Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 5 subscribers
  • Views 1265 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SGE5.5 hardware requirements /limitations

ScubaITman

I have a customer who is being required to encrypt data because of the type business thay are in. thier current equipment is inadequate and out dated so we are providing them with a solution, including server and workstation upgrades. currently we are looking at a dell poweredge t310 or t410 for the server and optiplex 380 as the work stations running W2K8 on server and W7 on work stations, its unclear as to whether we will be running X86 or X64 flavors of the OS's due to software requirements that they have in place and need to remain in place. the only information i can find so far says SGE5.5 wont work with SCSI hardrives, which is not a problem with any of the equipment we are looking at. are there any other restrictions we need to consider on our builds such as raid array or processor and ram types/speeds. also our requirements are to totally encrypt each work station drive, on the server we need to encrypt at the very least the shared folders/drive/partition and allow seamless access to the users. currently they are in a workgroup but we will be creating a AD environment with the new equipment installation. any help would be greatly appreciated as we are under the gun and on the clock to meet deadline requirements for implementation.

thank you,

:7521


This thread was automatically locked due to age.
Parents
  • 0

    This is handled in SafeGuard LAN Crypt with it so called encryption profiles. Every user has his own encryption profile which contains his personal key-ring containing one or more keys and encryption rules. These encryption profiles are created/generated by a security officer (one could say the security administrator).

    In an encryption profile you would for example have the following rules:

    - Encrypt \\Server\%username%$\*.* including all subdirectories with a personal key;

    - Encrypt \\Server\Departments\HR\*.* including subdirectories with the Human-Resources Key;

    - Leave \\Server\Departments\HR\Public\*.* in plain;

    When a user now logs on to the system that has the Human-Resources key in his keyring then thiss user can open the files and work with them. Users that are not in posession of the key cannot even open the files encrypted with this key (assuming that the SafeGuard LAN Crypt client is installed on all PCs).

    So all users can work with all files stored on the server as long as they are in posession of the key that was used to encrypt the files. The encryption profile / key-ring concept ensures that the security officer can easily add/remove encryption rules and keys so that there is no need to reencrypt files when a user leaves or is added to a group.

    Best practice is this case would be to combine ACL's with recryption rules. For example import the HR-Group from your active directory into the SafeGuard LAN Crypt administration and then assign the encryption rules to this group whilst at the same time using this group to control access to the HR share.

    :7577
Reply
  • 0

    This is handled in SafeGuard LAN Crypt with it so called encryption profiles. Every user has his own encryption profile which contains his personal key-ring containing one or more keys and encryption rules. These encryption profiles are created/generated by a security officer (one could say the security administrator).

    In an encryption profile you would for example have the following rules:

    - Encrypt \\Server\%username%$\*.* including all subdirectories with a personal key;

    - Encrypt \\Server\Departments\HR\*.* including subdirectories with the Human-Resources Key;

    - Leave \\Server\Departments\HR\Public\*.* in plain;

    When a user now logs on to the system that has the Human-Resources key in his keyring then thiss user can open the files and work with them. Users that are not in posession of the key cannot even open the files encrypted with this key (assuming that the SafeGuard LAN Crypt client is installed on all PCs).

    So all users can work with all files stored on the server as long as they are in posession of the key that was used to encrypt the files. The encryption profile / key-ring concept ensures that the security officer can easily add/remove encryption rules and keys so that there is no need to reencrypt files when a user leaves or is added to a group.

    Best practice is this case would be to combine ACL's with recryption rules. For example import the HR-Group from your active directory into the SafeGuard LAN Crypt administration and then assign the encryption rules to this group whilst at the same time using this group to control access to the HR share.

    :7577
Children
No Data
Unfiltered HTML