Embed Size (px)
Citation preview
Full Disk Encryption Module 7.4
Installation Guide
September 25, 2009
Endpoint Security MI
© 2003-2009 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
RESTRICTED RIGHTS LEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19.
TRADEMARKS:
Please refer to http://www.checkpoint.com/copyright.html for a list of our trademarks.
For third party notices, see: http://www.checkpoint.com/3rd_party_copyright.html.
Table of Contents i
Contents
Preface Introduction ...................................................................................................... 1About this Guide................................................................................................ 1
Who should read this guide? .......................................................................... 2Conventions ................................................................................................. 2Related Documentation ................................................................................. 4
Requirements.................................................................................................... 5Full Disk Encryption Environment Security Requirements ................................. 5
Contact Information ........................................................................................... 5Documentation Feedback ................................................................................... 6
Chapter 1 Installing the Full Disk Encryption Module Introduction ...................................................................................................... 7Before Installing ................................................................................................ 7Installing the Full Disk Encryption Module ........................................................... 8Accessing Full Disk Encryption Module .............................................................. 13
Chapter 2 Modifying the Full Disk Encryption Module Introduction .................................................................................................... 15Upgrading the Full Disk Encryption Module........................................................ 15Removing the Full Disk Encryption Module......................................................... 18
ii
1
PrefaceP
Preface
In This Section:
IntroductionFull Disk Encryption is a security module for protecting laptop and desktop computers. Endpoint Security MI together with Full Disk Encryption provides you with a flexible framework and strong software with which to manage security on devices at the end-points of your organization.
About this GuideThis guide explains how to install and configure Full Disk Encryption in an Endpoint Security MI environment. This guide contains:
• This introductory chapter
Introduction page 1
About this Guide page 1
Who should read this guide? page 2
Related Documentation page 4
Requirements page 5
Full Disk Encryption Environment Security Requirements page 5
Contact Information page 5
Documentation Feedback page 6
Who should read this guide?
2
• Chapter 1, “Installing the Full Disk Encryption Module” on page 7 which explains how to install Full Disk Encryption in an Endpoint Security MI environment
• Chapter 2, “Modifying the Full Disk Encryption Module” on page 15 which explains how to remove and upgrade Full Disk Encryption in an Endpoint Security MI environment.
Who should read this guide?Administrators at organizations that are installing, deploying and/or administering Full Disk Encryption and other Check Point products should read this guide.
ConventionsThis guide uses the following formatting and graphics conventions.
Note -
– When documenting procedures, progress bars are not shown.
– The Pointsec X9.9-token is used in examples where dynamic passwords are required.
– If a setting on a property sheet or dialog box is not documented, then you do not need to change the setting.
Note - We strongly recommend that anyone planning to install, deploy and/or administer Check Point products attend certification training first. Contact your sales representative or visit: www.checkpoint.com for more information.
Convention Description
Bold Used for user interface elements, such as panels, tabs, files, buttons, and menu options.
Italic Used for emphasis.
Monospace Used for file names and paths.
→ The arrow → is used to illustrate menu choices. For example, File → Open means that you should choose Open from the File menu.
Conventions
Chapter Preface 3
Tip icon. Suggests for example an alternative method for accomplishing tasks or procedures.
Note icon. Emphasizes related, reinforcing, or important information.
Caution icon. Indicates actions or processes that can potentially damage data or programs.
Convention Description
Related Documentation
4
Related DocumentationFor the very latest information on Full Disk Encryption, and for system and hardware requirements, please see the Release Notes.
The following Full Disk Encryption documentation is available from the Support Center (https://supportcenter.checkpoint.com/):
Table 1-1 Endpoint Security MI Full Disk Encryption Module documentation
Title This document contains ...
Endpoint Security MI Full Disk Encryption Module Administration Guide
Information on how to administer and use the Endpoint Security MI Full Disk Encryption Module, including how to deploy Pointsec PC on end-users workstations.
Endpoint Security Release Notes • System requirements
• Current information about the product, such as
– new features and functions in the current release,
– problems that have been fixed since the previous release, and
– any known issues about the current release.
Endpoint Security MI Framework Installation Guide
Information on how to install the Endpoint Security MI framework.
Endpoint Security MI Framework Administration Guide
Information on how to use the Endpoint Security MI framework.
Requirements
Chapter Preface 5
Requirements
Full Disk Encryption Environment Security Requirements
To maximize the level of security, you should ensure that you have:
• Received an authentic copy of the Endpoint Security MI Full Disk Encryption Module
• A test environment for the initial Endpoint Security MI Full Disk Encryption Module installation and configuration
• A reliable time source on the local computer, i.e. it should be synchronized with a time server
• A phone verification database to determine the authenticity of users calling in for Remote Help.
Contact InformationIf you require information on Check Point’s other security products or services, or if you should encounter any problems with the Endpoint Security MI Full Disk Encryption Module, please visit our web site or call us.
Note - We recommend that you always back up any computer on which you want to install Endpoint Security MI Full Disk Encryption Module.
Table 1-2 Contact information
Area Technical Support Sales
Telephone: The Americas 972-444-6600 1-800-429-4391
International +972-3-6115100
Web site: www.checkpoint.com
Documentation Feedback
6
Documentation FeedbackCheck Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments to:
7
Chapter 1Installing the Full Disk Encryption Module
In This Chapter:
IntroductionThis chapter explains what is required to install the Full Disk Encryption Module and how to install it.
Before InstallingBefore you install the Full Disk Encryption Module, the Endpoint Security MI framework must be installed on the server(s) or workstation (for the management console) on which you want to work with the Full Disk Encryption Module. For more information, see the Endpoint Security MI Framework Installation Guide and Administration Guide.
Introduction page 7
Before Installing page 7
Installing the Full Disk Encryption Module page 8
Accessing Full Disk Encryption Module page 13
Installing the Full Disk Encryption Module
8
The Full Disk Encryption Module components must be installed in a way which corresponds to how the Endpoint Security MI framework components were installed. This means that if you installed all components of the Endpoint Security MI framework on one server, all the components of the Full Disk Encryption Module must be installed on the same server. Similarly, if the different Endpoint Security MI framework components were installed on several different servers, the Full Disk Encryption Module components must be installed in the corresponding way.
Installing the Full Disk Encryption ModuleYou install the Full Disk Encryption Module by running the installation wizard. In this section, it is assumed that all the components of the Endpoint Security MI framework were installed on one server, so all Full Disk Encryption Module components will be installed on the same server.
To install the Full Disk Encryption Module:
1. Insert the Endpoint Security MI Full Disk Encryption Module CD into your CD drive. The following dialog box opens:
2. Click Setup.
Installing the Full Disk Encryption Module
Chapter 1 Installing the Full Disk Encryption Module 9
The wizard prepares the installation and the following dialog box opens:
3. Select all of the Full Disk Encryption Module components. There is one such component under each of the following nodes: Database, Connection Point and Management Console.
Click Next. The license agreement opens:
4. Read the license agreement carefully, click Yes, I accept ... and click Next.
Installing the Full Disk Encryption Module
10
The following dialog box opens:
5. Click Next. The installation begins.
The installation wizard prepares and copies Full Disk Encryption Module files and opens the following dialog box:
6. Enter the names and passwords for system administrator accounts that will be installed on all Full Disk Encryption Module-protected devices.
Note - The passwords for the two accounts must be different.
Installing the Full Disk Encryption Module
Chapter 1 Installing the Full Disk Encryption Module 11
Click Next to continue. The following dialog box opens:
7. Enter the name and password for a Remote Help account that will be installed on all Full Disk Encryption Module-protected devices. Click Next to continue. The following dialog box opens:
8. Click Yes to save a copy of Full Disk Encryption Module to use when creating and deploying installation packages. If you select No, you will have to locate Full Disk Encryption Module on the Endpoint Security MI Full Disk Encryption Module CD when creating an installation package. It is in the following directory on the CD: 0_Endpoint Security MI Framework\FDE MI
Client\Installation.
In the following dialog box:
Installing the Full Disk Encryption Module
12
9. Browse to a secure location for Full Disk Encryption Module and click Next to continue. The following dialog box opens:
10. Click OK. The following dialog box opens:
11. Click Finish to complete the installation and close the Full Disk Encryption Module Installer. Full Disk Encryption Module is now installed and you can access it from the Endpoint Security MI management console.
If the management console was open during the installation, you will have to restart it before you can access the new module.
Note - If any errors occur during this stage, the copy will be incomplete and should be removed. Instead, you must locate and use files from the Full Disk Encryption Module CD when creating an installation package, or create a copy manually. They are in the following directory on the CD: 0_Endpoint Security MI Framework\FDE MI Client\Installation.
Accessing Full Disk Encryption Module
Chapter 1 Installing the Full Disk Encryption Module 13
Accessing Full Disk Encryption Module Once you have installed the Full Disk Encryption Module, you can log on to Endpoint Security MI and review the Full Disk Encryption Module settings.
To access the Full Disk Encryption Module:
1. Click Start, navigate to the Check Point program group and select Endpoint Security MI → Endpoint Security MI Management Console. The following dialog box opens:
2. Enter the name of a Endpoint Security MI system administrator account and the password associated with it. Click OK. The Endpoint Security MI management console opens:
Accessing Full Disk Encryption Module
14
3. In Endpoint Security MI explorer, browse to Software. Under Security Modules, double-click on Full Disk Encryption Module. To access information about version name and number, in the view, right-click and select Properties.
For more information on configuring and deploying the Endpoint Security MI Full Disk Encryption Module, see the Endpoint Security MI Full Disk Encryption Module Administration Guide.
For information on working with the Endpoint Security MI framework, see the Endpoint Security MI Framework Administration Guide.
15
Chapter 2Modifying the Full Disk Encryption Module
In This Chapter:
IntroductionThis chapter explains how to remove and upgrade the Full Disk Encryption Module in your Endpoint Security MI environment. You modify the Full Disk Encryption Module by running the setup wizard.
Upgrading the Full Disk Encryption ModuleYou can upgrade the Full Disk Encryption Module from Endpoint Security MI by running the installation wizard.
Introduction page 15
Upgrading the Full Disk Encryption Module page 15
Removing the Full Disk Encryption Module page 18
Upgrading the Full Disk Encryption Module
16
To upgrade the Full Disk Encryption Module:
1. Insert the Endpoint Security MI Full DiskEncryption Module CD into your CD drive. The following dialog box opens:
2. Click Setup. The following dialog box opens:
3. Click Next. Setup upgrades the components and displays the following dialog box:
Upgrading the Full Disk Encryption Module
Chapter 2 Modifying the Full Disk Encryption Module 17
4. Click Yes to save an upgraded copy of the Endpoint Security MI Full DiskEncryption Module to use when creating and deploying installation packages. If you select No, you will have to locate the Endpoint Security MI Full DiskEncryption Module on the CD when creating an installation package.
In the following dialog box:
5. Browse to a secure location for the Full Disk Encryption Module and click Next to continue. The following dialog box opens:
6. Click OK. The following dialog box opens:
Removing the Full Disk Encryption Module
18
7. Click Finish to complete the upgrade.
For more information on configuring and deploying the Endpoint Security MI Full DiskEncryption Module, see the Endpoint Security MI Full DiskEncryption Module Administrator’s Guide.
For information on working with Endpoint Security MI, see the Endpoint Security MI Framework Administrator’s Guide.
Removing the Full Disk Encryption Module To remove the Full Disk Encryption Module:
1. Insert the Endpoint Security MI Full DiskEncryption Module CD into your CD drive. The following dialog box opens:
Note - Encryption on the client computer to be upgraded must be completed, that is, no encryption may be in progress on that computer, when the upgrade starts.
Removing the Full Disk Encryption Module
Chapter 2 Modifying the Full Disk Encryption Module 19
2. Click Setup. The wizard opens the following dialog box:
3. Deselect the component(s) you want to remove and click Next. Complete the wizard to remove the Endpoint Security MI Full DiskEncryption Module.
Removing the Full Disk Encryption Module
20
Worldwide Headquarters
Check Point Software Technologies, Ltd.5 Ha’Solelim Street
Tel Aviv 67897, IsraelTel: 972-3-753-4555Fax: 972-3-624-1100
email: [email protected]
U.S. Headquarters
Check Point Software Technologies, Inc.800 Bridge ParkwayRedwood City, CA 94065Tel: 800-429-4391; 650-628-2000Fax: 650-654-4233
www.checkpoint.com
