Interesting, really interesting. So when you power up the Pointsec driver loads, then Windows OS, and the Pointsec password is synchronized with the OS one so any valid Windows password will work, right?
We use PGP here and it asks for a password at boot-up – but this password is synchronized with the Windows one so the main difference is where they’re asked for the password – PGP agent passes it to the OS so once the user enters the boot password, they are not asked for it again. Dave From: Don Kuhlman [mailto:[email protected]] Sent: Wednesday, May 05, 2010 10:43 AM To: NT System Admin Issues Subject: Re: Encryption Good question. The way our team set it up was to use the Checkpoint option for "integrated windows authentication" so as not to impact the users too much. Also, when it's booting, if you hit both shift keys you'll get the menu of options but still need a pw to do anything. If you have any of the windows authentication pw you can get on the box. However if you boot it with a CD or other tool, you won't load the pointsec boot driver so you can't read the disk. You would have to have the pointsec boot driver on your boot device and the checkpoint pw. Don K ________________________________ From: David Lum <[email protected]> To: NT System Admin Issues <[email protected]> Sent: Wed, May 5, 2010 11:42:17 AM Subject: RE: Encryption “. It doesn't make the user input any passwords at boot time though” Really, then what’s the point? Is that because that’s how you configured it? Per their website “Check Point Full Disk Encryption provides the highest level of data security with multi-factor pre-boot authentication”. Inquiring minds… Dave From: Don Kuhlman [mailto:[email protected]] Sent: Wednesday, May 05, 2010 9:29 AM To: NT System Admin Issues Subject: Re: Encryption We use Pointsec for PC from Checkpoint on the laptops here. Only the reload staff and the desktop engineering team have the password. So if you pull your own drive it's useless to you and if someone else gets it, it's useless. It doesn't make the user input any passwords at boot time though. Don K ________________________________ From: Angus Scott-Fleming <[email protected]> To: NT System Admin Issues <[email protected]> Sent: Wed, May 5, 2010 9:11:10 AM Subject: Re: Encryption On 5 May 2010 at 8:12, [email protected] wrote: > We use TrueCrypt here on a couple removable drives and two laptops. For > the laptops, we have the entire drive encrypted. So when the user powers up > the laptop, they are prompted to enter in a password (right after the bios > loads). Once the password is entered in the OS loads and if the user forgets > or doesn’t have the correct password then the OS won’t load. With TrueCrypt the user can change the password. PGPdisk had a master password. I don't think TC does. How do you manage that at the corporate level? -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-895-3270 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
