Sophos SafeGuard Disk Encryption for Mac quick startup guide

Sophos SafeGuard Disk Encryption for Mac quick startup guide
Sophos SafeGuard Disk
Encryption for Mac
quick startup guide
Product version: 6.1
Document date: January 2014
Contents
1 About SafeGuard Disk Encryption for Mac............................................................................................3
2 Working with SafeGuard Disk Encryption for Mac................................................................................4
3 Recovery of Mac OS X logon password...................................................................................................5
4 Sophos SafeGuard Disk Encryption system menu..................................................................................6
5 Preference pane.........................................................................................................................................7
6 Technical support....................................................................................................................................10
7 Legal notices............................................................................................................................................11
2
quick startup guide
1 About SafeGuard Disk Encryption for Mac
Sophos SafeGuard Disk Encryption for Mac extends the data protection offered by Sophos
SafeGuard Enterprise from Windows to the Mac world.
Encrypting the entire hard disk ensures that all information is protected without the potential for
accidental exposure, even when a computer is lost or stolen.
3
Sophos SafeGuard Disk Encryption for Mac
2 Working with SafeGuard Disk Encryption for Mac
The disk encryption works transparently.You will not see any prompts for encryption or decryption
when opening, editing, and saving files.
The security officer specifies which clients will be encrypted using Sophos SafeGuard Management
Center (a core component of SafeGuard Enterprise). It provides information about the encryption
status of each client and helps with recovery if a user has forgotten the logon password.
2.1 Perform initial encryption
If a volume based encryption of the system disk is defined in the policy, then disk encryption will
be activated for the user currently logged on. Before encryption starts, a dialog is shown to ask the
user for the logon password.
1. Enter your Mac OS X password when asked for it.
If the dialog is shaking, the password is incorrect. Try again.
Note: If your password is empty, please change it. It is not possible to enable disk encryption
without a password set.
2. Wait for the Mac to restart.
Note: If activation of the encryption fails, an error message will be displayed. Please contact
your system administrator.
Disk encryption starts. It is done in the background, so you can continue with your work.
2.2 Decryption
Usually it is not necessary to decrypt. If the security officer sets a policy that specifies no encryption
for your Mac client that is already encrypted, it will remain encrypted. However, in this case you
have the choice to decrypt. You will find the corresponding button in the preference pane.
4
quick startup guide
3 Recovery of Mac OS X logon password
If you forget your Mac OS X logon password, proceed as follows:
1. Switch on your Mac.
2. In the logon dialog click on ?. (Alternatively, enter a wrong logon password three times.)
Your password hint is displayed and you are asked if you want to reset your password using
your recovery key.
3. If you still do not remember your password, click on the icon next to the text:
4. Call the help desk and enter the recovery key you are given.
The Mac starts and you are asked to enter a new password and a password hint.
5
Sophos SafeGuard Disk Encryption for Mac
4 Sophos SafeGuard Disk Encryption system menu
The system menu provides the following information:
■
The icon (on the left) shows the encryption status:
Figure 1: System menu
Green icon: The system disk is encrypted.
Red icon: The system disk is not encrypted.
■
The following menu item is available when you click on the icon:
■
Open Sophos Encryption Preferences...
Opens the Sophos Encryption Preference Pane.
Note: In order to enable or disable the system menu see User tab (section 5.3).
6
quick startup guide
5 Preference pane
A preference pane allows you to set preferences for a specific application or the system. After
installing Sophos Encryption on a Mac client, the following preference pane icon appears in the
System Preferences:
Click on the icon to open the Sophos Encryption preference pane. The About content is shown.
The menu bar allows you to open the following menu information windows:
5.1 About tab
The About tab informs you about the product version installed on your Mac and about the
copyright and registered trademark(s). If Sophos SafeGuard File Encryption is installed, it will
also be listed.
Click on the Sophos link in the lower part of the window to open the Sophos website.
Click on the question mark symbol in the lower right corner to open the Sophos SafeGuard Disk
Encryption Quick startup guide in your system's language.
5.2 Server tab
Click on Server to display a window containing the following information and functionality:
Server Info
■
Contact interval: shows the interval at which synchronization with the server is started. The
default value is 90 minutes. (It can be changed using the command line tool: sgdeadmin
--contact-interval)
■
Last Contacted: shows the date when a client last communicated with the server
■
Primary Server URL: URL of the main server connection
■
Secondary Server URL: URL of the secondary server connection
■
Server Verification: shows whether SSL server verification for communication with the Sophos
SafeGuard Enterprise server is enabled or disabled. It should be enabled.
Drag Configuration zip file here
Drag the configuration zip file to this drop zone in order to apply configuration information from
the Management Center to the Mac client.
Synchronize
7
Sophos SafeGuard Disk Encryption for Mac
Click this button to start manually synchronizing database information such as policies.
If the synchronization fails, the following icon will appear:
Open the log file to retrieve information about possible causes.
Company Certificate
■
Valid from: the date the certificate has become valid
■
Valid to: the date the certificate validity expires
■
Issuer: the instance which has issued the certificate
■
Serial: the serial number of the company certificate
5.3 User tab
Click on User to display information about:
■
The Username of the user currently logged in.
■
The Domain, listing the domain directory the client belongs to. For local users the local
computer name is displayed.
Note:
The entry Domain must be identical to the entry in System Preferences - Users & Groups logon Options - Network Account Server
■
The SafeGuard User GUID, displaying the GUID which has been generated for the user
following their first logon.
In the second window section you can check/uncheck the following option:
■
Show System Menu for Disk Encryption: when activated, the Sophos SafeGuard Disk
Encryption icon appears in the menu bar. See also Sophos SafeGuard Disk Encryption system
menu (section 4).
The third window section displays information about the User Certificate (it is not necessary for
disk encryption):
8
■
Valid from: the date the certificate has become valid
■
Valid to: the date the certificate validity expires
■
Issuer: the instance which has issued the certificate
■
Serial: the serial number of the certificate
quick startup guide
5.4 Disk Encryption tab
Click on Disk Encryption to display information about the current policies and the status of the
Mac client.
The first window section tells you whether the system disk should be encrypted according to the
policy set by the security officer.
The second window section displays the status of the Mac client. This can be one of the following:
■
The system disk is encrypted and a centrally stored recovery key is available.
■
The system disk is encrypted but there is no centrally stored recovery key available.
■
The system disk is not encrypted.
At the bottom a button Decrypt System Disk is displayed. It will be enabled if the security officer
has set a policy defining that no encryption is necessary for the client.
Note: If there is no centrally stored recovery key available, the helpdesk cannot assist you with
password recovery. To make the recovery key centrally available, import it using the command
line tool: sgdeadmin --import-recoverykey. Then the security officer can provide you
with the recovery key when you need it. If you do not know the recovery key you should import,
contact your security officer. Decryption and subsequent encryption of the disk will be necessary
in order to create a new recovery key. This is important because if you forget your logon password
and there is no recovery key available, all data stored on the encrypted disk will be lost.
9
Sophos SafeGuard Disk Encryption for Mac
6 Technical support
You can find technical support for Sophos products in any of these ways:
10
■
Visit the SophosTalk community at community.sophos.com/ and search for other users who are
experiencing the same problem.
■
Visit the Sophos support knowledgebase at www.sophos.com/en-us/support.aspx.
■
Download the product documentation at www.sophos.com/en-us/support/documentation/.
■
Send an email to support@sophos.com, including your Sophos software version number(s),
operating system(s) and patch level(s), and the text of any error messages.
quick startup guide
7 Legal notices
Copyright © 2014 Sophos Limited. All rights reserved. No part of this publication may be
reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic,
mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the
documentation can be reproduced in accordance with the license terms or you otherwise have
the prior permission in writing of the copyright owner.
Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos
Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned
are trademarks or registered trademarks of their respective owners.
Disclaimer and Copyright for 3rd Party Software
Portions of this software are copyright © 2010 The FreeType Project (www.freetype.org). All rights
reserved.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit
(www.openssl.org).
11
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising