Specifications
27
SOPHOS ENDPOINT SECURITY AND DATA PROTECTION REVIEWER’S GUIDE
SAFEGUARD DISK ENCRYPTION
SafeGuard Disk Encryption is an easy to implement solution that encrypts hard
disks and data on mobile media to protect against the loss of data and meet
compliance requirements.
Securing data through full disk encryption
Hard disks (IDE, SCSI, serial ATA) are encrypted at sector level, which means that
the entire content including any operating systems, temporary files, swap files or
“hibernation” files are encrypted. Since encryption takes place at sector level, it is
entirely transparent for users. As information is written to and read from the disk it
is automatically encrypted and decrypted without requiring user intervention.
Easy deployment across the network
SafeGuard Disk Encryption is easy to implement on standalone machines or
unattended across your network. The straightforward configuration wizard
allows you to quickly create a configuration file which can then be installed and
distributed using existing tools. Even the initial encryption of the hard disk(s) can
be carried out without direct intervention from either administrators or users, and
there is no burden on the administrator to set up any management infrastructure.
Securing the operating system
The Pre-Boot Authentication (PBA) process cannot be circumvented and requires a
password before the operating system starts. The enciphering key is not stored on
the hard disk, but is dynamically generated from the password. Once the password
has been authenticated, the user will then be signed through into Windows.
Resetting forgotten passwords
If users forget their login passwords, they are unable to logon. Should this occur,
the administrator can simply use the Response Code Wizard to assign a secure
new SafeGuard password to the user.