Manualshelf

Install Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Enterprise
152153154155156157158159160161
Pre-boot Authentication (PBA) - Pre-boot Authentication serves as an extension of the BIOS or boot firmware and guarantees a
secure, tamper-proof environment external to the operating system as a trusted authentication layer. The PBA prevents
anything being read from the hard disk, such as the operating system, until the user has confirmed they have the correct
credentials.
Script Control - Script Control protects devices by blocking malicious scripts from running.
SED Manager - SED Manager provides a platform for securely managing self-encrypting drives. Although SEDs provide their
own encryption, they lack a platform to manage their encryption and available policies. SED Manager is a central, scalable
management component, which allows you to more effectively protect and manage your data. SED Manager ensures that you
can administer your enterprise more quickly and easily.
Server user A virtual user account created by Encryption for the purpose of handling encryption keys and policy updates on a
server operating system. This user account does not correspond to any other user account on the computer or within the
domain, and it has no user name and password that can be used physically. The account is assigned a unique UCID value in the
Management Console.
System Data Encryption (SDE) - SDE is designed to encrypt the operating system and program files. To accomplish this
purpose, SDE must be able to open its key while the operating system is booting. Its intent is to prevent alteration or offline
attacks on the operating system by an attacker. SDE is not intended for user data. Common and User key encryption are
intended for sensitive user data because they require a user password to unlock encryption keys. SDE policies do not encrypt
the files needed by the operating system to start the boot process. SDE policies do not require pre-boot authentication or
interfere with the Master Boot Record in any way. When the computer boots up, the encrypted files are available before any
user logs in (to enable patch management, SMS, backup and recovery tools). Disabling SDE triggers automatic decryption of all
SDE encrypted files and directories for the relevant users, regardless of other SDE policy values, such as SDE Encryption Rules.
Trusted Platform Module (TPM) - TPM is a security chip with three major functions: secure storage, measurement, and
attestation. The Encryption client uses TPM for its secure storage function. The TPM can also provide encrypted containers for
the software vault.
User Encryption The User key makes files accessible only to the user who created them, only on the device where they were
created. When running Dell Server Encryption, User encryption is converted to Common encryption. One exception is made for
removable media devices; when inserted into a server with Encryption installed, files are encrypted with the User Roaming key.
Glossary
161