Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 5 subscribers
  • Views 12456 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SGN Data Exchange

tough

Hi,

I have a deployment for SGN Data Exchange come with the below scenario:

1. File based encryption

2. 1 key preferrable apply to all SGN DX installed clients

3.  The encrypted pendrive accessible in PC without SGN client by key in password using SG Portable

Anyone, advice pls...

Thanks.

:24471


This thread was automatically locked due to age.
  • 0

    Are you wanting deployment help or setting up the server backend for this?  What more specifically do you need to know or need assistance iwth.

    :24495
  • 0

    Dear Joel,

    Thanks for your reply. I need deployment help on how to set this policy. FYI,  my Safeguard Management Center is up actually.

    Regards,

    Caren

    :24503
  • 0

    Well this isn't difficult at all.  This is the simplist method and honestly safest with the least impact to your users, it allows data to flow in but not out of the company.

    First create a ROOT KEY specific for to your media, so for example create a new key to be inherited on the root level as "ENC_MEDIA_KEY" or something along those lines.

    Next go to your root policy and create a new policy item for device protection choose the target as removable media, set meda encryption mode as file based, set algorithm as AES-256, set the key to be used as a defined key on list, and on the list specify the key you created as the first step.  This will sign ALL your USB keys and files with the same key, all users will get that key as long as they have an "authorized" machine with a DX license.

    The rest of the file settings set as you need, them, warning though SG Portable allows the users to sign the files with an alternate local key they specify with a symetric password meaning they can decrypt the file on the flash drive as needed.  If that's the behaviour your want then train your users, if not then don't use SG Portable and tell them they need to use an authroized company computer to access the data PERIOD.

    :24539
  • 0

     Thanks for your reply. I already try on all the step provided below but it appear a prompt out looking for a key when I try to plug in the encrypted pendrive into other machine without safeguard. I have the snapshot, is that possible for me to email it to you?

    Thanks.

    :24567
  • 0

    Let me get this strait you're trying to encrypt a file on an SG machine then move it to another machine without SG and NOT have it encrypted?

    That's not going to work without extra configuration.  You can use SGPortable on a flash drive to decrypt and use temporairily but the file has to be signed on that machine that encrypted it with a portable key and password so that you can decrypt it on another machine.

    :24687
Unfiltered HTML