Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 5 subscribers
  • Views 1263 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SGE5.5 hardware requirements /limitations

ScubaITman

I have a customer who is being required to encrypt data because of the type business thay are in. thier current equipment is inadequate and out dated so we are providing them with a solution, including server and workstation upgrades. currently we are looking at a dell poweredge t310 or t410 for the server and optiplex 380 as the work stations running W2K8 on server and W7 on work stations, its unclear as to whether we will be running X86 or X64 flavors of the OS's due to software requirements that they have in place and need to remain in place. the only information i can find so far says SGE5.5 wont work with SCSI hardrives, which is not a problem with any of the equipment we are looking at. are there any other restrictions we need to consider on our builds such as raid array or processor and ram types/speeds. also our requirements are to totally encrypt each work station drive, on the server we need to encrypt at the very least the shared folders/drive/partition and allow seamless access to the users. currently they are in a workgroup but we will be creating a AD environment with the new equipment installation. any help would be greatly appreciated as we are under the gun and on the clock to meet deadline requirements for implementation.

thank you,

:7521


This thread was automatically locked due to age.
  • 0

    The best solution to solve the listed requirements would be using a mix of SafeGuard Easy and SafeGuard LAN Crypt.

    With SafeGuard Easy you can encrypt the local hard disks of the workstations. SafeGuard Easy supports the following OS's:

    - Windows XP 32 bit with SP2 or SP3;

    - Windows Vista Enterprise/Ultimate/Business/Home Premium 32/64 bit with SP1 or SP2;

    - Windows 7 Enterprise/Ultimate/Professional/Home Premium 32/64 bit.

    There are some restrictions when working with raid system (like software raid is not supported) but there shouldn't be any issue installing SafeGuard Easy on a typical Windows workstation.

    For securing the data stored on the server SafeGuard LAN Crypt is the ideal product. SafeGuard LAN Crypt is a product which is installed on the workstations and is used to encrypt files that are stored on file-shares which it does completely transparently for the user. Because we encrypt the files at the workstation already there are also no additional requirements for the server (e.g. the server could have a SCSI disk, be a raid system, etc.).

    :7571
  • 0

    thank you thats just what i was looking for, however since the safeguard lan resides on the local PC and not the server would several people be able to access the shares, decrypt and make changes then encrypt and save back to the server? also there are personal/private folders on the server , I am assuming that the security/access settings (acl/group policy) on the server would control who could access those files and the individual encryption key would  allow the user to encrypt /decrypt as needed. what would be the process for accessing (encrypt/decrypt) the shares?

    :7575
  • 0

    This is handled in SafeGuard LAN Crypt with it so called encryption profiles. Every user has his own encryption profile which contains his personal key-ring containing one or more keys and encryption rules. These encryption profiles are created/generated by a security officer (one could say the security administrator).

    In an encryption profile you would for example have the following rules:

    - Encrypt \\Server\%username%$\*.* including all subdirectories with a personal key;

    - Encrypt \\Server\Departments\HR\*.* including subdirectories with the Human-Resources Key;

    - Leave \\Server\Departments\HR\Public\*.* in plain;

    When a user now logs on to the system that has the Human-Resources key in his keyring then thiss user can open the files and work with them. Users that are not in posession of the key cannot even open the files encrypted with this key (assuming that the SafeGuard LAN Crypt client is installed on all PCs).

    So all users can work with all files stored on the server as long as they are in posession of the key that was used to encrypt the files. The encryption profile / key-ring concept ensures that the security officer can easily add/remove encryption rules and keys so that there is no need to reencrypt files when a user leaves or is added to a group.

    Best practice is this case would be to combine ACL's with recryption rules. For example import the HR-Group from your active directory into the SafeGuard LAN Crypt administration and then assign the encryption rules to this group whilst at the same time using this group to control access to the HR share.

    :7577
  • 0

    good deal, thank you that clears it all up. 

    :7581
Unfiltered HTML