PGP Whole Disk Encryption Training

Similar documents
Symantec PGP Whole Disk Encryption Hands-On Lab V 3.7

White Paper: Whole Disk Encryption

DriveLock and Windows 7

For your eyes only - Encryption and DLP Erkko Skantz

Yale Software Library

Disk Encryption. Aaron Howard IT Security Office

How Drive Encryption Works

Comodo Disk Encryption

DriveLock and Windows 8

GoldKey Software. User s Manual. Revision WideBand Corporation Copyright WideBand Corporation. All Rights Reserved.

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016

How Endpoint Encryption Works

Symantec Endpoint Encryption Full Disk

Yale Software Library. PGP 9.6 for Windows

Full Disk Encryption Agent Reference

McAfee Endpoint Encryption for PC 7.0

I. Configuring Digital signature certificate in Microsoft Outlook 2003:

Administering FileVault 2 on OS X Lion with the Casper Suite. Technical Paper July 2012

Innovative Secure Boot System (SBS) with a smartcard.

Yale Software Library

Sophos Disk Encryption License migration guide. Product version: 5.61 Document date: June 2012

Pointsec Enterprise Encryption and Access Control for Laptops and Workstations

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

PGP Proof of Concept Completion Checklist

Chapter 1 Scenario 1: Acme Corporation

Windows Symantec Encryption Desktop (PGP) Install Guide. Symantec Encryption Desktop (PGP) Windows system requirements

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

Symantec File Share Encryption Quick Start Guide Version 10.3

Entrust Managed Services PKI

PGP Product Update Juha Ropponen

Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology

SafeGuard Enterprise Web Helpdesk. Product version: 6.1

PGP Whole Disk Encryption Quick Start Guide Version 9.8

Do "standard tools" meet your needs when it comes to providing security for mobile PCs and data media?

Sophos SafeGuard Native Device Encryption for Mac Administrator help. Product version: 7

Symantec Drive Encryption for Windows

DeployStudio Server Quick Install

MBAM Self-Help Portals

NetWrix Password Manager. Quick Start Guide

Office 365 Windows Intune Administration Guide

PGP Desktop Version 10.2 for Windows Maintenance Pack Release Notes

Guidelines on use of encryption to protect person identifiable and sensitive information


PGP Desktop for Windows

Full Disk Encryption Pre-Boot Authentication Reference

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Navigating Endpoint Encryption Technologies

VMware Horizon Workspace Security Features WHITE PAPER

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android with TouchDown

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience

Symantec Endpoint Encryption Full Disk

Designing and Deploying Connected Device Solutions for Small and Medium Business

Vs Encryption Suites

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012

Mobile Device Security and Encryption Standard and Guidelines

EXAM - ST Symantec PGP Universal Server 3.2 Technical Assessment. Buy Full Product.

ADSelfService Plus Client Software Installation Guide

Symantec Endpoint Encryption Full Disk for Mac OS X

Administering FileVault 2 on OS X Mavericks with the Casper Suite v9.2 or Later. Technical Paper October 2013

Symantec Encryption Desktop for Mac OS X

PGP(R) Desktop Version 10.0 for Mac OS X Release Notes

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation

ScoMIS Encryption Service

PGP Desktop: Enterprise Whole Disk Encryption Only Edition Version Security Target

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android

SafeGuard Enterprise Web Helpdesk

PGP Whole Disk Encryption for Windows Quick Start Guide Version 10.2

Password Manager Windows Desktop Client

How to enable Disk Encryption on a laptop

Freshservice Discovery Probe User Guide

Active Directory Integration

Best Practices: Integrating Mac OS X with Active Directory. Technical White Paper April 2009

PGP Desktop is a security tool that uses cryptography to protect your data against unauthorized access.

Symantec Encryption Desktop for Windows

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

PGP Desktop for Windows Quick Start Guide Version 10.0

Management of Hardware Passwords in Think PCs.

Recovering Encrypted Disks Using Windows Preinstallation Environment. Technical Note

1. System Requirements

SOMITS is located in the 1648 Pierce Drive School of Medicine Building, Suite AB51.

Encrypting the Private Files on Your Computer Presentation by Eric Moore, CUGG June 12, 2010

Kaspersky Lab s Full Disk Encryption Technology

Protecting Your Business from Costly Data Theft: Why Hardware-Based Encryption Is the Answer

McAfee Endpoint Encryption (SafeBoot) User Documentation

Full version is >>> HERE <<<

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken

Understanding Northwestern University s contract with Symantec. Symantec Solutions for Cost Reduction & Optimization

Step by step guide how to password protect your USB flash drive

RSA Authentication Agent 7.2 for Microsoft Windows Installation and Administration Guide

PGP Desktop Quick Start Guide Version 10.2

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows

GO!Enterprise MDM Device Application User Guide Installation and Configuration for BlackBerry

Transcription:

PGP Whole Disk Encryption Training

Agenda WDE Overview Licensing Universal Server & Client Basics Installation Password Recovery OS Maintenance Support Questions 2

Whole Disk Encryption Protects against: personal computer loss / theft / compromise / improper disposed Reduces risk of data and loss of PII (personally identifiable information) Protects against loss of reputation Encrypts desktops, laptops, and removable media Enables business continuity without disrupting user productivity Demonstrates compliance to regulatory standards 3

Full Disk vs. File Encryption Unsecured File Encryption Encrypts individual files / folders Requires authentication to decrypt and access files Full Disk Encryption Encrypts entire hard drive Replaces Master Boot Record with pre-boot environment Decrypts automatically as files are accessed 4

Notebook with Sensitive Info Protected threat: theft or loss Whole disk encryption Best guarantee of protecting data Only protects on that drive (encryption doesn t follow the file when it is moved) New login prompt on boot

How it Works Encrypts entire drive Block by block (including unused space) Passphrase for key (or token) Boot sector replaced with encryption authentication process Drive decrypts and encrypts on read/write Key is in memory while running, wiped on sleep 6

PGP BootGuard 7

Doesn t protect from Hacking Malware Social engineering Users leaving computer unlocked Mishandling of sensitive information 8

Disk Encryption Policy Restricted SSN, CCN, ephi, PII, legally/contractually protected Confidential Access limited to a select group of employees, but not meeting restricted definition Required Portable with restricted Desktop with >500 restricted Recommended Portable with confidential Desktop with <500 restricted http://policies.emory.edu/5.12 9

Licensing Details Emory currently owns 1,501 PGP licenses. Many units have already committed to an initial license purchase. Each license is $45.50. Licensed per computer and not per user. Additional licenses may be purchased by sending a Remedy ticket or an email to securityteaml@listserv.emory.edu containing the following information: School/Division/Business Unit name. Requestor s contact information. Number of licenses being purchased. Smart Key number. 10

Server & Client Basics Server Linux based soft appliance provided by PGP. Maintains copies of any user keys. Provides encryption verification and auditing. Assigns user policies based on AD group membership. Client Most users will never interact with the client except to enroll. Client communicates with the server to report encryption status, synchronize any keys, reset recovery tokens, etc. Features can be enabled or disabled by policy. 11

Architecture EHC Domain Emoryunivad Domain LDAP Proxy PGP Server 1 PGP Server 2 F5 Load Balancer VIP ` Clients 12

Available Features WDE PGP Shredder securely erases files. PGP Zip create encrypted zip files and self-extracting executables. PGP Virtual Disk create virtual encrypted volumes (similar to TrueCrypt). 13

PGP Policies Assigned using LDAP attributes We will focus on AD groups Per user, not per computer Client configuration Available features Automatic or manual disk encryption Can end users create keys Can end users encrypt/decrypt other things 14

Administrative Access Aladdin USB etokens Windows only ~$40 each from CDW Add local user manually Whole disk recovery tokens Retrieved from server One-time use Admin password (future version) 15

Supported OS s Windows 2000, XP, Vista, 7 both 32 and 64 bit Use of PGP on Windows Server is not recommended Mac OS X 10.4-10.6 Linux PGP v10 supports some variants of Linux, but this has not been tested at Emory 16

Installation Overview Create policies on PGP server, associated with (emoryunivad, EHC) AD groups Installed via simple Windows MSI or Mac pkg installer Run chkdsk.exe /R on Windows clients Install on client, let end user enroll Client grabs policy associated with end user (based on AD group membership) Disk encryption starts automatically (if configured by policy) Additional users can be added to the system as necessary by adding a new passphrase user 17

Installation Caveats Active Directory groups must be created and associated with a policy prior to deployment. Do you need a delegated OU? The initial encryption process will find bad sectors if they exist. May also uncover failing disks. Run chkdsk.exe /R first. Make sure that the end user enrolls their system with the server - don t user your credentials. 18

A Word on Groups Be careful not to place users into multiple groups that control PGP policy enrollment. If you re creating a new group, please include PGP, your unit, and a descriptive item in the group name. E.g. EC-PGP-WDE Only, SOM- DOM-PGP-All Features. Be careful with users that you think might be using PGP in other schools (think faculty with dual appointments). 19

Password Recovery Unique, one time use recovery token for forgotten passphrases (Whole Disk Recovery Tokens) See documentation for full WDRT and forgotten passphrase steps. 20

OS Repair/Upgrades Special steps are required to upgrade the OS on systems encrypted with PGP. Decrypt boot drive. Uninstall PGP. Perform upgrade. Reinstall PGP and re-encrypt the boot drive. Any operation that makes a change to the MBR will require special planning. 21

Dual Booting OK as long as both OS support PGP and both have PGP Desktop installed. (Ex. Windows XP & Windows 7 on the same box) If dual booting Windows & Linux, the Linux partition must remain unencrypted (as of version 9). Neither of these scenarios has been tested and should probably be avoided if possible. 22

Getting the Software E-mail securityteaml@listserv.cc.emory.edu, or submit a Remedy ticket with the following information: Full path of the AD group(s) that you will use to manage PGP policy enrollment. Which policy features you want enabled. You will receive a reply confirming that your policy has been configured, along with a link to download the client software. 23

Where to go for Help Submit a Remedy ticket to the UTS Security Team to: Gain access to client installation software Request PGP policy changes Associate AD groups with policies Tier II troubleshooting Request WDRT administrator privileges Submit a Remedy ticket to the UTS Identity Management Team to: Request a delegated active directory OU In Health Care, contact Mike Chilcott or Mickey McKinney. 24

? 25

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information