Professional Documents
Culture Documents
VERSION 0.4 | 10 March 2013 PREPARED BY: North American Security Services
Amendment History
Issue
0.1 0.2 0.3 0.4
Date
14-Jan-2011 14-Jan-2011 27-Jan-2011 10-Mar-2013
Amended By
James R Sims Rafael Boquetti James R Sims Gabriel Underwood
Amendment Details
1 Draft Updated Added Upgrade from PME to ME Added PME 3.0 support
st
Distribution
Name or Role Department or location Number of Copies
NASS
CSC Approvals
Authorized By: Gabriel Underwood Gabriel Underwood
Role
NASS Security Engineer NASS Security Engineer
Date
18-July-2012 20-March-2013
NASS-MES Page 2 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
Abstract
This document provides a User Guide for the Checkpoint File Encryption and Media Encryption applications as part of CSCs MPS 609 encryption policy.
NASS-MES Page 3 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
Table of Contents
TABLE OF CONTENTS ............................................................................................................. 4 1 2 3 INTRODUCTION ............................................................................................................... 5 MEDIA ENCRYPTION USER INSTRUCTIONS ............................................................... 5 FILE ENCRYPTION USER INSTRUCTIONS ................................................................. 33
NASS-MES Page 4 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
1 Introduction
Checkpoint Endpoint Media encryption (ME) will allow end users to encrypt and decrypt removable media in an effort to protect company information if the media is lost or stolen. Removable media is classified as USB Memory sticks, removable hard drives, etc. Basically, if your computer can recognize a device you plug into a USB port as a Mass Storage Device, it has the potential to be encrypted. ME encrypts the entire removable device. Checkpoint File encryption (FE) is an additional feature that allows you to protect your information by encrypting it one file at a time (or a group of file, but not the entire disk drive). Once encrypted, the information can only be accessed by people who know the correct password.
NASS-MES Page 5 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
The first screen is showing the former PME encrypted drive for reference.
NASS-MES Page 6 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
NOTE: Passwords can be reset by calling the helpdesk if the user does not recall the password. Go to Web Remote Help and perform a Challenge Response with the Helpdesk. The Account name MUST be the the owner of the device NOT the logged in user.
Contact the Helpdesk for any Encrypted packages or ISO the user does recall the password. Go to Web Remote Help and perform a Challenge Response with the Helpdesk.
NASS-MES Page 7 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
Next - if you copy a file or edit it, it removed the PME encryption and places it as non encrypted on the removal media.
Therefore, the suggested best practice is to copy all the files from the former PME encrypted device to the local drive and then fully encrypt the removable media.
NASS-MES Page 8 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
Limitations of Media Encryption on NTFS Drives ME will allow encryption of NTFS formatted removable media with file sizes up to 4.0 GB maximum. Files larger than 4.0 GB must be moved to the local system prior to encryption of the removal media. Search for all files 4.0 GB and larger and move them to your local C: dive, etc. prior to running the Welcome to EPM Media Import Wizard. After you have verified that all files are smaller than 4.0 GB continue to Encrypting Removable Media for the First Time. The total size of used space in the external media cannot exceed the total amount of free space on your computers system drive (usually the C: drive). The reason is that ME will attempt to temporarily back-up your data to the system drive, so the external media can be prepared for encryption. Once the drive is ready, the data will be automatically copied back from the system drive to the external media.
NASS-MES Page 9 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
Please DO NOT click Do not display again until the media is changed on the Welcome to EPM Media Import Wizard screen. Choosing Cancel at this screen will make the welcome screen disappear and you can then navigate to the drive. This will trigger the welcome screen again however; clicking Cancel will allow you to use the drive without encrypting. If the device you chose not to encrypt is removed then replaced, the welcome screen will appear along with the drive content. You can simply click cancel and use the device without encrypting.
NASS-MES Page 10 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
Secure format can be used as stated above as a precaution but is not needed for all devices. If you chose to use secure format you may want to consult your local security policy pertaining to erasing media, or the destruction of classified materials. Click Next.
NASS-MES Page 11 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
NASS-MES Page 12 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
NASS-MES Page 13 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
NASS-MES Page 14 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
Now the former PME USB drive is really ready for you to copy the files back from the local hard drive and will utilize the new ME (EPM) application. We are secure once again on the new version. Proceed to copy files back to removable drive
NASS-MES Page 15 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
What to expect when using an encrypted media The next time you insert your encrypted media into a computer you will be prompted to enter a password.
NASS-MES Page 16 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
If you select Cancel instead of entering a password access will be denied. This is important because you will also not be able to see the drive in My Computer or Windows Explorer. This will also prevent you from formatting the drive to erase encryption.
NASS-MES Page 17 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
You are now able to modify the encrypted media. In the box labelled Open EPM Client Click Open.
NASS-MES Page 18 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
On this screen you can navigate to the encrypted drive. The most important options are the ones listed in tools. Tools Options Export media from EPM Control - YES, this means decrypt.
NASS-MES Page 19 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
Decryption will be completed and this screen will be displayed, click finish
You will now see that the N:\ drive is no longer encrypted.
NASS-MES Page 20 of 38 Printed copies of this document are for reference only. CSC Checkpoint File_Media Encryption User Guide v0.4.docx
CSC PROPRIETARY
Set EPM media full access password - Authenticate to the drive and you will be prompted to enter and confirm a new password.
NASS-MES Page 21 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
NASS-MES Page 22 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
Stand Alone Access via Unlock.exe When using an encrypted device on a computer without ME installed you will be required to authenticate using "Unlock.exe"
Once the password is entered the encrypted device will open a window displaying the contents.
NASS-MES Page 23 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
NOTE - In the image above you can see "Change Full Access Password" and "Change Read Only Password" boxes. This can be done here or by accessing the tools portion of the Media Encryption Menu. If you copy files from the encrypted media and leave them on the local hard drive you will be prompted to remove them from the local drive.
NASS-MES Page 24 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
NASS-MES Page 25 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
NASS-MES Page 26 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
NASS-MES Page 27 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
Select files and folders to add to the CD ROM by clicking the second (Files) and third (Folders) button on the Select files window. Click "Next" when finished.
NASS-MES Page 28 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
CD ROM encryption is now complete. When the CD is accessed it will prompt you for the password you created and then function as normal.
NASS-MES Page 29 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
NASS-MES Page 30 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
Click on "Cancel". The EPM media import window will close. Proceed to add files to the CD as you normally would, by browsing to the CD/DVD and performing a drag and drop to the CD icon. PS: All files should be dragged at the same time, as burning will take place immediately.
NASS-MES Page 31 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
Select the option "Like a USB flash drive" and click "Next"
NASS-MES Page 32 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
The maximum file size to include in encrypted packages is 2GB, independent of the file system used. If the files you wish to encrypt comprise more than the maximum file size for the file system you are using, compress the files to less than the maximum file size.
NASS-MES Page 33 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
Choose "Encrypt with Check Point File Encryption" > "Create Encrypted Package..."
Leave the default Creator name as your user ID (only the password is needed to decrypt the file). Enter a password and confirm it. Note - This password is used only to protect this encrypted package, and does not need to be the same as your Windows password.
CSC PROPRIETARY
Click OK.
Important: If you intend to send the package via e-mail, the recipient has to know the password to open the package. You can both agree on a password before the e-mail is sent, for example on the phone, or you can use a password you already share. Never send the package's password by e-mail.
Computer Sciences Ltd. 2011 All rights reserved NASS-MES Page 35 of 38 Printed copies of this document are for reference only. CSC Checkpoint File_Media Encryption User Guide v0.4.docx
CSC PROPRIETARY
To open an encrypted package: Double click on the encrypted package and enter the one-time password.
To securely delete any files in your system: In Windows Explorer, right-click on the files (or folder) to be deleted and select
Computer Sciences Ltd. 2011 All rights reserved NASS-MES Page 36 of 38 Printed copies of this document are for reference only. CSC Checkpoint File_Media Encryption User Guide v0.4.docx
CSC PROPRIETARY
Click Yes to delete the encrypted file or package. Warning! This cannot be reversed, as this data does not go to the Recycle bin. The status bar will show 100% complete and the file will be removed.
Technical Support If assistance with FE or ME is required please call your local help desk and follow the approved process.
NASS-MES Page 37 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY
End of Document
NASS-MES Page 38 of 38 Printed copies of this document are for reference only.
CSC PROPRIETARY