Accessing Encrypted Data on Remote Shares

Accessing Encrypted Data on Remote Shares
You can use your encrypted files (or ones to which you've been granted access, as described in the previous section) when they're stored on another computer in your network. This, of course, makes it feasible for multiple users to access encrypted files, but it has other advantages as well; in particular, storing your network's important documents on a single server can simplify backup of these essential files. You can encrypt and decrypt files that are stored on a network share or, if you're using Windows XP, in a Web Distributed Authoring and Versioning (WebDAV) Web folder.

Using files stored on a network share requires a Microsoft Windows 2000 Server or Microsoft Windows .NET Server domain environment, which places this topic beyond the scope of this book. Don't feel shortchanged, however; despite the otherwise superior security imposed by such domains, remote access to encrypted files on a network share is less secure than using Web folders. When files are stored on a network share, the encryption and decryption are performed on the computer where the files are stored, and the files are transmitted between computers in unencrypted form. When a file is stored in a Web folder, the file remains encrypted during transmission; all encryption and decryption take place at the user's computer.

TIP
--------------------------------------------------------------------------------

Securely share your files over the Internet

Storing an encrypted file in a document folder at MSN Groups (http://groups.msn.com) provides the same security as storing in a local Web folder. You can share your documents with others (or retrieve them yourself from another location), and your encrypted documents remain encrypted when they're transferred across the Internet.

In addition, the use of Web folders for remotely accessing encrypted files is easier to set up and administer. And, if the Web folder is available over the Internet, you can securely access your encrypted files from anywhere in the world with an ordinary Internet connection.

You can set up a Web folder on a server that is running Internet Information Services (IIS) 5 or later. (Windows 2000 includes IIS 5.0; Windows XP Professional includes IIS 5.1.) To set up a Web folder, follow these steps:

Install IIS if you haven't already done so. (For information about installing and securing IIS, see Tightening Security on Internet Information Services.)
Right-click the folder you want to share as a Web folder and choose Properties.
On the Web Sharing tab, select Share This Folder. The Edit Alias dialog box appears:

Specify an alias (the name by which users will access the folder). Select the Read, Write, and Directory Browsing permissions. Select None in the Application Permissions box. Click OK in each dialog box.
Users can then access the Web folder in much the same way as they'd use a local folder. Its URL is http://servername/alias, where servername is the name of the server and alias is the alias you assigned in step 4 of the preceding procedure.