endpoint encryption for files and folders 4.2 product guide

Download Endpoint Encryption for Files and Folders 4.2 Product Guide

Post on 03-Jan-2017

217 views

Category:

Documents

4 download

Embed Size (px)

TRANSCRIPT

  • Product Guide

    McAfee Endpoint Encryption for Files andFolders 4.2For use with ePolicy Orchestrator 4.6 Software

  • COPYRIGHTCopyright 2013 McAfee, Inc. Do not copy without permission.

    TRADEMARK ATTRIBUTIONSMcAfee, the McAfee logo, McAfee Active Protection, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, Foundscore,Foundstone, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TotalProtection, TrustedSource, VirusScan, WaveSecure are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States andother countries. Other names and brands may be claimed as the property of others.

    Product and feature names and descriptions are subject to change without notice. Please visit mcafee.com for the most current products and features.

    LICENSE INFORMATION

    License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.

    2 McAfee Endpoint Encryption for Files and Folders 4.2 Product Guide

    http://mcafee.com

  • Contents

    Preface 5About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

    Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

    Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

    1 Introduction 7EEFF and data protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7How EEFF works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

    2 Installing the EEFF client 9Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Check in the EEFF software package . . . . . . . . . . . . . . . . . . . . . . . . . . 10Install the EEFF extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Install the Help extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Register Windows Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Deploy EEFF to managed systems . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

    3 Configuring EEFF policies 15EEFF policy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

    General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Folder encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16File encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Removable media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18CD/DVD encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Encryption options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Grant keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22User local keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Password rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

    Create a policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Edit the EEFF policy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Assign a policy to a managed system . . . . . . . . . . . . . . . . . . . . . . . . . . 25Assign a policy to a system group . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Enforce EEFF policies on a system . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Enforce EEFF policies on a system group . . . . . . . . . . . . . . . . . . . . . . . . 26How policy assignment rules work . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

    Policy assignment rule priority . . . . . . . . . . . . . . . . . . . . . . . . . 27Working with policy assignment rules . . . . . . . . . . . . . . . . . . . . . . 28

    How multi-slot policies work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Assign multiple instances of Grant Key policy through the System Tree . . . . . . . . . 28Assigning Grant Key policy through policy assignment rules . . . . . . . . . . . . . . 29View the policies assigned to systems . . . . . . . . . . . . . . . . . . . . . . 30View the policies assigned to users . . . . . . . . . . . . . . . . . . . . . . . 30

    McAfee Endpoint Encryption for Files and Folders 4.2 Product Guide 3

  • 4 Managing EEFF keys 33Encryption keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Create an encryption key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Activate or deactivate the encryption keys . . . . . . . . . . . . . . . . . . . . . . . . 34Assign the encryption keys to a policy . . . . . . . . . . . . . . . . . . . . . . . . . 34Edit an encryption key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Delete an encryption key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Export encryption keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Import keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

    Import keys from EEFF . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36Import keys from EEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

    How user personal keys work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Assign a user personal key . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Recover a user personal key . . . . . . . . . . . . . . . . . . . . . . . . . . 38

    Role-based key management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38How role-based key management works . . . . . . . . . . . . . . . . . . . . . 39Add a role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Edit a role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Delete a role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Assign a role to a permission set . . . . . . . . . . . . . . . . . . . . . . . . 40

    View key usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

    5 Defining EEFF permission sets for McAfee ePO users 43Create permission sets for user accounts . . . . . . . . . . . . . . . . . . . . . . . . 43Edit the EEFF policy permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Edit the EEFF key server permissions . . . . . . . . . . . . . . . . . . . . . . . . . . 44

    6 Managing EEFF reports 45EEFF queries and query results . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Create EEFF custom queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46View standard EEFF queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47EEFF client events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48View audit log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

    A Additional information 51FIPS certification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

    Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Impact of FIPS mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Installing the client package in FIPS mode . . . . . . . . . . . . . . . . . . . . 52

    Uninstall EEFF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Use McAfee ePO to uninstall EEFF from managed systems . . . . . . . . . . . . . . 52Remove the EEFF extension . . . . . . . . . . . . . . . . . . . . . . . . . . 53Remove the EEFF software package . . . . . . . . . . . . . . . . . . . . . . . 53Use Shell command to uninstall EEFF from managed systems . . . . . . . . . . . . . 54Use MSI to uninstall EEFF from managed systems . . . . . . . . . . . . . . . . . 54

    Removable media registry controls . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Broaden the removable media definition . . . . . . . . . . . . . . . . . . . . . 54Exempt local drives and network shares from encryption . . . . . . . . . . . . . . . 55

    Best practices for large-scale deployment . . . . . . . . . . . . . . . . . . . . . . . . 55Key caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Tuning encryption intensity for network . . . . . . . . . . . . . . . . . . . . . . 55Explicitly encrypting large shares in advance . . . . . . . . . . . . . . . . . . . . 56Excluding the EEFF client program directory . . . . . . . . . . . . . . . . . . . . 56

    Index 57

    Contents

    4 McAfee Endpoint Encryption for Files and Folders 4.2 Product Guide

  • Preface

    This guide provides the information you need to configure, use, and maintain your McAfee product.

    Contents About this guide Find product documentation

    About this guideThis information describes the guide's target audience, the typographical conventions and icons usedin this guide, and how the guide is organized.

    AudienceMcAfee documentation is carefully researched and written for t

Recommended

View more >