Endpoint Security MI Full Disk Encryption Module 7.4 Installation Guide
September 25, 2009
© 2003-2009 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Please refer to http://www.checkpoint.com/copyright.html for a list of our trademarks. For third party notices, see: http://www.checkpoint.com/3rd_party_copyright.html.
Contents Preface
Chapter 1
Introduction ...................................................................................................... 1 About this Guide................................................................................................ 1 Who should read this guide? .......................................................................... 2 Conventions ................................................................................................. 2 Related Documentation ................................................................................. 4 Requirements.................................................................................................... 5 Full Disk Encryption Environment Security Requirements ................................. 5 Contact Information ........................................................................................... 5 Documentation Feedback ................................................................................... 6
Installing the Full Disk Encryption Module Introduction ...................................................................................................... 7 Before Installing ................................................................................................ 7 Installing the Full Disk Encryption Module ........................................................... 8 Accessing Full Disk Encryption Module .............................................................. 13
Chapter 2
Modifying the Full Disk Encryption Module Introduction .................................................................................................... 15 Upgrading the Full Disk Encryption Module........................................................ 15 Removing the Full Disk Encryption Module......................................................... 18
Table of Contents
i
ii
P
Preface Preface
In This Section: Introduction
page 1
About this Guide
page 1
Who should read this guide?
page 2
Related Documentation
page 4
Requirements
page 5
Full Disk Encryption Environment Security Requirements
page 5
Contact Information
page 5
Documentation Feedback
page 6
Introduction Full Disk Encryption is a security module for protecting laptop and desktop computers. Endpoint Security MI together with Full Disk Encryption provides you with a flexible framework and strong software with which to manage security on devices at the end-points of your organization.
About this Guide This guide explains how to install and configure Full Disk Encryption in an Endpoint Security MI environment. This guide contains: •
This introductory chapter
1
Who should read this guide?
•
Chapter 1, “Installing the Full Disk Encryption Module” on page 7 which explains how to install Full Disk Encryption in an Endpoint Security MI environment
•
Chapter 2, “Modifying the Full Disk Encryption Module” on page 15 which explains how to remove and upgrade Full Disk Encryption in an Endpoint Security MI environment. Note -
–
When documenting procedures, progress bars are not shown.
–
The Pointsec X9.9-token is used in examples where dynamic passwords are required.
–
If a setting on a property sheet or dialog box is not documented, then you do not need to change the setting.
Who should read this guide? Administrators at organizations that are installing, deploying and/or administering Full Disk Encryption and other Check Point products should read this guide. Note - We strongly recommend that anyone planning to install, deploy and/or administer Check Point products attend certification training first. Contact your sales representative or visit: www.checkpoint.com for more information.
Conventions This guide uses the following formatting and graphics conventions.
2
Convention
Description
Bold
Used for user interface elements, such as panels, tabs, files, buttons, and menu options.
Italic
Used for emphasis.
Monospace
Used for file names and paths.
→
The arrow → is used to illustrate menu choices. For example, File → Open means that you should choose Open from the File menu.
Conventions
Convention
Description Tip icon. Suggests for example an alternative method for accomplishing tasks or procedures.
Note icon. Emphasizes related, reinforcing, or important information.
Caution icon. Indicates actions or processes that can potentially damage data or programs.
Chapter
Preface
3
Related Documentation
Related Documentation For the very latest information on Full Disk Encryption, and for system and hardware requirements, please see the Release Notes. The following Full Disk Encryption documentation is available from the Support Center (https://supportcenter.checkpoint.com/): Table 1-1
4
Endpoint Security MI Full Disk Encryption Module documentation
Title
This document contains ...
Endpoint Security MI Full Disk Encryption Module Administration Guide
Information on how to administer and use the Endpoint Security MI Full Disk Encryption Module, including how to deploy Pointsec PC on end-users workstations.
Endpoint Security Release Notes
•
System requirements
•
Current information about the product, such as –
new features and functions in the current release,
–
problems that have been fixed since the previous release, and
–
any known issues about the current release.
Endpoint Security MI Framework Installation Guide
Information on how to install the Endpoint Security MI framework.
Endpoint Security MI Framework Administration Guide
Information on how to use the Endpoint Security MI framework.
Requirements
Requirements Full Disk Encryption Environment Security Requirements To maximize the level of security, you should ensure that you have: •
Received an authentic copy of the Endpoint Security MI Full Disk Encryption Module
•
A test environment for the initial Endpoint Security MI Full Disk Encryption Module installation and configuration
•
A reliable time source on the local computer, i.e. it should be synchronized with a time server
•
A phone verification database to determine the authenticity of users calling in for Remote Help. Note - We recommend that you always back up any computer on which
you want to install Endpoint Security MI Full Disk Encryption Module.
Contact Information If you require information on Check Point’s other security products or services, or if you should encounter any problems with the Endpoint Security MI Full Disk Encryption Module, please visit our web site or call us. Table 1-2
Telephone:
Web site:
Contact information
Area
Technical Support
Sales
The Americas
972-444-6600
1-800-429-4391
International
+972-3-6115100
www.checkpoint.com
Chapter
Preface
5
Documentation Feedback
Documentation Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments to:
[email protected]
6
Chapter
1
Installing the Full Disk Encryption Module In This Chapter: Introduction
page 7
Before Installing
page 7
Installing the Full Disk Encryption Module
page 8
Accessing Full Disk Encryption Module
page 13
Introduction This chapter explains what is required to install the Full Disk Encryption Module and how to install it.
Before Installing Before you install the Full Disk Encryption Module, the Endpoint Security MI framework must be installed on the server(s) or workstation (for the management console) on which you want to work with the Full Disk Encryption Module. For more information, see the Endpoint Security MI Framework Installation Guide and Administration Guide.
7
Installing the Full Disk Encryption Module
The Full Disk Encryption Module components must be installed in a way which corresponds to how the Endpoint Security MI framework components were installed. This means that if you installed all components of the Endpoint Security MI framework on one server, all the components of the Full Disk Encryption Module must be installed on the same server. Similarly, if the different Endpoint Security MI framework components were installed on several different servers, the Full Disk Encryption Module components must be installed in the corresponding way.
Installing the Full Disk Encryption Module You install the Full Disk Encryption Module by running the installation wizard. In this section, it is assumed that all the components of the Endpoint Security MI framework were installed on one server, so all Full Disk Encryption Module components will be installed on the same server.
To install the Full Disk Encryption Module: 1. Insert the Endpoint Security MI Full Disk Encryption Module CD into your CD drive. The following dialog box opens:
2. Click Setup.
8
Installing the Full Disk Encryption Module
The wizard prepares the installation and the following dialog box opens:
3. Select all of the Full Disk Encryption Module components. There is one such component under each of the following nodes: Database, Connection Point and Management Console. Click Next. The license agreement opens:
4. Read the license agreement carefully, click Yes, I accept ... and click Next.
Chapter 1
Installing the Full Disk Encryption Module
9
Installing the Full Disk Encryption Module
The following dialog box opens:
5. Click Next. The installation begins. The installation wizard prepares and copies Full Disk Encryption Module files and opens the following dialog box:
6. Enter the names and passwords for system administrator accounts that will be installed on all Full Disk Encryption Module-protected devices. Note - The passwords for the two accounts must be different.
10
Installing the Full Disk Encryption Module
Click Next to continue. The following dialog box opens:
7. Enter the name and password for a Remote Help account that will be installed on all Full Disk Encryption Module-protected devices. Click Next to continue. The following dialog box opens:
8. Click Yes to save a copy of Full Disk Encryption Module to use when creating and deploying installation packages. If you select No, you will have to locate Full Disk Encryption Module on the Endpoint Security MI Full Disk Encryption Module CD when creating an installation package. It is in the following directory on the CD: 0_Endpoint Security MI Framework\FDE MI Client\Installation. In the following dialog box:
Chapter 1
Installing the Full Disk Encryption Module
11
Installing the Full Disk Encryption Module
9. Browse to a secure location for Full Disk Encryption Module and click Next to continue. The following dialog box opens:
Note - If any errors occur during this stage, the copy will be incomplete
and should be removed. Instead, you must locate and use files from the Full Disk Encryption Module CD when creating an installation package, or create a copy manually. They are in the following directory on the CD: 0_Endpoint Security MI Framework\FDE MI Client\Installation. 10. Click OK. The following dialog box opens:
11. Click Finish to complete the installation and close the Full Disk Encryption Module Installer. Full Disk Encryption Module is now installed and you can access it from the Endpoint Security MI management console. If the management console was open during the installation, you will have to restart it before you can access the new module.
12
Accessing Full Disk Encryption Module
Accessing Full Disk Encryption Module Once you have installed the Full Disk Encryption Module, you can log on to Endpoint Security MI and review the Full Disk Encryption Module settings.
To access the Full Disk Encryption Module: 1. Click Start, navigate to the Check Point program group and select Endpoint Security MI → Endpoint Security MI Management Console. The following dialog box opens:
2. Enter the name of a Endpoint Security MI system administrator account and the password associated with it. Click OK. The Endpoint Security MI management console opens:
Chapter 1
Installing the Full Disk Encryption Module
13
Accessing Full Disk Encryption Module
3. In Endpoint Security MI explorer, browse to Software. Under Security Modules, double-click on Full Disk Encryption Module. To access information about version name and number, in the view, right-click and select Properties. For more information on configuring and deploying the Endpoint Security MI Full Disk Encryption Module, see the Endpoint Security MI Full Disk Encryption Module Administration Guide. For information on working with the Endpoint Security MI framework, see the Endpoint Security MI Framework Administration Guide.
14
Chapter
2
Modifying the Full Disk Encryption Module In This Chapter: Introduction
page 15
Upgrading the Full Disk Encryption Module
page 15
Removing the Full Disk Encryption Module
page 18
Introduction This chapter explains how to remove and upgrade the Full Disk Encryption Module in your Endpoint Security MI environment. You modify the Full Disk Encryption Module by running the setup wizard.
Upgrading the Full Disk Encryption Module You can upgrade the Full Disk Encryption Module from Endpoint Security MI by running the installation wizard.
15
Upgrading the Full Disk Encryption Module
To upgrade the Full Disk Encryption Module: 1. Insert the Endpoint Security MI Full DiskEncryption Module CD into your CD drive. The following dialog box opens:
2. Click Setup. The following dialog box opens:
3. Click Next. Setup upgrades the components and displays the following dialog box:
16
Upgrading the Full Disk Encryption Module
4. Click Yes to save an upgraded copy of the Endpoint Security MI Full DiskEncryption Module to use when creating and deploying installation packages. If you select No, you will have to locate the Endpoint Security MI Full DiskEncryption Module on the CD when creating an installation package. In the following dialog box:
5. Browse to a secure location for the Full Disk Encryption Module and click Next to continue. The following dialog box opens:
6. Click OK. The following dialog box opens:
Chapter 2
Modifying the Full Disk Encryption Module
17
Removing the Full Disk Encryption Module
7. Click Finish to complete the upgrade. Note - Encryption on the client computer to be upgraded must be completed, that is, no encryption may be in progress on that computer, when the upgrade starts.
For more information on configuring and deploying the Endpoint Security MI Full DiskEncryption Module, see the Endpoint Security MI Full DiskEncryption Module Administrator’s Guide. For information on working with Endpoint Security MI, see the Endpoint Security MI Framework Administrator’s Guide.
Removing the Full Disk Encryption Module To remove the Full Disk Encryption Module: 1. Insert the Endpoint Security MI Full DiskEncryption Module CD into your CD drive. The following dialog box opens:
18
Removing the Full Disk Encryption Module
2. Click Setup. The wizard opens the following dialog box:
3. Deselect the component(s) you want to remove and click Next. Complete the wizard to remove the Endpoint Security MI Full DiskEncryption Module.
Chapter 2
Modifying the Full Disk Encryption Module
19
Removing the Full Disk Encryption Module
20
www.checkpoint.com Worldwide Headquarters Check Point Software Technologies, Ltd. 5 Ha’Solelim Street Tel Aviv 67897, Israel Tel: 972-3-753-4555 Fax: 972-3-624-1100 email:
[email protected]
U.S. Headquarters Check Point Software Technologies, Inc. 800 Bridge Parkway Redwood City, CA 94065 Tel: 800-429-4391; 650-628-2000 Fax: 650-654-4233