CSC User Guide

Managed Encryption Service (MES)
FILE & MEDIA ENCRYPTION USER GUIDE VERSION 0.4
VERSION 0.4 | 10 March 2013 PREPARED BY: North American Security Services
USER GUIDE - FILE & MEDIA ENCRYPTION
Amendment History
Issue
0.1 0.2 0.3 0.4
Date
14-Jan-2011 14-Jan-2011 27-Jan-2011 10-Mar-2013
Amended By
James R Sims Rafael Boquetti James R Sims Gabriel Underwood
Amendment Details
1 Draft Updated Added Upgrade from PME to ME Added PME 3.0 support
st
Distribution
Name or Role Department or location Number of Copies
NASS
Pulse and Mindtouch
CSC Approvals
Authorized By: Gabriel Underwood Gabriel Underwood
Role
NASS Security Engineer NASS Security Engineer
Date
18-July-2012 20-March-2013
Computer Sciences Ltd. 2011 All rights reserved
NASS-MES Page 2 of 38 Printed copies of this document are for reference only.
CSC Checkpoint File_Media Encryption User Guide v0.4.docx
CSC PROPRIETARY
Abstract
This document provides a User Guide for the Checkpoint File Encryption and Media Encryption applications as part of CSCs MPS 609 encryption policy.
CSC PROPRIETARY
Table of Contents
TABLE OF CONTENTS ............................................................................................................. 4 1 2 3 INTRODUCTION ............................................................................................................... 5 MEDIA ENCRYPTION USER INSTRUCTIONS ............................................................... 5 FILE ENCRYPTION USER INSTRUCTIONS ................................................................. 33
CSC PROPRIETARY
1 Introduction
Checkpoint Endpoint Media encryption (ME) will allow end users to encrypt and decrypt removable media in an effort to protect company information if the media is lost or stolen. Removable media is classified as USB Memory sticks, removable hard drives, etc. Basically, if your computer can recognize a device you plug into a USB port as a Mass Storage Device, it has the potential to be encrypted. ME encrypts the entire removable device. Checkpoint File encryption (FE) is an additional feature that allows you to protect your information by encrypting it one file at a time (or a group of file, but not the entire disk drive). Once encrypted, the information can only be accessed by people who know the correct password.
2 Media Encryption User Instructions

Follow the guidelines below to use Media Encryption (ME). See Section 3 for details about File Encryption (FE). Installing the FE_ME Upgrade A majority of CSC PCs have PME (Pointsec Media Encryption) installed. The new Checkpoint Media Encryption (ME) has similar features but functions differently. The first step is to run the upgrade program for Checkpoint Media Encryption (ME). Installation screen shots.
CSC PROPRIETARY
The first screen is showing the former PME encrypted drive for reference.
CSC PROPRIETARY

IMPORTANT: After the FE upgrade the users are required to perform a one time authentication to any device that was previously encrypted with PME 3.0 (UK ONLY) when the device is connected for the first time.
NOTE: Passwords can be reset by calling the helpdesk if the user does not recall the password. Go to Web Remote Help and perform a Challenge Response with the Helpdesk. The Account name MUST be the the owner of the device NOT the logged in user.
Contact the Helpdesk for any Encrypted packages or ISO the user does recall the password. Go to Web Remote Help and perform a Challenge Response with the Helpdesk.
CSC PROPRIETARY

The former PME Encrypted Files show the new yellow padlock after the upgrade.
Next - if you copy a file or edit it, it removed the PME encryption and places it as non encrypted on the removal media.
Therefore, the suggested best practice is to copy all the files from the former PME encrypted device to the local drive and then fully encrypt the removable media.
CSC PROPRIETARY
Then, format the removable drive to prepare for new ME encryption
Limitations of Media Encryption on NTFS Drives ME will allow encryption of NTFS formatted removable media with file sizes up to 4.0 GB maximum. Files larger than 4.0 GB must be moved to the local system prior to encryption of the removal media. Search for all files 4.0 GB and larger and move them to your local C: dive, etc. prior to running the Welcome to EPM Media Import Wizard. After you have verified that all files are smaller than 4.0 GB continue to Encrypting Removable Media for the First Time. The total size of used space in the external media cannot exceed the total amount of free space on your computers system drive (usually the C: drive). The reason is that ME will attempt to temporarily back-up your data to the system drive, so the external media can be prepared for encryption. Once the drive is ready, the data will be automatically copied back from the system drive to the external media.
CSC PROPRIETARY

Encrypting Removable Media for the First Time When connecting unencrypted removable media for the first time you will be prompted with the Welcome to EPM Media Import Wizard screen:
Please DO NOT click Do not display again until the media is changed on the Welcome to EPM Media Import Wizard screen. Choosing Cancel at this screen will make the welcome screen disappear and you can then navigate to the drive. This will trigger the welcome screen again however; clicking Cancel will allow you to use the drive without encrypting. If the device you chose not to encrypt is removed then replaced, the welcome screen will appear along with the drive content. You can simply click cancel and use the device without encrypting.
CSC PROPRIETARY

If you chose to encrypt the device click Next, and you will be prompted by the Media Properties screen:
Secure format can be used as stated above as a precaution but is not needed for all devices. If you chose to use secure format you may want to consult your local security policy pertaining to erasing media, or the destruction of classified materials. Click Next.
CSC PROPRIETARY

Media owner information will now be entered. Notice the only choice allowed the first time is Media owner will be assigned on first use. Click Next.
CSC PROPRIETARY

Password Protection provides you with two options; a full access password, and a read only password. Full access gives you the ability to change, delete and add files. Make this password something only you know. The read only password allows you to share information with co-workers without the fear of it being modified in anyway. This password should follow the password policy, but otherwise be a password you would not normally use yourself. The read only password is not required to encrypt the first time. If you chose to not set a read only password you have two options to set it later; access the media encryption menu or authenticate to the device on a computer that does not have ME installed.
CSC PROPRIETARY

Now that you have established media properties, media owner, and created a password click Next to complete the first time encryption, then "Finish" on the "Completing EPM Media Import Wizard".
CSC PROPRIETARY
Now the former PME USB drive is really ready for you to copy the files back from the local hard drive and will utilize the new ME (EPM) application. We are secure once again on the new version. Proceed to copy files back to removable drive
You are now ready to use your encrypted device.
CSC PROPRIETARY
What to expect when using an encrypted media The next time you insert your encrypted media into a computer you will be prompted to enter a password.
CSC PROPRIETARY

Once the password is entered the encrypted device will open a window displaying the contents.
If you select Cancel instead of entering a password access will be denied. This is important because you will also not be able to see the drive in My Computer or Windows Explorer. This will also prevent you from formatting the drive to erase encryption.
CSC PROPRIETARY

Accessing the Media Encryption Menu In the windows taskbar you will see a yellow padlock icon. By hovering your cursor you will see a message stating the status of full disk and media encryption. (If full disk protection is not installed you will not see a status) Endpoint Security Status: Media Encryption enabled Right click the yellow padlock and select Settings On the left of the window you have two options if Full disk encryption version 7.x is not installed, you will have only one option. Select the media encryption button on the left side of the window.
You are now able to modify the encrypted media. In the box labelled Open EPM Client Click Open.
CSC PROPRIETARY

After you open EPM Client the following screen is available.
On this screen you can navigate to the encrypted drive. The most important options are the ones listed in tools. Tools Options Export media from EPM Control - YES, this means decrypt.
CSC PROPRIETARY

The welcome wizard will now be displayed, click Next
Decryption will be completed and this screen will be displayed, click finish
You will now see that the N:\ drive is no longer encrypted.
NASS-MES Page 20 of 38 Printed copies of this document are for reference only. CSC Checkpoint File_Media Encryption User Guide v0.4.docx
CSC PROPRIETARY
Set EPM media full access password - Authenticate to the drive and you will be prompted to enter and confirm a new password.
CSC PROPRIETARY

Set EPM media read only password - Authenticate to the drive and you will be prompted to enter and confirm a new password. This is exactly the same window used to reset the full access in every way, but it does set the read only password.
CSC PROPRIETARY
Stand Alone Access via Unlock.exe When using an encrypted device on a computer without ME installed you will be required to authenticate using "Unlock.exe"
Double click "Unlock.exe" and enter your password.
Once the password is entered the encrypted device will open a window displaying the contents.
CSC PROPRIETARY
NOTE - In the image above you can see "Change Full Access Password" and "Change Read Only Password" boxes. This can be done here or by accessing the tools portion of the Media Encryption Menu. If you copy files from the encrypted media and leave them on the local hard drive you will be prompted to remove them from the local drive.
CSC PROPRIETARY

How to Encrypt a CD To encrypt a CD ME must use the native Windows CD burning tool. This process will be similar to encrypting a media device. After inserting a blank CD this screen will appear. Click, "Next".
CSC PROPRIETARY

Media properties will be displayed, Click "Next".
CSC PROPRIETARY

Assign this media to a user radio button will be the only choice, Click "Next".
CSC PROPRIETARY

Assign a password to this media only.
Select files and folders to add to the CD ROM by clicking the second (Files) and third (Folders) button on the Select files window. Click "Next" when finished.
CSC PROPRIETARY

You will be prompted to authenticate to the CD ROM before it finishes the burning process.
CD ROM encryption is now complete. When the CD is accessed it will prompt you for the password you created and then function as normal.
CSC PROPRIETARY

Stand Alone Access via Unlock.exe on a CD When using an encrypted CD on a computer without ME installed you will be required to authenticate using "Unlock.exe"
Double click "Unlock.exe" and enter your password.
CSC PROPRIETARY

How to burn CD/DVD without encrypting. Insert the CD or DVD. The "Welcome to EPM Media Import Wizard" will open
Click on "Cancel". The EPM media import window will close. Proceed to add files to the CD as you normally would, by browsing to the CD/DVD and performing a drag and drop to the CD icon. PS: All files should be dragged at the same time, as burning will take place immediately.
CSC PROPRIETARY

The following menu will show up when you attempt to burn:
Select the option "Like a USB flash drive" and click "Next"
CSC PROPRIETARY
3 File Encryption User Instructions

Checkpoint File Encryption (FE) is an application that is already available on your PC. It is a security product which protects information stored on your workstation. FE protects your information by encrypting it. Once encrypted, the information can only be accessed by people who know the correct password. File Encryption also enables you to create encrypted information packages for easy and secure storage and transfer, for example via e-mail. File Encryption is tightly integrated with Windows, so using File Encryption is simple. You access File Encryption by right-clicking on a file folder or volume and selecting the Encryption option. Table 1-1 Maximum Encrypted Package Size File System FAT FAT32 NTFS Maximum Encrypted Package Size 2GB 2GB 2GB
The maximum file size to include in encrypted packages is 2GB, independent of the file system used. If the files you wish to encrypt comprise more than the maximum file size for the file system you are using, compress the files to less than the maximum file size.
CSC PROPRIETARY

To create an encrypted package: In Windows Explorer, right-click on the files or folders to be included in the encrypted package and select Encryption. File Encryption options are displayed:
Choose "Encrypt with Check Point File Encryption" > "Create Encrypted Package..."
Leave the default Creator name as your user ID (only the password is needed to decrypt the file). Enter a password and confirm it. Note - This password is used only to protect this encrypted package, and does not need to be the same as your Windows password.
Password guidelines: always set a password that is at least 8 characters long

NASS-MES Page 34 of 38 Printed copies of this document are for reference only. CSC Checkpoint File_Media Encryption User Guide v0.4.docx
CSC PROPRIETARY

include both numbers, letters and punctuation characters use both upper and lower case letters use both upper and lower case letters in passwords do not use more than two consecutive identical characters.
Enter a file name for your Encrypted Package. Click Save.
Click OK.
Important: If you intend to send the package via e-mail, the recipient has to know the password to open the package. You can both agree on a password before the e-mail is sent, for example on the phone, or you can use a password you already share. Never send the package's password by e-mail.
Computer Sciences Ltd. 2011 All rights reserved NASS-MES Page 35 of 38 Printed copies of this document are for reference only. CSC Checkpoint File_Media Encryption User Guide v0.4.docx
CSC PROPRIETARY
To open an encrypted package: Double click on the encrypted package and enter the one-time password.
Click OK and browse to the path to save the file(s).
Click OK to save the file(s).
To securely delete any files in your system: In Windows Explorer, right-click on the files (or folder) to be deleted and select
Computer Sciences Ltd. 2011 All rights reserved NASS-MES Page 36 of 38 Printed copies of this document are for reference only. CSC Checkpoint File_Media Encryption User Guide v0.4.docx
CSC PROPRIETARY

"Encrypt with Check Point File Encryption" > . The File Encryption options are displayed:
Choose: Secure delete.
Click Yes to delete the encrypted file or package. Warning! This cannot be reversed, as this data does not go to the Recycle bin. The status bar will show 100% complete and the file will be removed.
Technical Support If assistance with FE or ME is required please call your local help desk and follow the approved process.
CSC PROPRIETARY
End of Document
CSC PROPRIETARY

CSC User Guide

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CSC User Guide

Uploaded by

Copyright:

Available Formats

Managed Encryption Service (MES)

FILE & MEDIA ENCRYPTION USER GUIDE VERSION 0.4

USER GUIDE - FILE & MEDIA ENCRYPTION

Pulse and Mindtouch

Computer Sciences Ltd. 2011 All rights reserved

CSC Checkpoint File_Media Encryption User Guide v0.4.docx

USER GUIDE - FILE & MEDIA ENCRYPTION

Computer Sciences Ltd. 2011 All rights reserved

CSC Checkpoint File_Media Encryption User Guide v0.4.docx

USER GUIDE - FILE & MEDIA ENCRYPTION

Computer Sciences Ltd. 2011 All rights reserved

CSC Checkpoint File_Media Encryption User Guide v0.4.docx

USER GUIDE - FILE & MEDIA ENCRYPTION

2 Media Encryption User Instructions

Computer Sciences Ltd. 2011 All rights reserved

CSC Checkpoint File_Media Encryption User Guide v0.4.docx

USER GUIDE - FILE & MEDIA ENCRYPTION

Computer Sciences Ltd. 2011 All rights reserved

CSC Checkpoint File_Media Encryption User Guide v0.4.docx

USER GUIDE - FILE & MEDIA ENCRYPTION

Computer Sciences Ltd. 2011 All rights reserved

CSC Checkpoint File_Media Encryption User Guide v0.4.docx

USER GUIDE - FILE & MEDIA ENCRYPTION

Computer Sciences Ltd. 2011 All rights reserved

CSC Checkpoint File_Media Encryption User Guide v0.4.docx

USER GUIDE - FILE & MEDIA ENCRYPTION

Then, format the removable drive to prepare for new ME encryption

Computer Sciences Ltd. 2011 All rights reserved

CSC Checkpoint File_Media Encryption User Guide v0.4.docx

USER GUIDE - FILE & MEDIA ENCRYPTION

Computer Sciences Ltd. 2011 All rights reserved

CSC Checkpoint File_Media Encryption User Guide v0.4.docx

USER GUIDE - FILE & MEDIA ENCRYPTION

Computer Sciences Ltd. 2011 All rights reserved

CSC Checkpoint File_Media Encryption User Guide v0.4.docx

USER GUIDE - FILE & MEDIA ENCRYPTION

Computer Sciences Ltd. 2011 All rights reserved

CSC Checkpoint File_Media Encryption User Guide v0.4.docx

USER GUIDE - FILE & MEDIA ENCRYPTION

Computer Sciences Ltd. 2011 All rights reserved

CSC Checkpoint File_Media Encryption User Guide v0.4.docx

USER GUIDE - FILE & MEDIA ENCRYPTION

Computer Sciences Ltd. 2011 All rights reserved

CSC Checkpoint File_Media Encryption User Guide v0.4.docx

USER GUIDE - FILE & MEDIA ENCRYPTION

You are now ready to use your encrypted device.

Computer Sciences Ltd. 2011 All rights reserved

CSC Checkpoint File_Media Encryption User Guide v0.4.docx

USER GUIDE - FILE & MEDIA ENCRYPTION

Computer Sciences Ltd. 2011 All rights reserved

CSC Checkpoint File_Media Encryption User Guide v0.4.docx

USER GUIDE - FILE & MEDIA ENCRYPTION

Computer Sciences Ltd. 2011 All rights reserved

CSC Checkpoint File_Media Encryption User Guide v0.4.docx

USER GUIDE - FILE & MEDIA ENCRYPTION

Computer Sciences Ltd. 2011 All rights reserved

CSC Checkpoint File_Media Encryption User Guide v0.4.docx

USER GUIDE - FILE & MEDIA ENCRYPTION

Computer Sciences Ltd. 2011 All rights reserved

CSC Checkpoint File_Media Encryption User Guide v0.4.docx

USER GUIDE - FILE & MEDIA ENCRYPTION

Computer Sciences Ltd. 2011 All rights reserved

USER GUIDE - FILE & MEDIA ENCRYPTION