6 Replies Latest reply on Oct 16, 2012 7:51 AM by SafeBoot

    endpoint encryption

      some users are not able to with SSO in mcafee 6.1 version but others are able to do sso

      all windows are Win7. I have check the policy as well sso is checked for all users but still its asking password after PBA.

        • 1. Re: endpoint encryption

          Moved this from a private discussion area to our Encryption area for better attention.

          • 2. Re: endpoint encryption

            You should always be getting a pre-boot password - SSO takes care of the Windows login for you.

             

            If you want your users not to have a pre-boot login, that's the "autoboot" feature - but be warned, that makes the machines insecure. You can't expect machines in autoboot mode to protect you against data loss and regulations like HITECH, HIPPA, PCI etc.

            1 of 1 people found this helpful
            • 3. Re: endpoint encryption

              Hi Safeboot,

               

              We're looking at deploying EEPC and it was suggested that we disable the preboot password by using "autoboot".  I'm concerned that this is a security risk as you suggest but can't explain how it could be compromised to my colleagues. Can you give any examples?

              • 4. Re: endpoint encryption

                it's simply like leaving the key in your front door.

                 

                For the machine to boot up and decrypt itself, it needs the decryption key - if it does not require any input, where does it get the key from?

                 

                Future versions of EEPC will be able to get the key from the network if you have Intel AMT etc, but at the moment to boot a machine without input means storing the key on the machine.

                • 5. Re: endpoint encryption

                  Key from the nework sounds great and looking forward to seeing that.

                   

                  Sorry for my ignorance but with autoboot enabled would you be able to slave the drive and read the contents or would you have to attack the PC/drive with hacking tools?

                  • 6. Re: endpoint encryption

                    you couldnt see the drive simply by slaving it at the moment because no "hacking tool" exists that I am aware of, but there are other tools to hack other products which use this mode - passware for example will happily decrypt bitlocker and truecrypt...

                     

                    If this mode of operation was popular, then I expect they would release a version for EEPC.