File Share Encryption

Hi,

I have to give the Demo of Symantec PGP Universal Server for Whole Disk Encryption to my client so can anyone help me with the Polcies part that how i can implement the Best policies to do the POC sucessfully.

Hi Rupinder_Sran,

I believe this article will be useful and will give you some guidance: https://www-secure.symantec.com/connect/articles/how-avoid-or-minimize-data-loss-when-using-symantec-encryption-solution
Please note that it contains only references about data access/recovery.

There are other aspects you need to consider like permissions to encrypt/decrypt, single sign-on (SSO), etc.


HTH,
dcats

Hi Dcats,

It is nice artical but i need the artical on the policies configuration part so if you have any then pl share.

Reg,

Rupinder

There are no articles on "How to deliver a POC" but when I do demos to clients i demonstrate the following

• SSO signon.
• Adding/removing users
• Displaying rights a user can have (unable to encrypt or decrypt)
• Bootguard authentication including self recovery and WDRT
• Disk Administrator passphrase

Coupled with a quick overview of the WDE section of the Universal Server and demo complete.

You obviously need to know the product well in order to deliver a POC :)

Yeah you are rite but i am awere of the product but Universal server 3.2 version and i am looking for some more tips so that i can make the POC better.

Hey i have one query.

Suppose there are two users A & B using the same machine and enrolled on it. Machine is encrypted.

Is user A is able to access the personal files of user B that is stored on C or D drive of machine??

Hello,

Once the user already log in on the machine, the machine was already decrypted. Accesing the personal file of the other user is possible if he/she has an authority on the files/folder. WDE is only encrypting the disk and not the files.

Best Regards,

On the POC part of the WDE, here are some scenario i've been doing when i'm conducting POC

• Whole disk encryption process
• Client configuration and installation
• Encryption Administration
• User Enrolment
• Single Sign On
• Boot guard Logon
• Creating test policies for different scenarios
• Creation of users with limited privileges
• Using WDRT

Best Regards,

Aeschylus

Thanks for the giving some points for the POC and if user wants to encrypt his files so that another user wont able to access it then he would have to use Virtual disk feature for doing that or there is some other option available.

Reg,

Rupinder

Hello,

Most probably your best option was Virtual disk. It is perfect place for storing your sensitive files as it uses part of your hard drive space as an encrypted virtual disk volume with its own drive letter. 

You can also check Symantec white paper of Drive Encryption for windows as your referrence.

http://www.google.com.ph/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0CCYQFjAA&url=http%3A%2F%2Fwww.symantec.com%2Fbusiness%2Fsupport%2Fresources%2Fsites%2FBUSINESS%2Fcontent%2Flive%2FDOCUMENTATION%2F6000%2FDOC6208%2Fen_US%2FsymcDriveEncr_103_win_quickstart_en.pdf&ei=9G0zU6CoKcyTiQePxIH4BQ&usg=AFQjCNGlcPmXcLASrqP7NDKIT9lWA6jsyg&bvm=bv.63808443,d.aGc

Best Regards,

Either virtual disk or just encrypting files/folders the normal way will both work.

Best security practices dictate that if you want sensitive data to only be accessible to one user, that user should not be sharing his system with other users.

That being said, if it is a standalone installation on a non-enterprise-managed system, protection of specific files between two local admin users on a shared system will only be as strong as the passphrase selected for the PGP encryption key or PGP virtual disk.

If the system is managed, permissions should be assigned to prevent each user from accessing the other user's files, even if PGP Virtual Disk is still used. 

The sensitive documents could also be stored on a PGP Virtual Disk on a removable device.  If there is no other way around sharing the system, that would be my recommendation.