Using Hard Disk Encryption and Novell SecureLogin


Published on

Laptop theft is one of the most common crimes in industrial countries. Therefore, the demand for laptop security and the need to protect confidential data on hard disks is increasing. Several products on the market address this issue by offering hard disk encryption combined with login security. This session will show how these solutions can be integrated into a Novell environment.

A typical scenario might look like the following: The digital certificates used for encryption are generated in Novell eDirectory; the certificates are used with smartcards, which are also managed in eDirectory. The configuration of the hard disk encryption solution is deployed to clients with Novell ZENworks (no user interaction is necessary during installation and configuration). The hard disk encryption registration is combined with Novell SecureLogin, which results in a single sign-on.

This session will describe in detail what the configuration of hard disk encryption in such a scenario looks like, and will feature a live demonstration. The presenters are independent consultants with no interest in marketing a particular hard disk encryption solution.

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Using Hard Disk Encryption and Novell SecureLogin

  1. 1. Using Harddisk Encryption and Novell SecureLogin ® Troy Drewry Dirk Strauch Technical Sales Specialist Senior Consultant Novell, Inc. cv cryptovision
  2. 2. Overview Focus Shifts from Protecting the Network to Protecting Data • The Challenge of Data at Rest – Enterprise Data on Desktops, Laptops and Servers – Stolen and Lost Laptops – Data in Transit – Security Breaches • Regulations and Governance – Corporate and Industry – Local, State and Federal Government – International Considerations • Corporate Impact – Security breach consequences on client mind-set – Negative media exposure outcome on corporate profits • Using Hard Disk Encryption and Novell SecureLogin for ESSO ® – Stronger Alternate to Microsoft Windows Security – Don’t Touch that Application 2 © Novell, Inc. All rights reserved.
  3. 3. Encryption Technology • Hardware-Based Solutions – Intel® Anti-Theft Technology (Intel® AT) Stolen – Seagate DriveTrust™ (Self-Encrypting Drives) Technology – Geo Location and Others ( • Software-Based Solutions – Pre-Boot Authentication (PBA) – Full Drive Encryption (FDE) – File and Folder Encryption (FFE) – Port Security (USB/Firewall/Etc.) – External Drive Protection – File Sharing Safeguards • Auditing – Logging and Forensics Preparation – Reporting and Compliance 3 © Novell, Inc. All rights reserved.
  4. 4. Implementing Hard Disk Encryption Components • Servers – Key Storage – Directory Interoperability – Administration and Management – Scalability • Endpoint Platforms • Workstations • Laptops • Virtual Machines • Kiosks (Terminal Services and Citrix) • Mobil Devices • Others • OS Considerations • Windows • Mac • Linux/Unix • Mobile (at least 4) • Authentication Mechanism • Credentials • Smart Cards • Biometrics • Tokens 4 © Novell, Inc. All rights reserved.
  5. 5. Weighted Options to Implementation • Enterprise and Remote Roaming User Solutions • Pre-Boot Authentication Effects • Full Disk Encryption v. File and Folder Encryption • OS Handshake/Hand-Off Options • Port and Disk Access Control or Free Range Users • Logging and Reporting as a Requirement 5 © Novell, Inc. All rights reserved.
  6. 6. Demonstration Cryptovision WinMagic Smartcard Pre-Boot PKI Security Authentication Microsoft Novell Active Directory ® SecureLogin Authentication 6 © Novell, Inc. All rights reserved.
  7. 7. Cryptovision Configuration
  8. 8. Overview • PKI Infrastructure Overview • PKI in a Novell Environment with cv act PKIntegrated ® • cv act sc/Interface middle-ware • Smart Card 8 © Novell, Inc. All rights reserved.
  9. 9. Public Key Infrastructure Overview Certification Repository CA Digital Certificate RA Private Key Public Key User Application 9 © Novell, Inc. All rights reserved.
  10. 10. PKI in a Novell Environment: ® cv act PKIntegrated CA Engine Novell Identity Manager iManager LDAP OCSP, SCEP Novell eDirectory™ PKIntegrated PKI Administration Applications Novell Identity Manager Siemens DirX, Lotus Notes, SAP HR, Microsoft ADS LDAP Peoplesoft 10 © Novell, Inc. All rights reserved.
  11. 11. Additional Components cv act PKIntegrated - managing digital certificates in an Novell environment ® • Included seamlessly in Novell infrastructure • Using Novell products – Novell eDirectory (data store) ™ – iManager (administration) – Novell Identity Manager (cryptographic functions) 11 © Novell, Inc. All rights reserved.
  12. 12. Additional Components cv act sc/interface – providing access to smart cards – Smart card middleware – Providing access to the most common smart cards including Java Card: G&D Sm@rtCafé Expert, G&D Micro SD Card microSD, StarCOS, IBM JCOP, CardOS, ACOS, AustriaCard JCOP, Gemalto TOP IM GX4, Infineon JTOP, Aladdin eToken, G&D StarSign, Siemens HiPath, A.E.T. SafeSign, Nexus Personal, D-Trust 12 © Novell, Inc. All rights reserved.
  13. 13. WinMagic Configuration
  14. 14. Overview • SecureDoc Overview and Features • SecureDoc Solution 14 © Novell, Inc. All rights reserved.
  15. 15. SecureDoc Overview and Features Third Party Management Applications API Interface SecureDoc Enterprise Server API New Crypto Device Passwords Full Disk Data Leak Encryption Protection Tokens Removable Email Media Encyption Smartcards File / Folder Call Home Encryption Biometrics Port Control Anti virus PKI Seagate FDE TPM SecureDoc Client Software MXI SanDisk / Kingston Ironkey Windows Mac / EFI Linux Symbian New Crypto Device 15 © Novell, Inc. All rights reserved.
  16. 16. SecureDoc Solution SecureDoc Client Disk Sector Multi-Factor Key Escrow User Authentication Active Security Policy Manager USB/CD/DVD (Pre-Boot) and Removable Media Directory Access Control User / Group Key Management Management System System File LDAP Software User AES Software SD CONNEX Encryption Engine Server Distribution Support Secure Client Server Tools Tools Communications Consolidated Audit Log Seagate Folder DriveTrust Drive PKI SecureDoc Enterprise Server Container 3rd Party Encryption USB Stick 16 © Novell, Inc. All rights reserved.
  17. 17. Novell SecureLogin ®
  18. 18. Overview • Microsoft Active Directory Data Store • SecureLogin Workstation Agent • Novell SecureLogin Hard Disk ® Encryption Implications 18 © Novell, Inc. All rights reserved.
  19. 19. Microsoft Active Directory Data Store • Active Directory is being used in this demonstration • We could have used Novell eDirectory or any other LDAP v3 ® ™ • Schema Extensions made Using ADSchema.exe – Prot:SSO Auth – Prot:SSO Entry (LDAP:protocom-SSO-Entries) – Prot:SSO Entry Checksum (LDAP:protocom-SSO-Entries-Checksum) – Prot:SSO Profile (LDAP:protocom-SSO-Profile) – Prot:SSO Security Prefs (LDAP:protocom-SSO-Security-Prefs) – Prot:SSO Security Prefs Checksum (LDAP:protocom-SSO-Security-Prefs-Checksum) 19 © Novell, Inc. All rights reserved.
  20. 20. SecureLogin Workstation Agent • Installed in Active Directory Mode • Configured to Run at Login 20 © Novell, Inc. All rights reserved.
  21. 21. Novell SecureLogin Hard Disk ® Encryption Implications • Pre-Boot Authentication • Full Disk Encryption v. File and Folder Encryption • OS Handshake/Hand-Off • Advanced Authentication Integration 21 © Novell, Inc. All rights reserved.
  22. 22. Demonstration – How it Works Authentication during boot process – Laptop is switched on – Logon screen of hard disk encryption comes up (PBA) – User places their smart card in reader – User types in their PIN – PBA encryption authenticates user and decrypts hard drive – PBA performs handshake to Windows OS and user is logged in – Novell SecureLogin Agent starts ® – SSO is operational with no additional logins 22 © Novell, Inc. All rights reserved.
  23. 23. For More Information Try SecureLogin for Yourself We'll install SecureLogin on • Visit table A5 in IT Central your machine (for free). • Attend the following complementary sessions: – BOF106: SecureLogin in the Real World Panel Discussion – IAM205: Novell SecureLogin Installation, Deployment and Lifecycle Management – IAM207: SecureLogin and Your Active Directory Setup – IAM302: Using Hard Disk Encryption and SecureLogin – IAM303: Enhancing SecureLogin with Multi-factor Authentication – IAM304: Securing Shared Workstation with SecureLogin • Walk through the SecureLogin demo in the Installation and Migration Depot • Visit 23 © Novell, Inc. All rights reserved.
  24. 24. Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.