A quick question about Single Sign On with McAfee Endpoint Encryption.
When using SSO, the user is prompted for the password at the usual Safeboot logon screen. When the logon here is accepted, it will proceed to logon to Windows automatically.
Since we would now be gaining full access to the system with a single logon and password, I have been asked what the difference is between this and using an $Autoboot$ account to bypass the SB logon and simply using the Windows logon as the single point of sign on?
Presumably, the hard drive would still be encrypted, stopping an intruder using a boot CD to grab data from the drive or use the usual Windows password reset tools.
The only thing I can think of is that an intruder could load the machine to the Windows screen, plug in a network connection, and then attempt to exploit Windows vulnerabilities that wouldn't be available using SB as the SSO logon prompt.
I realise this is a bad idea, but I am after some more information on why this is the case so I can explain it to management.
Please can someone advise or point me to what McAfee say about this?
Solved! Go to Solution.
Thanks, I did searches under "SSO" and "Autoboot" but couldn't see anything that looks related from the titles (didn't check inside every thread though). It's a difficult to know what terms to search for.
Anyway, I heard back from McAfee on this, in case anyone else is wondering the same thing. They mentioned the option to use other types of tokens as a benefit of using the SB prompt, which sounds like a bit of a cop-out to me as you can use two-factor authentication (etc, etc) with the Windows logon.
Autoboot tends to work better (more consistently) with the default password. So there's a way to mount the drive and authenticate with the autoboot in place, unless you do it carefully.
Thanks again, guys - That is really helpful!
I'm going to go with the compliance comments in that earlier threat to justify to management rather than trying to explain the more technical aspects to them.