Sophos SafeGuard : Configure a Multi-Key Synchronized Encryption Policy

Overview

  • In the task you will configure a multi-key synchronized encryption policy and test its operation.

Scenario

  • We will configure a multi-key synchronized encryption policy. The policy will use a relative path named VACIF STAFF that is encrypted using a key that is only accessible to VACIF STAFF menber.

What to do

Configuring

On DC – SafeGuard Server

  • Firstly, we will create 2 OU with name is VACIF STAFF and VACIF MANAGER.
  • Set up user Micheal and Vincent belong to VACIF STAFF OU.
  • Set up user Zee belong to VACIF MANAGER OU.
  • We will create Share folder and share it with full control for everone.
  • Open SafeGuard Management Center and login with your password.
  • Then click Users and Computers > choose Root in the tree view > Synchronize tab .
  • In Directory choose DC = VACIF,DC=COM and click Magnifying.
  • In the table, tick VACIF STAFF and VACIF MANAGER and then click Synchronize.
  • Next to click Policies, right-click Policy Items > New > File Encryption.
  • Name the policy File Encryption.
  • Fill in the information as shown below and click Save.
  • To apply policy, click Users and Computer > VACIF.COM > VACIF STAFF > Policies tab.
  • Drag and drop File Encryption policy from Available pane to Policies tab pane and then click Save.

On Client 1 (user Micheal)

  • Double-click SafeGuard icon to receive created policy earlier.
  • Press Alt + R > fill in the column IP address \\192.168.100.1 (Server’s IP address).
  • File explorer appears, double-clickShare folder.
  • On Share folder, create VACIF STAFF folder and double-click it.
  • On VACIF STAFF folder, right-click choose New > Microsoft Document Word.
  • Name the file Test.
  • Open Test file and fill in ‘This is OU VACIF STAFF’s file’ and then click Save.
  • At this time, Test file is encrypted with key OU_VACIF STAFF@DC = VACIF,DC=COM.
  • To check key, right-click Test file > SafeGuard File Encryption > Show encryption state.

On client 2 (user Vincent)

  • Press Alt+R and fill in \\192.168.1.100.
  • File explorer appears, double-click Share folder > Double click VACIF STAFF folder.
  • Open Test file.
  • Although the file is encrypted, user Vincent can still read write Test file because user Vincent in the VACIF STAFF OU.
  • Drag and Drop Test file from VACIF STAFF folder to Desktop.
  • Right-click Test file > SafeGuard File Encryption > Show encryption state.
  • At this time, Test file is encrypted with key ‘Root_Synchronized_Encryption@SGN’ because The Root Synchronized encryption key applies to <Everywhere> as was seen in SafeGuard Management Center > Policies > File Encryption Pane.
  • Drag Test file back from the Desktop into the VACIF STAFF folder in FIle Explorer.
  • This will re-encrypt the file with OU_VACIF STAFF key.

On Client 3 (User Zee)

  • Press Atl+R and fill in \\192.168.100.
  • File explorer appears, double-click Share folder > double-click VACIF STAFF folder.
  • Try to open Test file but we don’t see it content because user Zee is in the VACIF MANAGER, is not in the VACIF STAFF.

Be the first to comment

Leave a Reply

Your email address will not be published.


*