File encryption
Notice | |
Malfunctions Do not encrypt the entire system partition, Windows system files or the TwinCAT folder. This can lead to malfunctions. |
As a rule, an established access control is sufficient to protect sensitive files and directories against unauthorized access. If the data carrier gets lost, however, the protection of these data is no longer guaranteed and necessitates additional protection by the encryption of individual files and directories.
With EFS (Encrypted File System), Windows provides an encryption function with which individual files or entire directories can be encrypted. An additional security level and cryptographic protection is thus made available.
An important post-encryption aspect is the administration of keys and the clarification of the following questions:
- Who should be given access?
- What authentication options are there? (USB token, PIN, password, user name + password, etc.)
- How are the keys managed?
In any case the data are unprotected when they are decrypted and used.
By comparison, BitLocker supports the encryption of complete data carriers. In addition, BitLocker offers maximum protection when it is used with TPM (Trusted Platform Module), as described in the TPM documentation.