cancel
Showing results for 
Search instead for 
Did you mean: 
rahul_brahma
Level 7

endpoint encryption

some users are not able to with SSO in mcafee 6.1 version but others are able to do sso

all windows are Win7. I have check the policy as well sso is checked for all users but still its asking password after PBA.

0 Kudos
6 Replies
ajacobs
Level 12

Re: endpoint encryption

Moved this from a private discussion area to our Encryption area for better attention.

0 Kudos
SafeBoot
Level 21

Re: endpoint encryption

You should always be getting a pre-boot password - SSO takes care of the Windows login for you.

If you want your users not to have a pre-boot login, that's the "autoboot" feature - but be warned, that makes the machines insecure. You can't expect machines in autoboot mode to protect you against data loss and regulations like HITECH, HIPPA, PCI etc.

Tareem
Level 7

Re: endpoint encryption

Hi Safeboot,

We're looking at deploying EEPC and it was suggested that we disable the preboot password by using "autoboot".  I'm concerned that this is a security risk as you suggest but can't explain how it could be compromised to my colleagues. Can you give any examples?

0 Kudos
SafeBoot
Level 21

Re: endpoint encryption

it's simply like leaving the key in your front door.

For the machine to boot up and decrypt itself, it needs the decryption key - if it does not require any input, where does it get the key from?

Future versions of EEPC will be able to get the key from the network if you have Intel AMT etc, but at the moment to boot a machine without input means storing the key on the machine.

Tareem
Level 7

Re: endpoint encryption

Key from the nework sounds great and looking forward to seeing that.

Sorry for my ignorance but with autoboot enabled would you be able to slave the drive and read the contents or would you have to attack the PC/drive with hacking tools?

0 Kudos
SafeBoot
Level 21

Re: endpoint encryption

you couldnt see the drive simply by slaving it at the moment because no "hacking tool" exists that I am aware of, but there are other tools to hack other products which use this mode - passware for example will happily decrypt bitlocker and truecrypt...

If this mode of operation was popular, then I expect they would release a version for EEPC.

0 Kudos