Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Automatic Authentication

Created: 25 Oct 2012 | 1 comment

Trying to wrap my head around the security behind automatic authentication... 

So I see the Endpoint Encryption loading something in Pre-Boot, and then it goes straight into the Windows logon screen. At what point does the drive become unencrypted?  Are the contents of the drive still encrypted until an authenticated user logs on to Windows?  If the drive is unencrypted at the logon screen, then what's the point of encrypting it in the first place? 

We're looking to streamline the sign-on process as much as possible, but not to the point where we make the encryption pointless. 

Comments 1 CommentJump to latest comment

SMLatCST's picture

You can verify via the SEE Admin/User client or from the Manager Computer/Console if a disk is encrypted or not.  The state of encryption isn't specifically linked to the authentication options you choose.

As far as your implementation goes (full disk encrypted endpoint machine with automatic authentication) the drive itself is encrypted, so is protected from attempts to read/manipulate the drive with other bootable utilities, password crackers that boot from CD/USB, and anything else that doesn't have access to the keys.  But because it boots straight into Windows, you are essentially reliant upon the security of Windows itself.  Once it's all up and loaded, it has the same exposure as a normal Windows machine and is open to all of Windows vulnerabilities and attack vectors.

It sounds like you may want to switch to requiring authentication, and enabling single sign-on.  This means when a encrypted machine is started it boots straight into the hardened pre-boot auth environment, but will then load straight into the profile of whichever registered user logs on.  This is normally the recommended auth option.