Dell Data Protection | Encryption Installationshandbuch PDF herunterladen (Seite 99)

Installation Guide 99

Glossary

Common Encryption – The Common key makes files accessible to all managed users on the device where they were created.

Encryption Administrator Password (EAP) – The EAP is an administrative password that is unique to each computer. Most

configuration changes made in the Local Management Console require this password. This password is also the same password

that is required if you have to use your LSARecovery_[hostname].exe file to recover your data. Record and save this password

in a safe place.

Encryption Keys – The “Common” key makes files accessible to all managed users on the device where they were created. The

“User” key makes files accessible only to the user who created them, only on the device where they were created. The “User

Roaming” key makes files accessible only to the user who created them, on any Shielded Windows device.

Hardware Crypto Accelerator (HCA) – HCA cards enable hardware-based encryption and provide advanced security. During

setup, the HCA card is locked to the motherboard, and a unique key is created, encrypted, signed, and stored. Thereafter, access

to your encrypted data is allowed only on that specific computer and only with the correct user authentication. Personal Edition

v8.3 or later offers HCA with Preboot Authentication (PBA), which uses a separate preboot partition to allow for encryption of

the Master Boot Record. When HCA policies are in play, System Data Encryption (SDE) policies are ignored. Note that

Personal Edition does not support smart card or biometric technology for PBA.

Legacy HCA (legacy PBA) – Computers equipped with legacy HCA use a BIOS password to emulate preboot authentication.

The BIOS of most of these computers can be upgraded to take advantage of the newest HCA features used by DDP|E v8.3 and

later. If the BIOS cannot be upgraded, DDP|E can be installed and run, but the computer will not have access to the newest

features of HCA. See Also Hardware Crypto Accelerator (HCA).

Preboot Authentication (PBA) – Preboot Authentication (PBA) serves as an extension of the BIOS or boot firmware and

guarantees a secure, tamper-proof environment external to the operating system as a trusted authentication layer. The PBA

prevents anything being read from the hard disk, such as the operating system, until the user has confirmed they have the

correct credentials.

Single Sign-On (SSO) – SSO simplifies the logon process when multi-factor authentication is enabled at both preboot and

Windows logon. If enabled, authentication is required at preboot only, and users are automatically logged on to Windows. If

not enabled, authentication may be required multiple times.

System Data Encryption (SDE) – SDE policies encrypt the System Drive, the Fixed Drives, or both - depending on the policy

template chosen. SDE policies do not encrypt the files needed by the operating system to start the boot process. SDE policies

do not require preboot authentication or interfere with the Master Boot Record in any way. When the computer starts, the

encrypted files are available before user login (to enable patch management, SMS, backup and recovery tools). SDE is designed

to encrypt the operating system and program files. In order to accomplish this purpose, SDE must be able to open its key while

the operating system is booting, without intervention of a password by the user. Its intent is to prevent alteration or offline

attacks on the operating system by an attacker. SDE is not intended for user data. Common and User key encryption are

intended for sensitive user data because they require a user password in order to unlock encryption keys.

1 2 ... 94 95 96 97 98 99 100 101 102

Keine Kommentare

Dell Data Protection | Encryption Installationshandbuch Seite 99