Endpoint Encryption

 View Only

  • 1.  Netshare vs Universal; who is doing the work?!

    Posted May 17, 2012 04:08 PM

    Everyone,

     

    Need just to verify a concept of how the encryption flow works between the Netshare (desktop) client and Universal... I am trying to determine what the dependencies are between Netshare users and the Universal Server when encrypting files to a protected share.  Beside the initial session passphrase authenication of the group/individual key to Universal and key creation, what other universal server dependencies does the netshare user rely on when they are encrypting?  The reason for my question is because I have employees in Europe with their own local network share and my Universal server is in the US.. so I am worried about latency if the netshare users need to have a constant connection to Universal server?  Does the encryption occur at the client level once the user is fully authenicated?

     

    THANKS!



  • 2.  RE: Netshare vs Universal; who is doing the work?!

    Posted May 18, 2012 10:12 AM

    For netshare this is what the universal server does for clients (hint: it's not much, but it can be important)

     

    - Key management (can be setup to safe guard PGP keys, also used as a key server so other pgp desktop clients can look up users keys)

    - Consumer Policy  (this controls PGP features, ex. enable/disable netshare, configure WDE auto encrypt)

    Clients do not need a constant connection to a PGP universal server to use netshare. With netshare -all- of the encryption and decryption work occurs on the client side, not on the universal server

    I would suggest testing with different keymodes to see which works best in your scenario, i would specifically test SKM vs. GKM, 

    I think having a PGP universal server is important when using Netshare, it will ensure each client can be setup identically. You can protect user's keys with GKM/SKM. You can configure use of an additional decryption key for every file that is encrypted (so if someone leaves the company the data is still accessible to authorized individuals)

     



  • 3.  RE: Netshare vs Universal; who is doing the work?!

    Broadcom Employee
    Posted May 23, 2012 07:46 PM

    Group Keys for authentication. This feature requires connection to the Universal Server for LDAP queries on AD authentication as well as association for the group they are using. I'm attaching a FAQ about Group key usage. Hope this helps.

    http://www.symantec.com/docs/HOWTO61299

     

     

     



  • 4.  RE: Netshare vs Universal; who is doing the work?!

    Posted Sep 21, 2012 03:39 PM

    How do I encrypt a folder/share without installing netshare on every computer?



  • 5.  RE: Netshare vs Universal; who is doing the work?!

    Posted Sep 24, 2012 09:40 AM

    Whatever is accessing that share needs to have a key in order to access it, therefore every machine needs to have PGP Desktop installed.  You can have group keys etc., but you need to be able to assign users to that group, again requiring PGP Dekstop.

    You can use PGP Commandline to do the same thing, but that is a very expensive option for something that netshare does by design.