Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
11121314151617181920
Table Of Contents
How Endpoint Encryption works
A boot sequence is executed by the BIOS (Windows) or firmware (Mac) leading to the starting of the
bootable operating systems.
Operating
system
Remarks
Windows The boot sequence is the initial set of operations that the computer performs when it is
switched on. A boot loader (or a bootstrap loader) is a short computer program that
loads the main operating system for the computer. The BIOS first looks at a boot
record, which is the logical area zero (or starting point) point of the disk drive, known
as Master Boot Record (MBR), which contains the boot loader.
On BIOS systems
EEPC alters the MBR; the BIOS loads the modified MBR that will then load the sector
chain containing the PreBoot environment. This PreBoot screen then prompts the user
for authentication credentials, which might be a password, smart card, or token.
On UEFI systems
The UEFI specification defines a boot manager, a firmware policy engine that is in
charge of loading the OS loader and all necessary drivers. The boot configuration is
controlled by a set of global NVRAM variables, including boot variables that indicate the
paths to the loaders.
PBA is a UEFI application started by the UEFI Boot Manager before the Windows
bootloader uses standard UEFI protocols for GUI implementation (Graphics Output
Protocol, Simple Pointer Protocol, etc.)
GPT Headers and Partition Tables cannot be encrypted:
The data in these regions is required before the disk is unlocked
The disk would not be recognized as a valid GPT disk and the system would be
unable to boot
Mac The BootROM firmware is the initial set of operations that a Mac computer performs
when it is switched on. When BootROM (or the user) selects Mac OS X as the operating
system to boot, the control passes to the BootX boot loader. The BootX loads the
kernel. The kernel then initializes various Mac/BSD data structures and finally loads the
Mac OS X desktop for user.
When EEMac becomes active, it alters the NVRAM variables on Mac and loads the
PreBoot Authentication window for the user. When the user successfully authenticates
to PBA, the Mac OS X loads by decrypting the initial sectors of the disk. Finally passing
the control, the EEMac host process runs under Mac OS X for further crypt operations.
After the user enters valid authentication credentials, the operating system starts to load and the user
can use the computer in a normal way.
Encrypting a PC or Mac with EEPC or EEMac respectively is the best and the most important practice
that any organization can have for protecting their data.
McAfee ePO requirements
The McAfee ePO server is a central store of configuration information for all systems, servers, policies,
and users. It can be installed only on Windows Server 2003 or 2008 operating systems. For detailed
2
Design overview
How Endpoint Encryption works
12
McAfee Endpoint Encryption 7.0 Patch 1 Software Best Practices Guide