Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configuring Endpoint Deployment > Adding an endpoint profile > Encryption tab
Encryption tab
Administrator Help | TRITON AP-DATA | Version 8.3.x
Related topics:
*
Backing up encryption keys
*
Restoring encryption keys
*
Configuring encryption for removable media
The Encryption feature allows legitimate users to transfer confidential information to removable media (such as an external hard drive) by encrypting the data before transfer.
When the user tries to copy a file to removable media, the endpoint client intercepts the transaction and sends the file through the adapter for analysis. If the action is set to Encrypt with profile key, the endpoint client encrypts the file using a key deployed by the endpoint profile. The encrypted file can then be opened on any endpoint, assuming that endpoint has the key.
 
* 
Note 
You can also set the action to Encrypt with user password if you want users to be able to decrypt files from other machines (those without the endpoint agent installed). See Configuring encryption for removable media for additional information.
The strength of the encryption lies with the encryption algorithm and key length used by the algorithm. The TRITON Manager uses a 256-bit key length open source AES encryption algorithm and a symmetric-key encryption to offer the safest and easiest method to encrypt your sensitive information. The key is double encrypted and cannot be used on a USB stick or any external device to decrypt data on unauthorized PCs.
You must define an encryption key for each endpoint profile. The TRITON Manager includes one default encryption key. Note that each endpoint might have different encryption keys, based on the profile it belongs to.
 
* 
Note 
The default profile contains a default key based on the password of the administrator user that installed the TRITON Manager.
To create an encryption key:
1.
Select the Encryption tab.
2.
Click New.
3.
Enter a password and confirm it.
 
* 
Note 
The password should be at least 8 characters in length (maximum is 15 characters), and it should contain:
*
At least one digit
*
At least one symbol
*
At least one capital letter
*
At least one lowercase letter
The following example shows a strong password:
*
8%w@s1*F
4.
Enter a description, for example 'Encryption key for March.'
5.
Click OK.
A code is generated based on the password that you entered, and the key appears on the Encryption tab with Pending status. It remains as pending until you click Deploy to deploy the settings to the endpoint servers. While a pending key is awaiting deployment, you cannot generate any more keys.
There can be only one active encryption key for each endpoint profile and 9 enabled keys in the archive. (There is no limit to the number of disabled archived keys.)
After deployment the pending key becomes the active key, and the former active key changes status to decryption-only and appears in the Archived Keys list to be used for files previously encrypted by that key.
From this screen you can also do the following:
*
To disable a decryption-only key, select the key and click Disable. You can disable only decryption-only keys. Please note that the change takes place only after:
a.
You deploy the settings
b.
The endpoint receives the change (how often is configurable)
c.
The endpoint is restarted OR the relevant removable media is disconnected from the endpoint
*
To enable a disabled key, select the key and click Enable. The key reverts to decryption-only status.
*
To delete a pending key, click Delete. You can delete only pending keys.
Forcepoint recommends that you back up your encryption keys every time you modify them. For this reason, whenever you make changes to the Encryption tab, the following alert displays:
You have modified your encryption keys. Click Backup to back up the keys to an external file (strongly recommended).
To back up your keys:
1.
Click Backup.
2.
Browse to the location where you want to save the backup file.
3.
Click Save to close the Save As window.
4.
Click Close to close the alert.
 
* 
Note 
You can also backup your encryption keys by selecting Encryption Keys > Backup from the Endpoint Profile toolbar.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configuring Endpoint Deployment > Adding an endpoint profile > Encryption tab
Copyright 2016 Forcepoint LLC. All rights reserved.