andystewartSL Absent Member.
Absent Member.
4325 views

Usb encryption - how does it work?

Ok, started work on a policy to allow certain USB keys to be used.

So i've scanned the relevant key and added it to the Storage Device Control "Preferred Devices" list, and this works fine on my test machine with the policy applied to the user.

This preferred device is accessible, and others aren't = good.

Ok, so expanding on this, wanted to enable encryption for removable storage devices, so enabled that, enabled "via password" and folder name of "SafeStore", and tick in box to force reboot.

Applied policy to test machine, it updated, forced a reboot etc.

Plug the approved USB key in and you get the "warning about to encrypt" prompt. Again, good.

New folder has appeared on the USB key called SafeStore = good.

Putting a document in this folder prompts for a password = again, good.

Now then, if I take this key to a machine that DOESN'T have ZESM installed, how do I get access to the document? I can see it there, but when I try to open the doc its just rubbish.

How does the decryption work? Shouldn't there be a prompt to decrypt, or am I missing something?
0 Likes
4 Replies
andystewartSL Absent Member.
Absent Member.

Re: Usb encryption - how does it work?

Ok, I found the decrypt tool for decrypting documents etc, but you can't put it on the root of the USB key to allow people to run it to then decrypt docs in the safe sub-folder.

It seems that all files put onto the USB key are encrypted, not just the safe sub-folder. Is this correct ?
0 Likes
Not applicable

Re: Usb encryption - how does it work?

It is correct.

The entire USB drive will be encrypted. This is a completely different approach from fixed disk encryption that uses Safe Harbor. The confusion comes because you enabled the two features, so your USB drive is encrypted completely, plus having the safe folder created because you enabled the safe harbor. Try enabling one at a time, and you'll see the difference.

As for the decryption utility, something that I found to be practical is to send the decryption utility via email to the user that will receive the encrypted USB drive. Of course, the decrpytion password should not be included in that email 🙂

Cheers,
Daniel


>>>

From: andystewartSL<andystewartSL@no-mx.forums.novell.com>
To:novell.support.zenworks.endpoint-security-management
Date: 5/8/2009 11:36 AM
Subject: Re: Usb encryption - how does it work?

Ok, I found the decrypt tool for decrypting documents etc, but you can't
put it on the root of the USB key to allow people to run it to then
decrypt docs in the safe sub-folder.

It seems that all files put onto the USB key are encrypted, not just
the safe sub-folder. Is this correct ?


--
Andy Stewart - Somewhere In Scotland
zcm 10.1.3, 4 servers in esx vm environment, 1100 users (so far,
heading for 2800)
(i'd still rather be snowboarding)
------------------------------------------------------------------------
andystewartSL's Profile: http://forums.novell.com/member.php?userid=1054
View this thread: http://forums.novell.com/showthread.php?t=371979
0 Likes
SimonMag Absent Member.
Absent Member.

Re: Usb encryption - how does it work?

I had another thought the other day, we are going to something along similar lines and only allow one brand of USB stick which I got working OK, but to stop users going out and buying their own brand of the allowed stick I am going to put in the serial numbers of the allowed sticks supplied by the IT dept, so they will be the only allowed.

andystewartSL;1788229 wrote:
Ok, started work on a policy to allow certain USB keys to be used.

So i've scanned the relevant key and added it to the Storage Device Control "Preferred Devices" list, and this works fine on my test machine with the policy applied to the user.

This preferred device is accessible, and others aren't = good.

Ok, so expanding on this, wanted to enable encryption for removable storage devices, so enabled that, enabled "via password" and folder name of "SafeStore", and tick in box to force reboot.

Applied policy to test machine, it updated, forced a reboot etc.

Plug the approved USB key in and you get the "warning about to encrypt" prompt. Again, good.

New folder has appeared on the USB key called SafeStore = good.

Putting a document in this folder prompts for a password = again, good.

Now then, if I take this key to a machine that DOESN'T have ZESM installed, how do I get access to the document? I can see it there, but when I try to open the doc its just rubbish.

How does the decryption work? Shouldn't there be a prompt to decrypt, or am I missing something?
0 Likes
andystewartSL Absent Member.
Absent Member.

Re: Usb encryption - how does it work?

Yeh thats what im doing, using the preferred devices list.

Was just wondering about the encryption side of it.

Cheers for the reply Daniel...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.