Cisco Agent Desktop / Supervisor Desktop Issue with Full Disk Encryption

Similar Messages

• [SOLVED] full disk encryption

  Hi,
  i have bought myself a new laptop and i want to install arch with full disk encryption on it. I tried to do the installation in virtual machine to see how it works. I have followed the wiki (installation guide and LUKS).
  my setup:
  /dev/sda1 unencrypted /boot    /dev/sda2 encrypted /     /dev/sda5 encrypted /home      /dev/sda6  encrypted swap
  mkinitcpio.conf: HOOKS="base udev autodetect pata scsi  sata encrypt filesystems usbinput fsck"
  syslinux.cfg: APPEND cryptdevice=/dev/sda2:cryptroot root=/dev/mapper/cryptroot ro
  fstab: /dev/mapper/cryptroot    /     ext4    rw,relatime,data=ordered      0  2
  after reboot i got these messages: scrot
  Any idea what have I forgot or did wrong?
  Thanks
  Last edited by tlamer (2012-11-13 13:06:28)

  Lero wrote:
  I'm no expert on those things, although i have to ask if you did use LVM along with LUKS ?
  According to wiki https://wiki.archlinux.org/index.php/Dm … _LVM_setup for volume to mount early in boot process you have to add "lvm2" hook in mkinitcpio.conf.
  you need to add lvm2 only if you use LVM on LUKS on vice versa. I did not used LVM, so it wasnt necessary for me...
  Anyway... this thread wont be much useful... can i delete it?
  Last edited by tlamer (2012-11-13 13:08:57)

• X220 SSD Drive w/Full Disk Encryption (FDE), Intel 320 or others

  Does anyone have experience or recommendations regarding installing an SSD with Full Disk Encryption for the X220?
  Solved!
  Go to Solution.

  I have a 300GB Intel 320 which I installed it myself (cloned the factory install using Acronis). No mSATA drive.
  Hope this helps!
  I don't work for Lenovo. I'm a crazy volunteer!

• Full Disk Encryption HP TM2T

  Can anyone recommend a full disk encryption software package that won't hang my machine? I tried using Truecrypt v6.3a to encrypt my Windows 7 x64 HP TM2T laptop and I nearly lost everything. After encryption it just hung at the boot screen where it shows the HP logo. Someone said it was a conflict with the Intel Dual processor.
  Anyway, has anyone had any luck with full disk encryption?
  Thanks!

  Hi,
  I ahve the exactly same problem, how did you solve this...cant do anything as my computer is totally locked

• Full disk encryption on iPhone? Deciding between Android/iPhone.

  Will be buying my first smartphone. I want a phone with full disk encryption. Android has this option, does iPhone? I want the phone to not boot without having to enter a passcode.
  I like the iPhone interface better than Android, but I want disk encryption. Does iPhone have this?

  sort of
  1) in order to use the fingerprint sensor you have to set a passcode (either 4 digits or a phrase)
  2) the first time after rebooting or powering on the iPhone you have to use the passcode to unlock it (not sure why it was designed that way - it seems a fingerprint is more secure than a passcode)
  3) after that you can use the fingerprint to unlock the phone if you locked it or the auto lock feature kicked it - you can also use the fingerprint sensor to buy things from the it
  right now thats all you can do with the fingerprint sensor - in ios8 (coming out this fall) Apple has made a api for 3rd parties to access the sensor so you will probably see 3rd party apps start to use it
  the algorithm thats calculated from the fingerprint is stored on a secure area of the cpu and is never transmitted off the phone- basically all the sensor returns is a yes/no - the fingerprint itself is never transmitted
  more information in this video
  http://www.apple.com/iphone-5s/videos/#video-touch

• Agent and Supervisor Desktop Updates

  With version 7.x of UCCX, if we did an update to our UCCX server, the updated agent and supervisor desktops downloaded automatically the next time a user logged on.
  Last night I updated our 8.5.1 server to the latest build.  I went to run the agent and supervisor and it just gave me a message that I had to install the latest version.  It doesnt appear to auto update.  Is there a way to make that work.

  Hi John,
  Did you run the "Cisco Unified CCX Client Configuration tool " after upgrading your UCCX system. If not please run it and relaunch the CAD or CSD, they will get automatically get upgraded.
  Hope this helps.
  Anand
  Please rate helpful posts !!

• Need 256 Bit AES Full Disk Encryption for a Mac.  The other discussions regarding this issue are very old.  Does anyone have any current advice regarding encryption software?

  Does anyone have any advice regarding 256 bit full disk encryption software for Macs?  The other discussions on the topic are years old, so I would like some current input.  Thanks for your help in advance.

  Depending on your Mac, you might not want to upgrade to OS X 10.7 or 10.8 as it will not run the PowerPC based software your currently using costing a bundle to replace it all, also they will slow down your machine if it's not a more recent issue. You don't want to upgrade OS X without AppleCare defending your possibly bricked logicboard that's for sure.
  Filevault encrypts the boot drive, however in doing so makes it near impossible to fix if you have a software issue and need to recover files directly or by using specialty software. Also it robs the machine of performance even more than the Lions do. So you will really need a SSD to work best with 10.7/10.8 and Filevault, then it has to be freshly installed. Filevault needs 50% free space on the boot drive, then it's going to write to the slower 50% half of the hard drive where performance is terrible compared to the first 50%.
  Also Filevault is cracked under certain conditions, and if someone gets their hands on the machine (like the law) and knows what they are doing.
  If you take your Filevaulted machine to Apple to fix, they are going to require the password to fix the machine obviously.
  Software based encryption is vulnerable, you might want to instead place your sensitive data on external self-encrypting hardware that doesn't rely upon software or computer hacks/bypasses (ike freezing the RAM) to get to it.
  http://www.datalocker.com/products/datalocker-dl3.html
  Iron Keys for portable USB self encryption, both work with any computer, so your not locked into one platform.
  With the senstive data off the computer and on a external device, there is the option of removing, hiding and securing the device. If used with a computer that's never connected to the Internet, it's safe from snoopers, except from a survelliance van parked outside your door.

• X220 with Samsung SSD 830: Success? Full Disk Encryption (FDE)?

  1. Have any of you tried installing a Samsung SSD 830 Series drive in the X220, and if so can you recommend or dis-recommend?
  2. Can anyone definitively verify whether or not the SSD 830 drives support full disk encryption?  I see conflicting information about that on the internet...
  Thank you.

  I have finally gotten an answer from Samsung regarding encryption.  Sounds like hardware FDE is only supported on the OEM version, not on the consumer version:
  My Question:
  Does the SSD 830 (Notebook 256G version: MZ-7PC256N) support Full Disk Encryption (FDE) with a password through the BIOS? I read on the web that your enterprise version of this product does support FDE, but it's not clear whether or not that is also supported on the consumer version.
  Their Response:
  Dear Customer...The retail market 830 series SSD does not natively support FDE. Only OEM version of the unit have the encryption placed. Samsung recommends the use of programs to encrypt the data on the drive... Thank You for choosing Samsung.

• Full disk encryption for the Mac ?

  I desperately require a security measure against data compromise in the event of a physical theft of one of my Macs.
  Is there some full disk encryption solution, similar to the TrueCrypt solution for Windows, that can work with a Mac? (TrueCrypt works on Mac but not its feature of full disk encryption)
  Any other ideas on reinforcing security in such physical theft incidents?
  Thanks!

  Visited http://www.macintouch.com/
  PGP Corporation is now shipping PGP Desktop 9.9 for Mac OS X, a major update of the encryption software. Highlights of this release include full support for pre-boot authentication, full support for external drives (including the sharing of Whole Disk Encrypted thumb drives between Mac and Windows clients), use of the FIPS 140-2 validated PGP SDK for cryptographic operations,
  http://www.pgp.com/

• Request To Blackberry: Full-Disk Encryption

  The current encryption option for the SD card encrypts ONLY the data contents, and NOT the full structure of the filesystem. 
  As it stands right now pulling an encrypted SD card from the Z-10 and inserting it into a Windows machine divulges the entire filesystem structure with names and modification dates intact.  The data itself is encrypted and the file size padded out to the next 4k size, which appears to be the block size of the encrpytion system.
  While this prevents Windows from considering the card "unformatted" and thus randomly offering to destroy it with a single click (which it would otherwise do) the file names, mod times and sizes confer quite a bit of information to a hostile party who comes into possession of the device and its memory card.
  Having the choice of that not being the case (as is true for full-disk encryption on FreeBSD and other systems such as TrueCrypt) would be nice, even though it does some with a greater risk of accidental destruction should you insert the card into some other device by accident.
  Market Information? Come read The Market Ticker!

  wtaylor72,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://forums.novell.com/

• Winmagic Securedoc and New Macbook Pro for Full Disk Encryption (FDE)

  Hi, I wonder if anyone had any experience with this. I've installed a seagate Momentus FDE drive (...421 series) on my new macbook pro and tried installing Winmagic securedoc to manage full disk encryption. It seems that despite all their recommendations re: hibernatemode and lidwake and sleep vs hibernation, the MBP crashes when I close the lid and then awaken it (by opening and pressing the power button). It cannot be awakened via an external keyboard either. Note that both hibernate and sleep work fine without securedoc. As securedoc appears to be the only viable FDE solution, I'd really like to get it working. Has anyone had any luck getting it to work with the new MBPs?

  PGP is another alternative as I have used it for the past few years on all of my Macbook Pros. I also own SecureDoc but have not installed it on the new Macbook yet.
  I do know that PGP disables hibernate during the install as it can cause problems.

• Anyone using SecureDoc Full-Disk Encryption for Mac from WinMagic?

  Currently I am using Mac OS X v10.5 on a MBP and want to upgrade to Snow Leopard. I use PGP full disk encryption.
  I do not want to wait anymore for PGP v10 before I can upgrade to Snow Leopard. In my search for a replacement for PGP I found SecureDoc Full-Disk Encryption for Mac from WinMagic.
  https://www.winmagic.com/products/full-disk-encryption-for-mac
  They claim to be Snow Leopard compatible
  https://www.winmagic.com/kw/download.php?url=/datasheets/securedocmac_brochure20090925a.pdf
  I have two questions:
  1) Does anyone have experience with SecureDoc Full-Disk Encryption for Mac from WinMagic?
  2) Where can I buy one? PGP has a store where I ordered my copy of the software. But I can't find a store anywhere for SecureDoc. With some trouble I found a reseller in the Netherlands, but they don't reply to any questions.

  I am currently testing a trial license from Checkpoint Full Disk Encryption.
  http://www.checkpoint.com/products/datasecurity/pc/index.html
  The company where I work is a Checkpoint reseller, and normally only has dealings with other companies, not end users. But we arranged a trial license and I can buy a single user license Checkpoint Full Disk Encryption if the test proves Checkpoint Full Disk Encryption is a good solution.
  I created a bootable usb disk with Snow Lepoard on it. But I was unable to install FDE on it. After reboot I only get a blank screen, that's it. Probably it isn't supported to boot from a full disk encrypted removable drive, I can understand that.
  I can't create a virtual Snow Leopard machine (legal reasons) to test it on. And all FDE solutions I found aren't compatible with Mac Server, which is a shame because you can virtualize Mac Server legally.
  So now I am planning to change the hard-disk of my MBP this evening with another hard-disk to test Checkpoint FDE there. I don't want to upgrade my current Leopard installation to Snow Leopard only to discover it doesn't work as expected. I could of-course use my current installation and when it doesn't work rollback to a timemachine backup, but before that I have to decrypt my disk and uninstall PGP witch will take 1-2 days, and encrypt again when the test is over. Not pratical.
  I will let you know how the test with Checkpoint Full Disk Encryption went!

• Can host hacker break into guest that uses full disk encryption?

  I know it is unlikely but let us say host has got owned, ie a hacker has managed to break into the host.
  How would they go about breaking into a linux VM that uses full disk encryption?
  They can't mess with the .vmdk without damaging it - it is encrypted by the guest.
  They can't use vmrun because they do not know the guest passwords.
  They can't attach to processes in the guest with debugging tools because they cannot see individual guest processes.
  What can they do?  And crucially, what can I do as a countermeasure?

  What really matters is WHERE you do the encryption. If the encryption is too low, data in the guest appears unencrypted. If it is in the guest, then the keys live in the guest and since SGX is not around at the moment, keys are somewhere in guest memory even for a little bit of time.
  So the real question is what are you trying to achieve?
  If you are trying to meet encryption at rest requirements then it makes no difference where you encrypt as the data on the disk will be encrypted and without the key no one can decrypt it. Now if you have keys generated within a VM without using DRNGD or some other high quatlity randomness source, then your keys could be predictable and you need to guard against making it easy for a brute force attack.
  If you need to encrypt data in motion?
  Then you need to consider how the VM is protected itself, how an application interacts with data to determine during 'motion' if someone should not be accessing the data even though they are already supposedly allowed to do so. Keys are in memory, so therefore you need to guard memory access for those keys to only the application in question. This is the hard part, and requires you to think seriously about logging, key management, etc.
  So really what are you trying to achieve?
  Best regards,
  Edward L. Haletky
  VMware Communities User Moderator, VMware vExpert 2009-2015
  Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.
  Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast

• CheckPoint Endpoint full disk encryption

  My previous employer mandated CheckPoint Endpoint full disk encryption on every machine accessing their intranet. Since I have not worked there for two years, their IT group refuses to support my MB air. I am trying to update my OS, but Endpoint will not allow this. I like the encryption, but if I had to choose, I would pick an updated OS. Does anyone know how to do this?

  Back up all data to at least two different storage devices, if you haven't already done so. One backup is not enough to be safe. The backups can be made with Time Machine or with Disk Utility. Preferably both.
  Erase and install OS X. This operation will destroy all data on the startup volume, so you had be better be sure of the backups. If you upgraded from an older version of OS X, you'll need the Apple ID and password that you used, so make a note of those before you begin.
  When you restart, you'll be prompted to go through the initial setup process in Setup Assistant. That’s when you transfer the data from a backup.
  Select only users and Computer & Network Settings in the Setup Assistant dialog—not Applications or Other files and folders. Don't transfer the Guest account, if it was enabled.
  After that, check the App Store for updates and install the third-party software you need.
  Before installing any software, ask yourself the question: "Am I sure I know how to uninstall this without having to wipe the volume again?" If the answer is "no," stop.
  Never install any third-party software unless you know how to uninstall it.

• Full DIsk Encryption and Windows 8

  I have my full disk encryption policy assigned to a windows 8 laptop. When I look under device assignments on the server it shows the laptop, but when I look ion the laptop it says no policy enforced. So it is not encrypting the hard drive.

  wtaylor72,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://forums.novell.com/