User manual SOPHOS SAFEGUARD ENTERPRISE 5.50 MANUAL FOR CERTIFICATION-COMPLIANT OPERATION 4-2010

[. . . ] The Evaluation Assurance Level of SafeGuard Enterprise Device Encryption is "EAL3+". The specified minimum strength of the security functions of SafeGuard Enterprise Device Encryption, Version 5. 30, is "SOF-medium". 2. 1 Evaluation Assurance Level In the scope of the Common Criteria, the Evaluation Assurance Level (EAL) specifies the accuracy and the effort used to analyze and verify the correct implementation of the security functions of a certified product. The Common Criteria specify seven different Evaluation Assurance Levels. Level "EAL1" defines the lowest, "EAL7" the highest Evaluation Assurance Level. [. . . ] In particular, it has to be ensured that all relevant patches are installed. Usage of strong cryptographic algorithms Guidelines for the choice of algorithms and key lengths are published on a regular basis by the German Federal Network Agency (Bundesnetzagentur) at www. bundesnetzagentur. de1 or the US National Institute of Standards and Technology (NIST) at http://csrc. nist. gov2. Similar guidelines are published by the respective information security agencies of many other countries. Note: Encryption and integrity protection of all transmitted data as well as server authentication are mandatory in SSL/TLS and cannot be turned off if properly configured. 1. See http://www. bundesnetzagentur. de/enid/Veroeffentlichungen/Algorithmen_sw. html for lists of approved algorithms and key sizes (in German). 2. The Implementaion Guidance for FIPS Pub 140-2 and the Cryptographic Module Validation Program, which is jointly published by the US National Institute of Standards and Technology (NIST) and Canadian Communications Security establishment (CSE), provides a good overview on the algorithm requirements for North American countries. 8 SafeGuard® Enterprise 5. 50, Manual for certification-compliant operation 3. 3. 1. 3 BitLocker Drive Encryption SafeGuard Enterprise also supports environments comprising SafeGuard Enterprise Device Encryption clients and BitLocker Drive Encryption clients. All these clients can be administered centrally using SafeGuard Management Center. Only SafeGuard Enterprise Device Encryption has been evaluated and certified. This may for example be the case, when an employee moves to a different position within the company or leaves the company. In this case, the User-Machine-Assignment (UMA) has to be changed to ensure that the user cannot access this specific device. Furthermore, a complete re-encryption of the respective device shall be performed. 3. 3. 1. 10 ReadyBoost ReadyBoost is a system feature of the Microsoft Windows Vista operating system that uses flash storage as disk cache to speed up hard disk access times. ReadyBoost was not tested during the evaluation and shall not be used in certification-compliant operation. 3. 3. 1. 11 Secure Wake on LAN (WOL) The Secure Wake on LAN functionality shall be deactivated for all clients. This is to ensure that the Power-on Authentication (POA) is active at all times. 3. 3. 1. 12 Lenovo Resuce and RecoveryTM (RnR) Lenovo Rescue and RecoveryTM was not tested during the evaluation and shall not be used in certification-compliant operation. 3. 3. 1. 13 Authentication at Microsoft Windows Vista Logon to Microsoft Windows Vista using a combination of non-SafeGuard Enterprise credential providers and the SafeGuard Enterprise Authentication Application was not tested during the evaluation and shall not be used in certification-compliant operation. 10 SafeGuard® Enterprise 5. 50, Manual for certification-compliant operation 3. 3. 2 Measures during operation The operational measures have to be taken as long as SafeGuard Enterprise Device Encryption is installed on a client PC. 3. 3. 2. 1 Keeping passwords confidential Users must keep their password secret. Passwords should not be written down, neither manually nor electronically, to prevent unauthorized persons from obtaining a valid password. 3. 3. 2. 2 Administration server connection To update security rules, administration and configuration data, the client PC is to be connected to the administration server in regular intervals. 3. 3. 2. 3 Preventing usage of incompatible software Software which does not use the respective Application Programming Interface of the OS platform for disk access must not be placed on the client PC's storage device or executed while the computer is operated. SafeGuard Enterprise Device Encryption works in combination with all application software released for the mentioned operating system platforms. However, application software which is not using the respective Application Programming Interface of the OS platform for disk access, but circumventing some layers of the disk access system, may read encrypted data from storage devices and therefore may not recognize the file structure correctly. Such software may also write plain text data directly onto a protected device. This data is then not protected against unauthorized disclosure by SafeGuard Enterprise Device Encryption. Incompatibilities of this kind are only known for certain virus scanners and backup programs. 3. 3. 2. 4 Mixed encryption states If systems use both encrypted and unencrypted devices or partitions at the same time, it is the user's responsibility to ensure that sensitive data is only written to encrypted devices. All local hard disk partitions shall be encrypted. This ensures that all temporary files, swap files as well as files in the recycle bin or in personal folders like "My Documents" are always encrypted and reduces the possibility of faulty operation by the user. 11 SafeGuard® Enterprise 5. 50, Manual for certification-compliant operation 3. 3. 2. 5 Adequate user behavior Authorised users shall neither actively nor negligently compromise the security of the computer on which the TOE is installed. In particular, they shall not place malicious software (like programs containing viruses or Trojan horses) on the computer, modify the TOE program or data files, modify the hard disk with tools circumventing the TOE transparent encryption interface or leave a computer secured by the TOE unattended while being in operational state. 3. 3. 3 Secure states Systems protected by SafeGuard Enterprise Device Encryption are considered to be in a secure state, if the system is in power-off or in hibernation mode. SafeGuard Enterprise Device Encryption does not protect running systems. In this context, systems in stand-by mode or systems with locked screens are considered running systems. [. . . ] Initiate uninstallation via software distribution mechanisms. 14 SafeGuard® Enterprise 5. 50, Administrator help 4 Copyright Copyright © 1996 - 2010 Sophos Group and Utimaco Safeware AG. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the licence terms or you otherwise have the prior permission in writing of the copyright owner. Sophos is a registered trademark of Sophos Plc and the Sophos Group. SafeGuard is a registered trademark of Utimaco Safeware AG - a member of the Sophos Group. [. . . ]