Sophos SafeGuard : Configure a Multi-Key Synchronized Encryption Policy

Overview

• In the task you will configure a multi-key synchronized encryption policy and test its operation.

Scenario

• We will configure a multi-key synchronized encryption policy. The policy will use a relative path named VACIF STAFF that is encrypted using a key that is only accessible to VACIF STAFF menber.

What to do

• You must install SafeGuard Server on DC, SafeGuard Client on Client 1-2-3.
• You can see instruction here :
• Install SafeGuard Server.
• Install SafeGuard client with Application Base.

Configuring

On DC – SafeGuard Server

• Firstly, we will create 2 OU with name is VACIF STAFF and VACIF MANAGER.

• Set up user Micheal and Vincent belong to VACIF STAFF OU.

• Set up user Zee belong to VACIF MANAGER OU.

• We will create Share folder and share it with full control for everone.
• Open SafeGuard Management Center and login with your password.
• Then click Users and Computers > choose Root in the tree view > Synchronize tab .
• In Directory choose DC = VACIF,DC=COM and click Magnifying.
• In the table, tick VACIF STAFF and VACIF MANAGER and then click Synchronize.

• Next to click Policies, right-click Policy Items > New > File Encryption.
• Name the policy File Encryption.
• Fill in the information as shown below and click Save.

• To apply policy, click Users and Computer > VACIF.COM > VACIF STAFF > Policies tab.
• Drag and drop File Encryption policy from Available pane to Policies tab pane and then click Save.

On Client 1 (user Micheal)

• Double-click SafeGuard icon to receive created policy earlier.
• Press Alt + R > fill in the column IP address \\192.168.100.1 (Server’s IP address).
• File explorer appears, double-clickShare folder.
• On Share folder, create VACIF STAFF folder and double-click it.
• On VACIF STAFF folder, right-click choose New > Microsoft Document Word.
• Name the file Test.
• Open Test file and fill in ‘This is OU VACIF STAFF’s file’ and then click Save.
• At this time, Test file is encrypted with key OU_VACIF STAFF@DC = VACIF,DC=COM.
• To check key, right-click Test file > SafeGuard File Encryption > Show encryption state.

On client 2 (user Vincent)

• Press Alt+R and fill in \\192.168.1.100.
• File explorer appears, double-click Share folder > Double click VACIF STAFF folder.
• Open Test file.
• Although the file is encrypted, user Vincent can still read write Test file because user Vincent in the VACIF STAFF OU.
• Drag and Drop Test file from VACIF STAFF folder to Desktop.
• Right-click Test file > SafeGuard File Encryption > Show encryption state.
• At this time, Test file is encrypted with key ‘Root_Synchronized_Encryption@SGN’ because The Root Synchronized encryption key applies to <Everywhere> as was seen in SafeGuard Management Center > Policies > File Encryption Pane.

• Drag Test file back from the Desktop into the VACIF STAFF folder in FIle Explorer.
• This will re-encrypt the file with OU_VACIF STAFF key.

On Client 3 (User Zee)

• Press Atl+R and fill in \\192.168.100.
• File explorer appears, double-click Share folder > double-click VACIF STAFF folder.
• Try to open Test file but we don’t see it content because user Zee is in the VACIF MANAGER, is not in the VACIF STAFF.