User manual SOPHOS SAFEGUARD ENTERPRISE 5.50 MANUAL FOR CERTIFICATION-COMPLIANT OPERATION 4-2010

[. . . ] The Evaluation Assurance Level of SafeGuard Enterprise Device Encryption is "EAL3+". The specified minimum strength of the security functions of SafeGuard Enterprise Device Encryption, Version 5. 30, is "SOF-medium". 2. 1 Evaluation Assurance Level In the scope of the Common Criteria, the Evaluation Assurance Level (EAL) specifies the accuracy and the effort used to analyze and verify the correct implementation of the security functions of a certified product. The Common Criteria specify seven different Evaluation Assurance Levels. Level "EAL1" defines the lowest, "EAL7" the highest Evaluation Assurance Level. [. . . ] This certificate shall be checked prior to installation to verify the origin, integrity and authenticity of the received product material. 3. 3 Measures for secure operation To operate SafeGuard Enterprise Device Encryption in a certified configuration and to guarantee the highest available security, the following administrative and operational measures have to be taken. 3. 3. 1 Administrative measures The administrative measures are to be considered during installation of SafeGuard Enterprise Device Encryption and as long as it is installed. 7 SafeGuard® Enterprise 5. 50, Manual for certification-compliant operation 3. 3. 1. 1 Installation and configuration SafeGuard Enterprise Device Encryption shall be properly installed. Details concerning secure installation are as follows: Installation according to user and administrator guidance Correct preparation of the client with the client configuration package (as described in the user guidance) Providing a working network connection between SafeGuard Enterprise Device Encryption client and SafeGuard Enterprise Server after installation Setting secure attributes in administration and configuration data: The minimum length for all passwords must be set to 8 characters. Under Windows Vista the SafeGuard Enterprise Credential Provider has to be used. The usage of other credential providers and the SafeGuard Enterprise authentication application are not covered by the certification. 3. 3. 1. 2 Client-Server connection The data connection between SafeGuard Enterprise Device Encryption and SafeGuard Enterprise Server has to be secured by a Secure Socket Layer (SSL) connection fulfilling the following requirements: Usage of Secure Socket Layer v3 or higher or Transport Layer Security (TLS) The used implementation of SSL/TLS has to be trustworthy and has to be kept up-to-date. In particular, it has to be ensured that all relevant patches are installed. Usage of strong cryptographic algorithms Guidelines for the choice of algorithms and key lengths are published on a regular basis by the German Federal Network Agency (Bundesnetzagentur) at www. bundesnetzagentur. de1 or the US National Institute of Standards and Technology (NIST) at http://csrc. nist. gov2. Similar guidelines are published by the respective information security agencies of many other countries. Note: Encryption and integrity protection of all transmitted data as well as server authentication are mandatory in SSL/TLS and cannot be turned off if properly configured. 1. See http://www. bundesnetzagentur. de/enid/Veroeffentlichungen/Algorithmen_sw. html for lists of approved algorithms and key sizes (in German). 2. The Implementaion Guidance for FIPS Pub 140-2 and the Cryptographic Module Validation Program, which is jointly published by the US National Institute of Standards and Technology (NIST) and Canadian Communications Security establishment (CSE), provides a good overview on the algorithm requirements for North American countries. 8 SafeGuard® Enterprise 5. 50, Manual for certification-compliant operation 3. 3. 1. 3 BitLocker Drive Encryption SafeGuard Enterprise also supports environments comprising SafeGuard Enterprise Device Encryption clients and BitLocker Drive Encryption clients. All these clients can be administered centrally using SafeGuard Management Center. Only SafeGuard Enterprise Device Encryption has been evaluated and certified. This may for example be the case, when an employee moves to a different position within the company or leaves the company. In this case, the User-Machine-Assignment (UMA) has to be changed to ensure that the user cannot access this specific device. Furthermore, a complete re-encryption of the respective device shall be performed. 3. 3. 1. 10 ReadyBoost ReadyBoost is a system feature of the Microsoft Windows Vista operating system that uses flash storage as disk cache to speed up hard disk access times. ReadyBoost was not tested during the evaluation and shall not be used in certification-compliant operation. 3. 3. 1. 11 Secure Wake on LAN (WOL) The Secure Wake on LAN functionality shall be deactivated for all clients. This is to ensure that the Power-on Authentication (POA) is active at all times. 3. 3. 1. 12 Lenovo Resuce and RecoveryTM (RnR) Lenovo Rescue and RecoveryTM was not tested during the evaluation and shall not be used in certification-compliant operation. 3. 3. 1. 13 Authentication at Microsoft Windows Vista Logon to Microsoft Windows Vista using a combination of non-SafeGuard Enterprise credential providers and the SafeGuard Enterprise Authentication Application was not tested during the evaluation and shall not be used in certification-compliant operation. 10 SafeGuard® Enterprise 5. 50, Manual for certification-compliant operation 3. 3. 2 Measures during operation The operational measures have to be taken as long as SafeGuard Enterprise Device Encryption is installed on a client PC. 3. 3. 2. 1 Keeping passwords confidential Users must keep their password secret. Passwords should not be written down, neither manually nor electronically, to prevent unauthorized persons from obtaining a valid password. 3. 3. 2. 2 Administration server connection To update security rules, administration and configuration data, the client PC is to be connected to the administration server in regular intervals. 3. 3. 2. 3 Preventing usage of incompatible software Software which does not use the respective Application Programming Interface of the OS platform for disk access must not be placed on the client PC's storage device or executed while the computer is operated. SafeGuard Enterprise Device Encryption works in combination with all application software released for the mentioned operating system platforms. However, application software which is not using the respective Application Programming Interface of the OS platform for disk access, but circumventing some layers of the disk access system, may read encrypted data from storage devices and therefore may not recognize the file structure correctly. Such software may also write plain text data directly onto a protected device. This data is then not protected against unauthorized disclosure by SafeGuard Enterprise Device Encryption. Incompatibilities of this kind are only known for certain virus scanners and backup programs. 3. 3. 2. 4 Mixed encryption states If systems use both encrypted and unencrypted devices or partitions at the same time, it is the user's responsibility to ensure that sensitive data is only written to encrypted devices. This ensures that all temporary files, swap files as well as files in the recycle bin or in personal folders like "My Documents" are always encrypted and reduces the possibility of faulty operation by the user. 11 SafeGuard® Enterprise 5. 50, Manual for certification-compliant operation 3. 3. 2. 5 Adequate user behavior Authorised users shall neither actively nor negligently compromise the security of the computer on which the TOE is installed. In particular, they shall not place malicious software (like programs containing viruses or Trojan horses) on the computer, modify the TOE program or data files, modify the hard disk with tools circumventing the TOE transparent encryption interface or leave a computer secured by the TOE unattended while being in operational state. 3. 3. 3 Secure states Systems protected by SafeGuard Enterprise Device Encryption are considered to be in a secure state, if the system is in power-off or in hibernation mode. [. . . ] Note: Start the uninstallation only after you have made sure that the policy has become effective on the clients and that the data has been decrypted. Initiate uninstallation via software distribution mechanisms. 14 SafeGuard® Enterprise 5. 50, Administrator help 4 Copyright Copyright © 1996 - 2010 Sophos Group and Utimaco Safeware AG. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the licence terms or you otherwise have the prior permission in writing of the copyright owner. SafeGuard is a registered trademark of Utimaco Safeware AG - a member of the Sophos Group. [. . . ]