DOCSLIB.ORG

Safeguard Enterprise Administrator Help Product Version: 8.2 Contents About Safeguard Enterprise

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Safeguard Enterprise Administrator Help Product Version: 8.2 Contents About Safeguard Enterprise SafeGuard Enterprise administrator help product version: 8.2 Contents About SafeGuard Enterprise....................................................................................................................1 Installation.................................................................................................................................................4 SafeGuard Enterprise components............................................................................................... 4 Getting started............................................................................................................................... 7 Setting up SafeGuard Enterprise Server.................................................................................... 10 Setting up SafeGuard Enterprise Database................................................................................13 Setting up SafeGuard Management Center................................................................................21 Testing communication................................................................................................................27 Securing transport connections with SSL................................................................................... 28 Registering and configuring SafeGuard Enterprise Server.........................................................33 Creating configuration packages.................................................................................................35 Setting up SafeGuard Enterprise on endpoints.......................................................................... 37 Installing the encryption software on Windows...........................................................................40 Installing the encryption software on macOS............................................................................. 49 Setting up Web Helpdesk........................................................................................................... 51 About upgrading.......................................................................................................................... 53 About migrating........................................................................................................................... 55 SafeGuard Management Center............................................................................................................57 Logging on to the SafeGuard Management Center....................................................................57 SafeGuard Management Center user interface.......................................................................... 58 Working with policies...................................................................................................................61 Working with configuration packages..........................................................................................66 Enhanced authentication - the .Unconfirmed Users group......................................................... 69 User Machine Assignment.......................................................................................................... 70 Improve Sophos SafeGuard by sending anonymous usage data...............................................75 SafeGuard Management Center advanced................................................................................ 76 Managing Windows endpoints............................................................................................................. 222 Manage BitLocker Drive Encryption..........................................................................................222 Location-based File Encryption................................................................................................. 232 Cloud Storage............................................................................................................................243 SafeGuard Data Exchange....................................................................................................... 249 SafeGuard Enterprise and self-encrypting, Opal-compliant hard drives................................... 256 SafeGuard Configuration Protection......................................................................................... 259 About uninstallation................................................................................................................... 259 Managing Mac endpoints.....................................................................................................................261 Create configuration package for Macs.................................................................................... 261 About SafeGuard Native Device Encryption for Mac................................................................261 About SafeGuard File Encryption for Mac................................................................................ 268 Troubleshooting......................................................................................................................... 279 Inventory and status data of Macs........................................................................................... 281 Uninstall Native Device Encryption from Mac endpoints.......................................................... 281 Uninstall File Encryption from Mac endpoints...........................................................................282 Synchronized Encryption......................................................................................................................283 Best Practice: multi-key support for Synchronized Encryption................................................. 284 Requirements.............................................................................................................................285 Encrypt data.............................................................................................................................. 290 Outlook Add-in for Synchronized Encryption............................................................................ 304 Integration with Sophos Central Endpoint Protection............................................................... 305 Share SafeGuard Enterprise key ring with mobile devices managed by Sophos Mobile.......... 306 Configure trusted applications and ignored devices................................................................. 308 Application-based File Encryption policies in the RSOP.......................................................... 309 Advanced management....................................................................................................................... 310 (2021/02/09) Best practices and recommendations.......................................................................................310 Security recommendations........................................................................................................ 319 Replicating the SafeGuard Enterprise Database...................................................................... 321 Web Helpdesk........................................................................................................................... 321 Recovery....................................................................................................................................334 Tools.......................................................................................................................................... 336 Technical support................................................................................................................................. 350 Legal notices........................................................................................................................................ 351 (2021/02/09) SafeGuard Enterprise administrator help 1 About SafeGuard Enterprise SafeGuard Enterprise is a comprehensive data security solution that uses a policy-based encryption strategy to provide reliable data protection on workstations, network shares, and mobile devices. It allows users to securely share information and work with files on Windows, macOS, iOS, and Android devices with the help of the Sophos Secure Workspace app, see SafeGuard Enterprise components (page 4). In the SafeGuard Management Center, you manage security policies, keys, and certificates using a role-based administration strategy. Detailed logs and report functions ensure that you always have an overview of all events. On the user side, data encryption and protection against unauthorized access are the main security functions of SafeGuard Enterprise. SafeGuard Enterprise can be seamlessly integrated into the user's normal environment. Synchronized Encryption - application-based File Encryption Synchronized Encryption is built on two assertions – that all data is important and must be protected (encrypted) and that encryption should be persistent wherever the data is located. In addition, important data should be encrypted automatically and transparently so that a user need not be bothered with having to decide whether or not to encrypt a file based on its perceived importance. This very basic premise, that all data is important and must be protected, ensures that all data is encrypted seamless without user intervention. This allows the user to remain productive, have their data secure and follow their existing workflows, see Synchronized Encryption (page 283). Location-based File Encryption • Cloud Storage Cloud storage
Load more

Recommended publications
  • Turning on Bitlocker Drive Encryption on Windows Computers Before You
    Turning on BitLocker drive encryption on Windows computers Before you start a couple of VERY important notes... a) Make sure you have backups before you start just in case anything goes wrong (as it’s much harder, usually impossible, to recover data from an encrypted drive - as you would hope and expect). b) Make sure you keep a safe copy of the encryption key And please provide a copy for the IT Office to store for use in the event of a problem or, if you choose to let Microsoft keep it, make sure you know your login details for Microsoft. If you forget the passwords and can not recover a copy of your key you will loose all your files (which is another reason to keep backups). If you reset BitLocker and a new encryption key is set - please remember to provide a copy to the IT Office Windows 7, 8 and 10 have BitLocker Built in, this can be used to encrypt the hard drive. It just needs to be activated following the steps shown below. 1) Enable BitLocker for a Drive The easiest way to enable BitLocker for a drive is to right-click the drive in a File Explorer window, and then choose the “Turn on BitLocker” command. If you don’t see this option on your context menu. Then click on the windows icon and where it says “Type here to search” type in “encryption” and click on “Manage BitLocker” from the list of options that appears. It’s just that simple. The wizard that pops up walks you through selecting several options, which we’ve broken down into the sections that follow.
    [Show full text]
  • Semi-Automated Parallel Programming in Heterogeneous Intelligent Reconfigurable Environments (SAPPHIRE) Sean Stanek Iowa State University
    Iowa State University Capstones, Theses and Graduate Theses and Dissertations Dissertations 2012 Semi-automated parallel programming in heterogeneous intelligent reconfigurable environments (SAPPHIRE) Sean Stanek Iowa State University Follow this and additional works at: https://lib.dr.iastate.edu/etd Part of the Computer Sciences Commons Recommended Citation Stanek, Sean, "Semi-automated parallel programming in heterogeneous intelligent reconfigurable environments (SAPPHIRE)" (2012). Graduate Theses and Dissertations. 12560. https://lib.dr.iastate.edu/etd/12560 This Dissertation is brought to you for free and open access by the Iowa State University Capstones, Theses and Dissertations at Iowa State University Digital Repository. It has been accepted for inclusion in Graduate Theses and Dissertations by an authorized administrator of Iowa State University Digital Repository. For more information, please contact [email protected]. Semi-automated parallel programming in heterogeneous intelligent reconfigurable environments (SAPPHIRE) by Sean Stanek A dissertation submitted to the graduate faculty in partial fulfillment of the requirements for the degree of DOCTOR OF PHILOSOPHY Major: Computer Science Program of Study Committee: Carl Chang, Major Professor Johnny Wong Wallapak Tavanapong Les Miller Morris Chang Iowa State University Ames, Iowa 2012 Copyright © Sean Stanek, 2012. All rights reserved. ii TABLE OF CONTENTS LIST OF TABLES .....................................................................................................................
    [Show full text]
  • Microsoft Windows FIPS 140 Validation Security Policy Document
    Secure Kernel Code Integrity Security Policy Document Microsoft Windows FIPS 140 Validation Microsoft Windows 10 (Creators Update, Fall Creators Update, April 2018 Update) Microsoft Windows Server (versions 1703, 1709, and 1803) Non-Proprietary Security Policy Document Version Number 1.4 Updated On April 4, 2019 © 2018 Microsoft. All Rights Reserved Page 1 of 24 This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision). Secure Kernel Code Integrity Security Policy Document The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. This work is licensed under the Creative Commons Attribution-NoDerivs- NonCommercial License (which allows redistribution of the work). To view a copy of this license, visit http://creativecommons.org/licenses/by-nd-nc/1.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
    [Show full text]
  • Docker Windows Task Scheduler
    Docker Windows Task Scheduler Genealogical Scarface glissading, his karyotype outgone inflicts overflowingly. Rudolph is accessorial and suckers languorously as sociologistic Engelbart bridled sonorously and systematises sigmoidally. Which Cecil merchandises so unbelievably that Cole comedowns her suavity? Simple task runner that runs pending tasks in Redis when Docker container. With Docker Content Trust, see will soon. Windows Tip Run applications in extra background using Task. Cronicle is a multi-server task scheduler and runner with a web based front-end UI It handles both scheduled repeating and on-demand jobs targeting any. Django project that you would only fetch of windows task directory and how we may seem. Docker schedulers and docker compose utility program by learning service on a scheduled time, operators and manage your already interact with. You get a byte array elements followed by the target system privileges, manage such data that? Machine learning service Creatio Academy. JSON list containing all my the jobs. As you note have noticed, development, thank deity for this magazine article. Docker-crontab A docker job scheduler aka crontab for. Careful with your terminology. Sometimes you and docker schedulers for task failed job gets silently redirected to get our task. Here you do want to docker swarm, task scheduler or scheduled background tasks in that. Url into this script in one easy to this was already existing cluster created, it retry a little effort. Works pretty stark deviation from your code is followed by searching for a process so how to be executed automatically set. Now docker for windows service container in most amateur players play to pass as.
    [Show full text]
  • FROM SHAMOON to STONEDRILL Wipers Attacking Saudi Organizations and Beyond
    FROM SHAMOON TO STONEDRILL Wipers attacking Saudi organizations and beyond Version 1.05 2017-03-07 Beginning in November 2016, Kaspersky Lab observed a new wave of wiper attacks directed at multiple targets in the Middle East. The malware used in the new attacks was a variant of the infamous Shamoon worm that targeted Saudi Aramco and Rasgas back in 2012. Dormant for four years, one of the most mysterious wipers in history has returned. So far, we have observed three waves of attacks of the Shamoon 2.0 malware, activated on 17 November 2016, 29 November 2016 and 23 January 2017. Also known as Disttrack, Shamoon is a highly destructive malware family that effectively wipes the victim machine. A group known as the Cutting Sword of Justice took credit for the Saudi Aramco attack by posting a Pastebin message on the day of the attack (back in 2012), and justified the attack as a measure against the Saudi monarchy. The Shamoon 2.0 attacks observed since November 2016 have targeted organizations in various critical and economic sectors in Saudi Arabia. Just like the previous variant, the Shamoon 2.0 wiper aims for the mass destruction of systems inside targeted organizations. The new attacks share many similarities with the 2012 wave, though featuring new tools and techniques. During the first stage, the attackers obtain administrator credentials for the victim’s network. Next, they build a custom wiper (Shamoon 2.0) which leverages these credentials to spread widely inside the organization. Finally, on a predefined date, the wiper activates, rendering the victim’s machines completely inoperable.
    [Show full text]
  • Diskgenius User Guide (PDF)
    www.diskgenius.com DiskGenius® User Guide The information in this document is subject to change without notice. This document is not warranted to be error free. Copyright © 2010-2021 Eassos Ltd. All Rights Reserved 1 / 236 www.diskgenius.com CONTENTS Introduction ................................................................................................................................. 6 Partition Management ............................................................................................................. 6 Create New Partition ........................................................................................................ 6 Active Partition (Mark Partition as Active) .............................................................. 10 Delete Partition ................................................................................................................ 12 Format Partition ............................................................................................................... 14 Hide Partition .................................................................................................................... 15 Modify Partition Parameters ........................................................................................ 17 Resize Partition ................................................................................................................. 20 Split Partition ..................................................................................................................... 23 Extend
    [Show full text]
  • Bitleaker: 0 1 1 1 1 1 0 0 0 0 0 0 1 1 1 1 1 1 0 1 0 1 0 0 1 Subverting Bitlocker with One Vulnerability1 1 1
    1 1 0 1 0 1 1 0 BitLeaker: 0 1 1 1 1 1 0 0 0 0 0 0 1 1 1 1 1 1 0 1 0 1 0 0 1 Subverting BitLocker with One Vulnerability1 1 1 Seunghun Han, Jun-Hyeok Park (hanseunghun || parkparkqw)@nsr.re.kr Wook Shin, Junghwan Kang, Byungjoon Kim (wshin || ultract || bjkim)@nsr.re.kr Who Are We? - Senior security researcher at the Affiliated Institute of ETRI - Review board member of Black Hat Asia and KimchiCon - Speaker at USENIX Security, Black Hat Asia, HITBSecConf, BlueHat Shanghai, KimchiCon, BeVX, TyphoonCon and BECS - Author of “64-bit multi-core OS principles and structure, Vol.1&2” - a.k.a kkamagui, @kkamagui1 - Senior security researcher at the Affiliated Institute of ETRI - Speaker at Black Hat Asia 2018 ~ 2019 - Embedded system engineer - Interested in firmware security and IoT security - a.k.a davepark, @davepark312 Previous Works Goal of This Presentation - We present an attack vector, S3 Sleep, to subvert the Trusted Platform Modules (TPMs) - S3 sleeping state cuts off the power of CPU and peripheral devices - We found CVE-2018-6622, and it affects a discrete TPM (dTPM) and a firmware TPM (fTPM) - We introduce a new tool, BitLeaker - BitLeaker extracts the Volume Master Key (VMK) of BitLocker from TPMs - BitLeaker can mount a BitLocker-locked partition with the VMK DISCLAIMER - We do not explain BitLocker’s encryption algorithm - We focus on the protection mechanism for the VMK - Especially, the mechanism only with a TPM! - It is a default option of BitLocker - We do not consider combinations of a TPM and other options (PIN or USB startup
    [Show full text]
  • USB External Device Encryption Instructions Acceptable Use: HSC Security Practices Regarding the Encryption of External USB Devices
    USB External Device Encryption Instructions Acceptable Use: HSC Security Practices regarding the encryption of external USB devices • The Encrypted USB Storage Device may only be used for temporary storage and/or data transport of duplicate data. • A complex password must be used upon encryption, loss of the password will render the data on the USB unrecoverable. Further recovery safeguards are NOT APPLICABLE. Some things to note before getting started: • It is recommended that the USB device (Flash Drive/External HDD) be formatted to “NTFS” before saving data to the device and/or encrypting the device. Make sure that you have saved desired data from the USB Device before formatting the drive! There is no mechanism to restore the data from the USB Storage Device once it has been formatted. • The following steps must be performed on a Windows 10 [Ver. 1511] device or above that is connected to the Health domain for BitLocker encryption to work in our environment. Format the Device • Connect the USB device to the computer and locate the device in the File Explorer. • Right-click the external USB device, select “Format…”, and select the following options: o File system: NTFS o Volume label: *Something easily identifiable* o Format options: [Select] “Quick Format” Activate BitLocker • Locate the device in the File Explorer • Right-click the external USB device, select “Turn on BitLocker”, and select the following options: o Use a password to unlock the drive (This should be automatically selected if you are connected to the Health domain) o Enter a unique PIN, ensure that your new PIN meets the following requirements: .
    [Show full text]
  • Enterprise Job Scheduling Checklist
    ••• ••• ••• 2 Forest Park Drive Farmington, CT 06032 Tel: 800 261 JAMS www.JAMSScheduler.com Enterprise Job Scheduling Checklist Following is a detailed list of evaluation criteria that you can use to benchmark the features and functions of various job schedulers your organization is considering. This checklist provides a way to thoroughly assess how well a given product meets your needs now and in the future. Product X General Cross Platform Scheduling Capabilities (Windows, UNIX, Linux, OpenVMS, System i, All Virtual Platforms, MacOS, zLinux, etc.) Support for native x64 and x86 Windows platforms Single GUI to connect to multiple Schedulers and Agents if necessary Kerberos Support Active Directory Support / ADAM Support Windows Management Instrumentation High Availability Architecture supporting Clustering and Standalone Automated Failover Scalable Architecture to support 500k+ jobs/day and more than 2,500 Server Connections Event-Driven Architecture Free, Unlimited Deployment of Admin Clients Scheduling Date/time based scheduling Event based scheduling Ad hoc scheduling Multiple jobs can be tied together in a Setup or Workflow Nested Jobs and Job Plans supported through Setups and Workflows Unlimited number of Job dependencies on one or multiple jobs in a Setup or Workflow Job dependencies between different schedulers File presence, absence & available dependencies and events Variable comparison dependencies Graphical Gantt view of the schedule with projected time runs Hooks for user defined dependencies Graphical view of job stream
    [Show full text]
  • INFORMATION TECHNOLOGY CONCEPTS-OPEN - REGIONAL 2019 Page 1 of 8
    INFORMATION TECHNOLOGY CONCEPTS-OPEN - REGIONAL 2019 Page 1 of 8 INFORMATION TECHNOLOGY CONCEPTS (391) —OPEN EVENT— REGIONAL – 2019 DO NOT WRITE ON TEST BOOKLET TOTAL POINTS _________ (100 points) Failure to adhere to any of the following rules will result in disqualification: 1. Contestant must hand in this test booklet and all printouts. Failure to do so will result in disqualification. 2. No equipment, supplies, or materials other than those specified for this event are allowed in the testing area. No previous BPA tests and/or sample tests or facsimile (handwritten, photocopied, or keyed) are allowed in the testing area. 3. Electronic devices will be monitored according to ACT standards. No more than sixty (60) minutes testing time Property of Business Professionals of America. May be reproduced only for use in the Business Professionals of America Workplace Skills Assessment Program competition. INFORMATION TECHNOLOGY CONCEPTS-OPEN - REGIONAL 2019 Page 2 of 8 MULTIPLE CHOICE Identify the choice that best completes the statement or answers the question. Mark A if the statement is true. Mark B if the statement is false. 1. Which of the following appears on the right side of any Windows 8 screen when you move your pointer to a right corner? A. Live tile B. Memory Manager C. Charms bar D. System tray 2. Which element of the Windows 7 GUI gives windows a glassy appearance, but also consumes more hardware resources? A. Control panel B. Aero user interface C. Charms interface D. Logic interface 3. The top of a top-down hierarchical structure of subdirectories is called which of the following? A.
    [Show full text]
  • Windows Intruder Detection Checklist
    Windows Intruder Detection Checklist http://www.cert.org/tech_tips/test.html CERT® Coordination Center and AusCERT Windows Intruder Detection Checklist This document is being published jointly by the CERT Coordination Center and AusCERT (Australian Computer Emergency Response Team). printable version A. Introduction B. General Advice Pertaining to Intrusion Detection C. Look for Signs that Your System may have been Compromised 1. A Word on Rootkits 2. Examine Log Files 3. Check for Odd User Accounts and Groups 4. Check All Groups for Unexpected User Membership 5. Look for Unauthorized User Rights 6. Check for Unauthorized Applications Starting Automatically 7. Check Your System Binaries for Alterations 8. Check Your Network Configurations for Unauthorized Entries 9. Check for Unauthorized Shares 10. Check for Any Jobs Scheduled to Run 11. Check for Unauthorized Processes 12. Look Throughout the System for Unusual or Hidden Files 13. Check for Altered Permissions on Files or Registry Keys 14. Check for Changes in User or Computer Policies 15. Ensure the System has not been Joined to a Different Domain 16. Audit for Intrusion Detection 17. Additional Information D. Consider Running Intrusion Detection Systems If Possible 1. Freeware/shareware Intrusion Detection Systems 2. Commercial Intrusion Detection Systems E. Review Other AusCERT and CERT Documents 1. Steps for Recovering from a Windows NT Compromise 2. Windows NT Configuration Guidelines 3. NIST Checklists F. Document Revision History A. Introduction This document outlines suggested steps for determining whether your Windows system has been compromised. System administrators can use this information to look for several types of break-ins. We also encourage you to review all sections of this document and modify your systems to address potential weaknesses.
    [Show full text]
  • Bitlocker Management
    BitLocker Management Vista Full Volume Encryption Feature Overview BitLocker - Full Volume Encryption Vista Enterprise and Ultimate AD management & Key backup options Save recovery password to USB, Printer, or File Share TPM 1.2 – Enables Drive Tampering Protection WMI Interface Vista Tool compatibility MS Boot Loader, System Restore, Disk Management BitLocker Tools Manage-bde.wsf - RTM Add / Remove key protectors Tools from MS Premier Support Site: BitLocker Drive Preparation BitLocker Recovery Password Viewer BitLocker Repair Tool Searches HD for unlinked FVEKs BitLocker Group Policy Computer Config\Admin Templates\Windows Components\BitLocker Drive Encryption AD Key Backup Options Backup Recovery Password to AD Backup Key Package to AD Require Backup to AD before encryption is enabled Backup Recovery Password to Share Recovery Options Require Creation of Recovery Password - Default Require Creation of Recovery Key Package - Default BitLocker Group Policy Advanced Options Allow BitLocker without TPM Startup Key or Pin with TPM Encryption Method AES 128 Diffuser – Default Prevent Memory Overwrite on Restart – Disabled TPM Platform Validation –7 Default Metrics Rom Code MBR Code – not partition table Boot Manager TPM Group Policy Computer Config\Admin Templates\System\ Trusted Platform Module Backup TPM Owner information to AD Require backup 3 settings related to TPM blocked commands BDE Security and Compatibility BitLocker Tips AD Backup only occurs when BDE is enabled Or when TPM is initialized
    [Show full text]