iFolder Local Security Utility


This utility was created to meet our company security guidelines for protecting confidential data on mobile computers. Following are some of the problems/findings which prompted the creation of this utility:

iFolder only encrypts the data when transferring over the wire between client and server. Due to company security guidelines, local data encryption on mobile computers is required.

You can encrypt the users iFolder directory, however, because the iFolder service controls the synchronization, the data is downloaded to the users local directory and remains unencrypted. (The data in the directory must be created by the user that encrypted it, or it is created unencrypted).

Run this utility at startup as a front end to Microsoft's CIPHER, creates and encrypts the local iFolder directory each time the user logs in.

There have been a few assumptions made in the logic of this utility, these are:

  1. When a user logs into iFolder on a workstation for the first time, a registry key is created in "HKLM\SOFTWARE\Novell iFolder\<username>", this is used to validate whether the user has logged into iFolder on this workstation before. If they have and the defined directory exists, the assumption is made that it was this user account that encrypted the local data. If the registry key does not exist then directory is either created or recreated and encrypted with CIPHER to ensure that the current user can view the local data after iFolder synchronization to the local workstation has completed.
  2. The users will be using the local iFolder client and not the web client (Any data uploaded via the web interface will be synchronized to the workstation and will remain unencrypted until the user logs on again and iFLclSec.exe is executed). We have also provided a ZEN desktop icon for this utility so the users can encrypted the data manually if they notice the data is not marked as encrypted.
  3. The local encryption keys are NOT backed up as part of this utility, there should not be any case where the users is required to decrypt any local data, because the data will always reside on the iFolder server.
  4. The process diagram located in the help form is based on using ZEN application packages to drive this utility.

Update to v1.1
*Support was requested for Windows 2000.
iFLclSec.exe now supports Windows 2000. CIPHER.EXE on Windows 2000 supports the same switches as Windows XP.


How To-Best Practice
Comment List