CSC User Guide PDF

Managed Encryption Service (MES)
FILE & MEDIA ENCRYPTION USER GUIDE

VERSION 0.4
VERSION 0.4 | 10 March 2013

PREPARED BY: North American Security Services
USER GUIDE - FILE & MEDIA ENCRYPTION
Amendment History
Issue
Date
Amended By
Amendment Details
0.1
14-Jan-2011
James R Sims
1 Draft
0.2
14-Jan-2011
Rafael Boquetti
Updated
0.3
27-Jan-2011
James R Sims
Added Upgrade from PME to ME
0.4
10-Mar-2013
Gabriel Underwood
Added PME 3.0 support
st
Distribution
Name or Role
Department or location
Number of
Copies
NASS
Pulse and Mindtouch
CSC Approvals
Authorized By:
Role
Gabriel Underwood
NASS Security Engineer
18-July-2012
Gabriel Underwood
NASS Security Engineer
20-March-2013
Computer Sciences Ltd. 2011

All rights reserved
Date
NASS-MES
Page 2 of 38
Printed copies of this document are for reference only.
CSC PROPRIETARY
CSC Checkpoint File_Media

Encryption User Guide v0.4.docx
Abstract
This document provides a User Guide for the Checkpoint File Encryption and Media Encryption
applications as part of CSCs MPS 609 encryption policy.

All rights reserved
NASS-MES
Page 3 of 38
CSC PROPRIETARY

Table of Contents
TABLE OF CONTENTS ............................................................................................................. 4
1
INTRODUCTION ............................................................................................................... 5
MEDIA ENCRYPTION USER INSTRUCTIONS ............................................................... 5
FILE ENCRYPTION USER INSTRUCTIONS ................................................................. 33

All rights reserved
NASS-MES
Page 4 of 38
CSC PROPRIETARY

1 Introduction
Checkpoint Endpoint Media encryption (ME) will allow end users to encrypt and
decrypt removable media in an effort to protect company information if the media
is lost or stolen. Removable media is classified as USB Memory sticks, removable
hard drives, etc. Basically, if your computer can recognize a device you plug into a
USB port as a Mass Storage Device, it has the potential to be encrypted. ME
encrypts the entire removable device. Checkpoint File encryption (FE) is an
additional feature that allows you to protect your information by encrypting it one
file at a time (or a group of file, but not the entire disk drive). Once encrypted, the
information can only be accessed by people who know the correct password.
2 Media Encryption User Instructions

Follow the guidelines below to use Media Encryption (ME). See Section 3 for
details about File Encryption (FE).
Installing the FE_ME Upgrade
A majority of CSC PCs have PME (Pointsec Media Encryption) installed. The new
Checkpoint Media Encryption (ME) has similar features but functions differently. The
first step is to run the upgrade program for Checkpoint Media Encryption (ME).
Installation screen shots.

All rights reserved
NASS-MES
Page 5 of 38
CSC PROPRIETARY

The first screen is showing the former PME encrypted drive for reference.

All rights reserved
NASS-MES
Page 6 of 38
CSC PROPRIETARY


IMPORTANT: After the FE upgrade the users are required to perform a one time
authentication to any device that was previously encrypted with PME 3.0 (UK ONLY) when
the device is connected for the first time.
NOTE: Passwords can be reset by calling the helpdesk if the user does not recall
the password.
Go to Web Remote Help and perform a Challenge Response with the Helpdesk.
The Account name MUST be the the owner of the device NOT the logged in user.
Contact the Helpdesk for any Encrypted packages or ISO the user does recall the
password. Go to Web Remote Help and perform a Challenge Response with the
Helpdesk.

All rights reserved
NASS-MES
Page 7 of 38
CSC PROPRIETARY


The former PME Encrypted Files show the new yellow padlock after the upgrade.
Next - if you copy a file or edit it, it removed the PME encryption and places it as non
encrypted on the removal media.
Therefore, the suggested best practice is to copy all the files from the former PME
encrypted device to the local drive and then fully encrypt the removable media.

All rights reserved
NASS-MES
Page 8 of 38
CSC PROPRIETARY

Then, format the removable drive to prepare for new ME encryption
Limitations of Media Encryption on NTFS Drives

ME will allow encryption of NTFS formatted removable media with file sizes
up to 4.0 GB maximum. Files larger than 4.0 GB must be moved to the
local system prior to encryption of the removal media. Search for all
files 4.0 GB and larger and move them to your local C: dive, etc. prior to
running the Welcome to EPM Media Import Wizard. After you have
verified that all files are smaller than 4.0 GB continue to Encrypting
Removable Media for the First Time.
The total size of used space in the external media cannot exceed the total
amount of free space on your computers system drive (usually the C:
drive). The reason is that ME will attempt to temporarily back-up your data
to the system drive, so the external media can be prepared for encryption.
Once the drive is ready, the data will be automatically copied back from the
system drive to the external media.

All rights reserved
NASS-MES
Page 9 of 38
CSC PROPRIETARY


Encrypting Removable Media for the First Time
When connecting unencrypted removable media for the first time you will be
prompted with the Welcome to EPM Media Import Wizard screen:
Please DO NOT click Do not display again until the media is changed on the
Welcome to EPM Media Import Wizard screen.
Choosing Cancel at this screen will make the welcome screen disappear and
you can then navigate to the drive. This will trigger the welcome screen again
however; clicking Cancel will allow you to use the drive without encrypting.
If the device you chose not to encrypt is removed then replaced, the welcome
screen will appear along with the drive content. You can simply click cancel and
use the device without encrypting.

All rights reserved
NASS-MES
Page 10 of 38
CSC PROPRIETARY


If you chose to encrypt the device click Next, and you will be prompted by the
Media Properties screen:
Secure format can be used as stated above as a precaution but is not needed for
all devices. If you chose to use secure format you may want to consult your local
security policy pertaining to erasing media, or the destruction of classified
materials. Click Next.

All rights reserved
NASS-MES
Page 11 of 38
CSC PROPRIETARY


Media owner information will now be entered. Notice the only choice allowed the
first time is Media owner will be assigned on first use. Click Next.

All rights reserved
NASS-MES
Page 12 of 38
CSC PROPRIETARY


Password Protection provides you with two options; a full access password, and a
read only password. Full access gives you the ability to change, delete and add
files. Make this password something only you know. The read only password
allows you to share information with co-workers without the fear of it being
modified in anyway. This password should follow the password policy, but
otherwise be a password you would not normally use yourself.
The read only password is not required to encrypt the first time. If you chose to not
set a read only password you have two options to set it later; access the media
encryption menu or authenticate to the device on a computer that does not have
ME installed.

All rights reserved
NASS-MES
Page 13 of 38
CSC PROPRIETARY


Now that you have established media properties, media owner, and created a
password click Next to complete the first time encryption, then "Finish" on the
"Completing EPM Media Import Wizard".

All rights reserved
NASS-MES
Page 14 of 38
CSC PROPRIETARY

Now the former PME USB drive is really ready for you to copy the files back from the local
hard drive and will utilize the new ME (EPM) application. We are secure once again on the
new version.
Proceed to copy files back to removable drive
You are now ready to use your encrypted device.

All rights reserved
NASS-MES
Page 15 of 38
CSC PROPRIETARY

What to expect when using an encrypted media

The next time you insert your encrypted media into a computer you will be
prompted to enter a password.

All rights reserved
NASS-MES
Page 16 of 38
CSC PROPRIETARY


Once the password is entered the encrypted device will open a window displaying
the contents.
If you select Cancel instead of entering a password access will be denied. This is
important because you will also not be able to see the drive in My Computer or
Windows Explorer. This will also prevent you from formatting the drive to erase
encryption.

All rights reserved
NASS-MES
Page 17 of 38
CSC PROPRIETARY


Accessing the Media Encryption Menu
In the windows taskbar you will see a yellow padlock icon. By hovering your cursor
you will see a message stating the status of full disk and media encryption. (If full
disk protection is not installed you will not see a status)
Endpoint Security Status:
Media Encryption enabled
Right click the yellow padlock and select Settings
On the left of the window you have two options if Full disk encryption version
7.x is not installed, you will have only one option.
Select the media encryption button on the left side of the window.
You are now able to modify the encrypted media. In the box labelled Open
EPM Client Click Open.

All rights reserved
NASS-MES
Page 18 of 38
CSC PROPRIETARY

After you open EPM Client the following screen is available.
On this screen you can navigate to the encrypted drive. The most important
options are the ones listed in tools.
Tools Options
Export media from EPM Control - YES, this means decrypt.

All rights reserved
NASS-MES
Page 19 of 38
CSC PROPRIETARY

The welcome wizard will now be displayed, click Next
Decryption will be completed and this screen will be displayed, click finish
You will now see that the N:\ drive is no longer encrypted.

All rights reserved
NASS-MES
Page 20 of 38
CSC PROPRIETARY

Set EPM media full access password - Authenticate to the drive and you will
be prompted to enter and confirm a new password.

All rights reserved
NASS-MES
Page 21 of 38
CSC PROPRIETARY

Set EPM media read only password - Authenticate to the drive and you will be
prompted to enter and confirm a new password. This is exactly the same
window used to reset the full access in every way, but it does set the read only
password.

All rights reserved
NASS-MES
Page 22 of 38
CSC PROPRIETARY

Stand Alone Access via Unlock.exe

When using an encrypted device on a computer without ME installed you will be
required to authenticate using "Unlock.exe"
Double click "Unlock.exe" and enter your password.
Once the password is entered the encrypted device will open a window displaying
the contents.

All rights reserved
NASS-MES
Page 23 of 38
CSC PROPRIETARY

NOTE - In the image above you can see "Change Full Access Password" and
"Change Read Only Password" boxes. This can be done here or by accessing the
tools portion of the Media Encryption Menu. If you copy files from the encrypted
media and leave them on the local hard drive you will be prompted to remove
them from the local drive.

All rights reserved
NASS-MES
Page 24 of 38
CSC PROPRIETARY


How to Encrypt a CD
To encrypt a CD ME must use the native Windows CD burning tool. This process
will be similar to encrypting a media device. After inserting a blank CD this screen
will appear. Click, "Next".

All rights reserved
NASS-MES
Page 25 of 38
CSC PROPRIETARY


Media properties will be displayed, Click "Next".

All rights reserved
NASS-MES
Page 26 of 38
CSC PROPRIETARY


Assign this media to a user radio button will be the only choice, Click "Next".

All rights reserved
NASS-MES
Page 27 of 38
CSC PROPRIETARY


Assign a password to this media only.
Select files and folders to add to the CD ROM by clicking the second (Files) and
third (Folders) button on the Select files window. Click "Next" when finished.

All rights reserved
NASS-MES
Page 28 of 38
CSC PROPRIETARY


You will be prompted to authenticate to the CD ROM before it finishes the burning
process.
CD ROM encryption is now complete. When the CD is accessed it will prompt you
for the password you created and then function as normal.

All rights reserved
NASS-MES
Page 29 of 38
CSC PROPRIETARY


Stand Alone Access via Unlock.exe on a CD
When using an encrypted CD on a computer without ME installed you will be
required to authenticate using "Unlock.exe"
Double click "Unlock.exe" and enter your password.

All rights reserved
NASS-MES
Page 30 of 38
CSC PROPRIETARY


How to burn CD/DVD without encrypting.
Insert the CD or DVD. The "Welcome to EPM Media Import Wizard" will open
Click on "Cancel". The EPM media import window will close.

Proceed to add files to the CD as you normally would, by browsing to the CD/DVD
and performing a drag and drop to the CD icon.
PS: All files should be dragged at the same time, as burning will take place
immediately.

All rights reserved
NASS-MES
Page 31 of 38
CSC PROPRIETARY


The following menu will show up when you attempt to burn:
Select the option "Like a USB flash drive" and click "Next"

All rights reserved
NASS-MES
Page 32 of 38
CSC PROPRIETARY

3 File Encryption User Instructions

Checkpoint File Encryption (FE) is an application that is already available on your
PC. It is a security product which protects information stored on your workstation.
FE protects your information by encrypting it. Once encrypted, the information can
only be accessed by people who know the correct password.
File Encryption also enables you to create encrypted information packages for
easy and secure storage and transfer, for example via e-mail.
File Encryption is tightly integrated with Windows, so using File Encryption is
simple. You access File Encryption by right-clicking on a file folder or volume and
selecting the Encryption option.
Table 1-1 Maximum Encrypted Package Size
File System
Maximum Encrypted
Package Size
FAT
2GB
FAT32
2GB
NTFS
2GB
The maximum file size to include in encrypted packages is 2GB, independent of

the file system used. If the files you wish to encrypt comprise more than the
maximum file size for the file system you are using, compress the files to less than
the maximum file size.

All rights reserved
NASS-MES
Page 33 of 38
CSC PROPRIETARY


To create an encrypted package:
In Windows Explorer, right-click on the files or folders to be included in the
encrypted package and select Encryption. File Encryption options are
displayed:
Choose "Encrypt with Check Point File Encryption" >

"Create Encrypted Package..."
Leave the default Creator name as your user ID (only the password is needed to
decrypt the file). Enter a password and confirm it. Note - This password is used
only to protect this encrypted package, and does not need to be the same as your
Windows password.
Password guidelines:
always set a password that is at least 8 characters long

All rights reserved
NASS-MES
Page 34 of 38
CSC PROPRIETARY

include both numbers, letters and punctuation characters

use both upper and lower case letters
use both upper and lower case letters in passwords
do not use more than two consecutive identical characters.
Enter a file name for your Encrypted Package. Click Save.
Click OK.
Important: If you intend to send the package via e-mail, the recipient has to know
the password to open the package. You can both agree on a password before the
e-mail is sent, for example on the phone, or you can use a password you already
share. Never send the package's password by e-mail.
All rights reserved
NASS-MES
Page 35 of 38
CSC PROPRIETARY

To open an encrypted package:

Double click on the encrypted package and enter the one-time password.
Click OK and browse to the path to save the file(s).
Click OK to save the file(s).
To securely delete any files in your system:

In Windows Explorer, right-click on the files (or folder) to be deleted and select
All rights reserved
NASS-MES
Page 36 of 38
CSC PROPRIETARY


"Encrypt with Check Point File Encryption" >
. The File Encryption options are displayed:
Choose: Secure delete.
Click Yes to delete the encrypted file or package. Warning! This cannot be
reversed, as this data does not go to the Recycle bin.
The status bar will show 100% complete and the file will be removed.
Technical Support
If assistance with FE or ME is required please call your local help desk and follow
the approved process.

All rights reserved
NASS-MES
Page 37 of 38
CSC PROPRIETARY

End of Document

All rights reserved
NASS-MES
Page 38 of 38
CSC PROPRIETARY


CSC User Guide PDF

Uploaded by

Copyright:

Available Formats

You might also like

CSC User Guide PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CSC User Guide PDF

Uploaded by

Copyright:

Available Formats

Managed Encryption Service (MES)

FILE & MEDIA ENCRYPTION USER GUIDE

VERSION 0.4 | 10 March 2013

USER GUIDE - FILE & MEDIA ENCRYPTION

Added Upgrade from PME to ME

Added PME 3.0 support

Pulse and Mindtouch

NASS Security Engineer

NASS Security Engineer

Computer Sciences Ltd. 2011

CSC Checkpoint File_Media

USER GUIDE - FILE & MEDIA ENCRYPTION

Computer Sciences Ltd. 2011

CSC Checkpoint File_Media

USER GUIDE - FILE & MEDIA ENCRYPTION

MEDIA ENCRYPTION USER INSTRUCTIONS ............................................................... 5

FILE ENCRYPTION USER INSTRUCTIONS ................................................................. 33

Computer Sciences Ltd. 2011

CSC Checkpoint File_Media

USER GUIDE - FILE & MEDIA ENCRYPTION

2 Media Encryption User Instructions

Computer Sciences Ltd. 2011

CSC Checkpoint File_Media

USER GUIDE - FILE & MEDIA ENCRYPTION

Computer Sciences Ltd. 2011

CSC Checkpoint File_Media

USER GUIDE - FILE & MEDIA ENCRYPTION

Computer Sciences Ltd. 2011

CSC Checkpoint File_Media

USER GUIDE - FILE & MEDIA ENCRYPTION

Computer Sciences Ltd. 2011

CSC Checkpoint File_Media

USER GUIDE - FILE & MEDIA ENCRYPTION

Then, format the removable drive to prepare for new ME encryption

Limitations of Media Encryption on NTFS Drives

Computer Sciences Ltd. 2011

CSC Checkpoint File_Media

USER GUIDE - FILE & MEDIA ENCRYPTION

Computer Sciences Ltd. 2011

CSC Checkpoint File_Media

USER GUIDE - FILE & MEDIA ENCRYPTION

Computer Sciences Ltd. 2011

CSC Checkpoint File_Media

USER GUIDE - FILE & MEDIA ENCRYPTION

Computer Sciences Ltd. 2011

CSC Checkpoint File_Media

USER GUIDE - FILE & MEDIA ENCRYPTION

Computer Sciences Ltd. 2011

CSC Checkpoint File_Media

USER GUIDE - FILE & MEDIA ENCRYPTION

Computer Sciences Ltd. 2011

CSC Checkpoint File_Media

USER GUIDE - FILE & MEDIA ENCRYPTION

You are now ready to use your encrypted device.

Computer Sciences Ltd. 2011

CSC Checkpoint File_Media

USER GUIDE - FILE & MEDIA ENCRYPTION

What to expect when using an encrypted media