Configuring Full Disk Encryption
Full Disk Encryption
A component on Endpoint Security Windows clients. This component combines Pre-boot protection, boot authentication, and strong encryption to make sure that only authorized users are given access to information stored on desktops and laptops. Acronym: FDE. gives you the highest level of data security for Endpoint Security client computers.
It combines boot protection and strong disk encryption to ensure that only authorized users can access data stored in desktop and laptop PCs.
Check Point's Full Disk Encryption has two main components:
- Check Point Disk Encryption for Windows - Ensures that all volumes of the hard drive and hidden volumes are automatically fully encrypted. This includes system files, temporary files, and even deleted files. There is no user downtime because encryption occurs in the background without noticeable performance loss. The encrypted disk is inaccessible to all unauthorized people.
- Authentication before the Operating System Loads (Pre-boot) - Requires users to authenticate to their computers before the computer boots. This prevents unauthorized access to the operating system using authentication bypass tools at the operating system level or alternative boot media to bypass boot protection.
Full Disk Encryption also supports BitLocker Encryption for Windows Clients and FileVault Encryption for macOS
The Full Disk Encryption policy contains a pre-defined Default Policy rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session., which applies to the entire organization.
Each new rule you create, has pre-defined settings, which you can then edit in the right section of the screen.
The Policy Rule Base consists of these parts:
| Column | Description |
|---|---|
|
Rule Number |
The sequence of the rules is important because the first rule that matches traffic according to the protected scope is applied. |
|
Rule Name |
Give the rule a descriptive name. |
|
Applied to |
The protected scope to which the rule applies. |
|
Full Disk Encryption |
The configurations that apply to data encryption. |
The Policy toolbar includes these options:
|
To do this |
Click this |
|---|---|
|
Create a new rule |
|
|
Save, view, or discard changes |
|
|
Duplicate a rule |
|
|
Install Policy |
|
|
Search for entity |
|
|
Delete a rule |
|
For Crypto-Shredding a computer, see sk179911.