4 Replies Latest reply on Feb 2, 2010 2:12 PM by safebootsamurai

    SafeBoot robust for stolen laptops

      Hi - my first post.

       

      I now work for a very very large organisation - that has previously deployed Safeboot (a programme over the last 14 months).

      Safeboot is our first level of defence to protect the data on our portable users machines - there is not central console, and I understand several versions are in place.

      Theft of machines is very common, we can not easily implement better physical controls, so we rely greatly on this small encryption program on the hard drive.

       

      I guess I am after the same as many people - if a machine is stolen, can safeboot be bypassed or the original data accessed without the username or password being known ?

       

      Ideally - for audit, I need a white paper or some official document from McAfee saying how safe they state safeboot is, if possible covering it's resilience to all the known methods of breaching these types of security found in test labs  .. has anyone ever seen anything on these lines ?

       

      I surfed earlier today (but my works content filter blocked out many of the links) - following them now at home, most seem to be junk links to viruses and malware hidden in the promised pages - so thought I'd come here - where it's hopefully safer.

        • 1. Re: SafeBoot robust for stolen laptops

          Get this document and read about "Common Criteria EAL4 Mode Operation"

          https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 22000/PD22215/en_US/Endpoint%20Encryption%20Manager%20Administration%20Guide.pdf

           

          If you follow recommendations, then you should be good.

          • 2. Re: SafeBoot robust for stolen laptops

            We have EEPC running on over 5,000 machines. In the past year we also have had some machines lost or stolen. EEPC is the enterprise solution which we researched over two years.  We have had no compromised data that we are aware of from any EEPC protected machine.  Here is the weakness which we have noticed, and it is NOT with the product, it is with our employees.  I have personally received laptops from end-uses who for one reason or another can no longer access their EEPC machine.  One example include a note in the laptop case with the userID and password scribbled on a small piece of paper - EEPC can't stop access to a would-be thief if  you give them your loginID and password.  Another situation which you should be aware of is that sometimes when one of our techs (we have almost 200 techs)  has to re-build a machine they might not reinstall EEPC.  That problem is compounted because the machine WAS previously encrypted and the EEM shows the status as being fully encrypted, however because the tech did not remove the machine object and did not reinstall the program - our reporting is not accurate. This is a problem if that specific machine is lost or stolen before we identify it as not having EEPC currently installed.

            • 3. Re: SafeBoot robust for stolen laptops

              For user non-compliance there is really no bullet-proof solution...

              As for machines, rely on audit log information more and catch machines that do not synch regularly or have wrong audit time stamps.

              • 4. Re: SafeBoot robust for stolen laptops
                safebootsamurai

                Another note, if you are using ePO for EEPC Deployment and Reporting you can identify quickly any machine that is rebuilt that does not have the encryption software installed as well as the disk status.

                 

                If you don't have ePO I know a few Sales guys that would love to hear from you. j/k