Dell Data Protection | Encryption Guide de l'utilisateur télécharger pdf (Page 186)

186 Enterprise Edition Administrator Guide

System Data Encryption (SDE) – SDE policies encrypt the System Drive, the Fixed Drives, or both - depending on the

policy template chosen. SDE policies do not encrypt the files needed by the operating system to start the boot process. SDE

policies do not require preboot authentication or interfere with the Master Boot Record in any way. When the computer

starts, the encrypted files are available before user login (to enable patch management, SMS, backup and recovery tools).

SDE is designed to encrypt the operating system and program files. In order to accomplish this purpose, SDE must be able

to open its key while the operating system is booting, without intervention of a password by the user. Its intent is to prevent

alteration or offline attacks on the operating system by an attacker. SDE is not intended for user data. Common and User

key encryption are intended for sensitive user data because they require a user password in order to unlock encryption keys.

Trusted Platform Module (TPM) – TPM is a security chip with three major functions: secure storage, measurement, and

attestation. DDP|E uses TPM for its secure storage function. The TPM can also provide encrypted containers for the

DDP|E software vault and to protect the DDP|E HCA encryption key. Dell recommends provisioning the TPM. The TPM

is required for use with DDP|E HCA.

User Encryption – The User key makes files accessible only to the user who created them, only on the device where they

were created.

1 2 ... 181 182 183 184 185 186 187 188

Pas de commentaire

Dell Data Protection | Encryption Guide de l'utilisateur Page 186