Chapter pointsec for Pc remixed 1.fm

Chapter 

Pointsec for PC 

2 

Pointsec for PC (Pointsec) is an enterprise-security solution that provides intrusion 

protection for data at rest on mobile devices, by employing the use of strong authentication 

and encryption. “ 

Figure 2-2: Pointsec for PC (Pointsec) — Complete Data Protection 

7

Chapter 2: Pointsec for PC 

In the previous figure, the following terms are used: 

MBR = Master Boot Record; this file describes the layout of the hard drive. 

PBR = Partition Boot Record; each partition on the hard drive starts with a boot 

record. 

Mandatory Access Control = the Pointsec for PC (Pointsec) preboot authentication 

program 

Pointsec for PC (Pointsec) replaces the original boot records upon install to be able 

to show the preboot authentication program only. After replacing these files, Pointsec 

for PC (Pointsec) encrypts the entire disk sector by sector, including system, temporary, 

and deleted files. The encryption is user-transparent and automatic, so there 

is no need for user intervention or user training. 

8 Endpoint Security with Pointsec

Extending Data Security Policies Chapter 2: Pointsec for PC 

Extending Data Security Policies 

Pointsec for PC (Pointsec) extends enterprise-data security policies to the 

desktop and mobile devices by automatically encrypting the entire hard 

drive, using a strong-bit encryption scheme. The installation of the 

program is an enforceable desktop installation, meaning end users do 

not have a choice in the manner about whether or not to install. This is 

accomplished using a centralized deployment method, combined with 

remote administration. Pointsec for PC (Pointsec) eases administrative 

tasks in a deployment by allowing for installation and product updates 

across the network, and minimizing the amount of desktop visits 

required. 

Compatibility 

Pointsec for PC (Pointsec) operates at the boot level, but does not 

modify the master boot record. Since it is below the OS level, Pointsec 

for PC (Pointsec) is compatible with all applications that run on Windows 

2000, Windows XP and Linux. A single MSI installation is available for 

all Windows versions, using a special profile type. 

The encryption of the hard drive is sector-by-sector, allowing for the 

encryption/decryption process (while the operating system is running) 

to be done on the fly. The keys used in the encryption/decryption 

process are dynamically created on boot. 

As of this release, Check Point does not support Windows Server 2003 

on Pointsec for PC (Pointsec), but does have plans to support this OS at 

some point. 

Endpoint Security with Pointsec 9

Chapter 2: Pointsec for PC Authentication Methods 

Authentication Methods 

There is no central authentication database. All authentication occurs 

against the locally stored database. This database allows Pointsec for 

PC (Pointsec) to support the following authentication methods: 

� User ID + password 

� User ID + PIN + l 

� Smart card or USB + PIN 

If a specific smart card or token type is not included in the base 

installation, Pointsec for PC (Pointsec) has a Software Development Kit 

for creating drivers for card/token support. 

Recovery Is Always Possible 

Pointsec for PC (Pointsec) ensures that data on a system is always 

recoverable. Since authentication is local to a specific installation, this 

means that a unique key is created for each device, thereby ensuring that 

there is no master-key vulnerability. These keys are created automatically 

at installation and are updated automatically when changes occur, such 

as a user profile being removed from a local installation. For 

administrative access to a specific machine, Pointsec for PC (Pointsec) 

requires two authorized administrator logins to unlock the 

administrative mode of a specific machine. 

Always keep control of your recovery files, preferably using off-site 

storage. Data cannot be recovered without it! 


Automatic Logging and Centralized Auditing Chapter 2: Pointsec for PC 

Automatic Logging and Centralized Auditing 

All security events in Pointsec for PC (Pointsec) are automatically logged. 

The log files are then automatically transferred to a central location for 

Security Auditing. The encrypted log files can be centrally viewed by 

corporate security officers using Windows Event Viewer, or exported to 

different formats for viewing in third-party tools. 

Remote Help 

Pointsec for PC (Pointsec) includes a Remote Help function that gives 

Administrators the ability to help users with lost password information, 

without the user being online. This is done using a secure Dynamic 

Challenge/Response procedure. 

Remember to validate the end user before performing Remote Help! 

Pointsec for PC (Pointsec) Components 

The basic installation of Pointsec for PC (Pointsec) on an endpoint is 

comprised of the following components: 

� Secure local user database 

� Preboot authentication program 

� Pointsec for PC (Pointsec) Management Console (PCMC) 

� Recovery-file creation from registry entries 

� Encryption/decryption key and program services 

� Monitoring program 

Each of these components are covered in detail in the following 

sections. 


Chapter 2: Pointsec for PC Pointsec for PC (Pointsec) Database 

Pointsec for PC (Pointsec) Database 

The local Pointsec for PC (Pointsec) database is a closed database 

allocated from 2 MB of contiguous space, and is encrypted using a 512bit 

key. The database is created from the Pointsec for PC (Pointsec) 

installation profile and stores all of the users and groups that have access 

to this local computer. Users authenticate to this local database at boot 

authentication. The database can be viewed using the Pointsec for PC 

(Pointsec) Management Console. 

Figure 2-3: Pointsec for PC (Pointsec) Preboot Environment Login 


Pointsec for PC (Pointsec) Boot Authentication Chapter 2: Pointsec for PC 

Pointsec for PC (Pointsec) Boot Authentication 

The preboot authentication program, also known as the Pointsec for 

PC (Pointsec) Multi Factor Authentication Program (MFAE) replaces the 

standard hard-drive boot records. This allows for the Pointsec for PC 

(Pointsec) authentication to appear at boot. The MFAE loads after BIOS 

and the low-level boot record via a modified-partition boot record, so 

the Pointsec for PC (Pointsec) authentication is performed before the 

operating system starts. 

The Pointsec for PC (Pointsec) preboot environment is comprised of the 

following components: 

� 32-bit secure operating system 

� VESA graphics, .jpg background 

� Keyboard drivers 

� Mouse drivers 

� MFAE 

� Pointsec for PC (Pointsec) smart card drivers 

� Pointsec for PC (Pointsec) Reader Drivers 


Chapter 2: Pointsec for PC Pointsec for PC (Pointsec) Management Console 

Figure 2-4: Pointsec for PC (Pointsec) Management Console 

Pointsec for PC (Pointsec) Management Console 

The Pointsec for PC (Pointsec) Management Console is available in an 

administrative or Master installation, or when an Administrator logs into 

a user’s machine. The PCMC is divided into three primary sections: 

Local, Remote and Remote Help. Each section is described in the 

following list: 

� Local 

This section is used to change local settings, manage local logs, 

check local status, etc. 


Pointsec for PC (Pointsec) Management Console Chapter 2: Pointsec for PC 

� Remote 

Here, the Pointsec for PC (Pointsec) Administrator can create and 

deploy configuration files (profiles) that will affect remote computers. 

� Remote Help 

This section is used to perform Remote Help and one-time login 

tasks. 

The PCMC works with the Pointsec for PC (Pointsec) program via the 

PCMCUtil.dll driver and the Prot_ins.sys database 

Figure 2-5: PCMC — Driver — Database Interaction 

� PCMC (system settings) 

Creates, updates and manages profiles, locally and remotely; client 

needs .Net Framework installed. 

� PCMUtil.dll (driver) 

The driver encrypts/decrypts profiles, works with the database in 

authentication, and imports local profiles into the database. 

� Prot_ins.sys database (SA) 

The database has been extended from its size in earlier versions of 

1.7 MB to 2.0 MB. In addition to storing the profile information 

used in authentication, the database also stores the token drivers. 


Chapter 2: Pointsec for PC Pointsec for PC (Pointsec) Encryption-Key Generation 

Pointsec for PC (Pointsec) Encryption-Key 

Generation 

Pointsec for PC (Pointsec) encryption keys are created after the first 

reboot after installation of the product. Individual keys are created for 

each partition, to provide the highest level of security. Keys are kept in 

the recovery file (*.rec), which is 512-bit encrypted and stored on the 

defined recovery share. Encryption keys are never stored in cleartext, 

and are only recoverable with two privileged authentications. 

Figure 2-6: Registry Key-Naming Information 


Recovery File-Naming Conventions Chapter 2: Pointsec for PC 

Recovery File-Naming Conventions 

The recovery file format is ComputerName_R.rec, where 

ComputerName is the value of the computer name as listed in the 

registry key: 

HKLM\SYSTEM\ CurrentControlSet\ Control\ 

ComputerName\ ComputerName 

You can also run the hostname command from the command line to get 

the recovery filename, i.e., the hostname used as the naming convention 

of recovery files. 

Services and Processes 

Figure 2-7: Pointsec for PC (Pointsec) Processes in Task Manager 


Chapter 2: Pointsec for PC Pointsec for PC (Pointsec) Monitoring — P95Tray.exe 

Pointsec for PC (Pointsec) runs three services on the local machine: 

� PROT_SRV.EXE — Provides encryption and decryption during 

installation and uninstallation 

� PstartSr.EXE — Allows Pointsec for PC (Pointsec) to push 

recovery files and poll for update profiles 

� P95tray.EXE — The taskbar application 

Pointsec for PC (Pointsec) Monitoring — P95Tray.exe 

Figure 2-8: P95Tray.exe Interface 

Figure 2-9: P95Tray.exe Icon 

P95Tray.exe is the Monitoring program that is accessible for end 

users. Any user on the machine can use this to: 

� Check encryption status (when Pointsec for PC (Pointsec) is first 

installing and encrypting). 


Chapter 2: Pointsec for PC Initial Encryption of the Hard Drive 

� Activate the screen saver to lock the workstation. 

� Select the language in the PBE or Windows (more than 25 languages 

supported). 

Additionally, Administrators can access this to change credentials on the 

local system. 

Initial Encryption of the Hard Drive 

Encryption takes place only after Pointsec for PC (Pointsec) off-loads the 

Recovery file from the local machine. Regardless of amount of 

information on the hard drive, the encryption rate is approximately 10 

GB per hour. This functions as a throttled background service, allowing 

the workstation user to continue to work while the drive is encrypting. 

Mousing over the system-tray icon shows encryption status. 

Figure 2-10: Encryption Status 


Chapter 2: Pointsec for PC Initial Encryption of the Hard Drive

Chapter pointsec for Pc remixed 1.fm

Create successful ePaper yourself

Delete template?

Save as template?