSE TUTORIAL BY NHUNGVT 1


    STEP-BY-STEP GUIDE

    PART A: ENCRYPT THE PASSWORD FILE WITH EFS

    1. CREATE A CERTIFICATE MANAGEMENT CONSOLE FOR USERS

    2. Run MMC -32 as administrator

    3. Select File > Add or Remove Snap-ins

    4. Select Certificates and then click Add

    NSE TUTORIAL BY NHUNGVT 2


    5. Select My user account and press Next

    6. And then save the console by going to the Console. Fille > Save as.

    2. ENCRYPTING FILES

    Press Windows Key + X then select Command Prompt (Admin).

    NSE TUTORIAL BY NHUNGVT 3


    3. Go to C directory, create a directory

    Cd C:\

    Md CONFIDENTIAL

    Then go to CONFIDENTIAL folder

    cd CONFIDENTIAL

    4. Create a file password.txt that stores the secret information

    Copy con password.txt

    And then you added your sensitive information here. For example,

    Type “Mypass is 123456”. Then press Control + Z to exit.

    NSE TUTORIAL BY NHUNGVT 4


    5. Now type the following command into cmd and hit Enter:

    Cipher /e password.txt

    Note:

    Apply changes to this folder, subfolders and files: cipher /e /s:”full path of folder”

    Apply changes to this folder only: cipher /e “full path of folder or file with
    extension”

    3. Close command prompt when finished.

    NSE TUTORIAL BY NHUNGVT 5


    PART B. Back up your Encrypting File System (EFS) encryption key

    Once you enabled the EFS for any file or folder, a small icon will appear in the
    taskbar, probably next to the battery or WiFi icon.

    Simply click on the EFS icon in the system tray to open the Certificate Export
    Wizard.

    1. First, make sure to plug in your USB drive into the PC to copy the backup file. (In
    the lab, I backuped onto the disk drive, for best practice, you should save it into
    safe place).

    2. Now click on the EFS icon from the system try to launch the Certificate Export
    Wizard.

    NSE TUTORIAL BY NHUNGVT 6


    3. Once the wizard opens, click Back up now (recommended).

    4.Click on Next and again click Next to continue.

    6. On the Security screen, checkmark “Password” box then type a password in


    the field.

    NSE TUTORIAL BY NHUNGVT 7


    6. Again type the same password to confirm it and click Next.

    7. Now click on Browse button then navigate to the USB drive and under file name
    type any name.

    NSE TUTORIAL BY NHUNGVT 8


    Note: This would be the name of the backup of your encryption key.

    8. Click Save then click on Next.

    9. Finally, click Finish to close the wizard and click OK.

    This backup of your encryption key will come very handy if in case you ever lose
    access to your user account, as this backup can be used to access the encrypted
    file or folders on the PC.

    PART C: CREATE TEST ACCOUNTS

    1. Create local account using Command Prompt

    If you’re comfortable typing command lines, it’s actually a lot faster to create a
    local account on Windows 10 using Command Prompt.

    To create a local account on Windows 10 with Command Prompt, use these


    steps:

    1. Open Start.

    NSE TUTORIAL BY NHUNGVT 9


    2. Search for Command Prompt, right-click the result, and select the Run as
    administrator option.
    3. Type the following command and press Enter:

    net user USER_NAME PASSWORD /add

    In the above command make sure to change USER_NAME and PASSWORD with
    the credentials you want to use for the new user account.

    4. Type the following command to add the newly created account to the
    Administrators group and press Enter:

    net localgroup administrators USER_ACCOUNT /add

    Creating admin local account using Command Prompt

    In the command, make sure to replace USER_ACCOUNT with the account name
    you want to add to the administrators group.

    If you want to test the new changes, sign-out and you’ll notice the new user
    account sitting in the bottom-left corner of the screen. Then select the new user
    account and sign in.

    NSE TUTORIAL BY NHUNGVT 10


    It’s also possible to create a local account using PowerShell, and here are the
    steps.

    Step 2. Activate Local Administrator

    By default, the Local Administrator is disabled. You can enable by command


    line.

    1. Select “Start” and type “CMD“.


    2. Right-click “Command Prompt” then choose “Run as administrator“.
    3. If prompted, enter a username and password that grants admin rights to the
    computer.
    4. Type: net user administrator /active:yes
    5. Press “Enter“.

    Replace “yes” with “no” to disable the admin account on the welcome screen.

    If this Account doesn’t have the password, you can create a password by typing

    net user administrator <Password>

    PART D. VERIFYING ENCRYPTED FILES

    1. In the same CMD, switch to another account by

    runas /user:yourPCname\Administrator cmd

    2. Go to the encrypted folder to see the encrypted file

    Cd C:\CONFIDENTIAL

    3. Type cipher to view check status of files in that directory.


    E means encrypted
    U means unencrypted
    4. View the file content, type

    NSE TUTORIAL BY NHUNGVT 11


    type password.txt

    You can see the message: “Access is denied”

    PART E. Restore your EFS File Encryption Certificate


    and Key from PFX file

    1. Switch to another user account that is not the owner of that password.txt

    2. Try to import backup key & certificate

    Either double click/tap on the backed up PFX file, or right click or press and hold
    on the PFX file and click/tap on Install PFX. (see screenshot below)

    3. Click/tap on Next. (see screenshot below)

    NSE TUTORIAL BY NHUNGVT 12


    Click/tap on Next. (see screenshot below)

    4. Enter the password for the private key included in the PFX file , check Mark
    this key as exportable, check Include all extended properties, and click/tap

    NSE TUTORIAL BY NHUNGVT 13


    on Next. (see screenshot below)

    5. Select (dot) Automatically select the certificate store based on the type of
    certificate, and click/tap on Next.

    6. Click/tap on Finish.

    NSE TUTORIAL BY NHUNGVT 14


    7. Click/tap on OK. (see screenshot below)

    8. Then you open the file password. You can see the content of the password.txt
    now.

    WHY?

    NSE TUTORIAL BY NHUNGVT 15


    PART F. Decrypt File or Folder Using Command Prompt

    1. Press Windows Key + X then select Command Prompt (Admin).

    2. Type the following command into cmd and hit Enter:

    To Decrypt a File: cipher /d "full path of file with extension"


    Note: Replace “full path of file with extension” with the actual location of the file
    with its extension for example:
    cipher /d “C:\confidential\password.txt”

    3. Once finished close cmd and reboot your PC.

    NSE TUTORIAL BY NHUNGVT 16


    PART G.
    Device encryption in Windows

    What is device encryption?

    Device encryption helps protect your data, and it's available on a wide range of
    Windows devices. If you turn on device encryption, the data on your device can
    only be accessed by people who've been authorized. If device encryption isn't
    available on your device, you may be able to turn on standard BitLocker
    encryption instead.

    Note
    BitLocker is not available on Windows 10 Home edition.

    To see if you can use device encryption

    1. In the search box on the taskbar, type System Information, right-


    click System Information in the list of results, then select Run as
    administrator. Or you can select the Start button, and then under Windows
    Administrative Tools, select System Information.
    2. At the bottom of the System Information window, find Device Encryption
    Support. If the value says Meets prerequisites, then device encryption is
    available on your device. If it isn't available, you may be able to use standard
    BitLocker encryption instead.

    To turn on device encryption

    1. Sign in to Windows with an administrator account (you may have to sign out
    and back in to switch accounts).

    NSE TUTORIAL BY NHUNGVT 17


    2. Select the Start button, then select Settings > Update &
    Security > Device encryption. If Device encryption doesn't appear, it isn't
    available. You may be able to turn on standard BitLocker encryption instead.

    3. If device encryption is turned off, select Turn on.

    To turn on standard BitLocker encryption

    1. Sign in to your Windows device with an administrator account.


    2. To set up Bitlocker:

     Go to the Control Panel.


     Click System and Security.
     Click BitLocker Drive Encryption.
     Under BitLocker Drive Encryption, click Turn on
    BitLocker.

     Select Enter a password or Insert a USB flash drive. If you have chosen to
    use a USB flash drive as a trigger to unlock your drive, you can choose to
    do this with a password or smart card. In this example, we will use a
    password.
     Enter a password and confirm it, and then click Next.
    NSE TUTORIAL BY NHUNGVT 18
     Select how to save a recovery key to regain access to your drive in case you
    forget your password (e.g. on a USB flash drive or to your Microsoft
    account), and click Next.
     Select an encryption option: Encrypt used disk space only (faster)
    or Encrypt entire drive (slower), and click Next.
     Choose from two more encryption options: New encryption mode (best
    for fixed drives) or Compatible mode (best for removable devices), and
    click Next.
     Check Run BitLocker system check, which ensures that the recovery and
    encryption keys will work, and click Continue.
     Last, verify that BitLocker is turned on. To do this, go to My PC in Windows
    Explorer and check for a Lock icon displayed next to the drive.

    To disable or suspend BitLocker:

    1. Press the Windows key + E to open Windows Explorer.


    2. Click This PC.
    3. Right-click the encrypted drive and select Manage BitLocker.
    4. For each drive or partition encrypted, you can select to suspend BitLocker
    or completely disable it. Select the option you want and follow the wizard.

    NSE TUTORIAL BY NHUNGVT 19

    You might also like