Unlock encrypted hard disk
Problem | Organizations deploy full disk encryption (FDE) software to protect against data leakage in the event that a corporate laptop is lost or stolen. Users with FDE on their PCs normally have to type a password to unlock their hard disk, before they can boot up an operating system. This password is normally synchronized with the user’s primary Windows password, so that the user only has to remember and type a single password at login. If a user forgets his hard disk encryption unlock password, the user will be unable to start his operating system or use his computer. This is a serious service disruption for the user and can contribute to significant support costs for the IT help desk. |
IVR solution | Most FDE packages include a key recovery process at the PC boot prompt. This normally involves a challenge/response process between the FDE software, the user, an IT support analyst and a key recovery server. Bravura Pass can front-end this process using an integrated telephony option, so that users can perform key recovery 24x7, from any location, using their telephone and without talking to a human help desk technician. |
Web solution | Users with access to the Bravura Pass web interface can also recover an encrypted system through the Unlock encrypted systems/accounts (HDD) module, which will provide them with instructions on how to acquire a challenge code for the system, if required. The relevant connector will use this challenge code to generate a response code that can be used to unlock the encrypted device. |
The components used in the solution depend on the type of FDE software, and other requirements of your organization. Connector Pack ships with connectors for systems including Check Point, McAfee EndPoint Encryption, and PGP Whole Disk Encryption (WDE).
The Check Point connector works with Phone Password Manager or a custom application to communicate between Check Point and Bravura Security Fabric servers.
The PGP WDE connector works with Phone Password Manager and an ActiveX control,
nplocalr, to update locally protected resources.
To set up the ability to unlock encrypted hard disks for remote users:
Interface with interactive voice response (IVR) systems .
Configure nplocalr Local Reset Extension .
Configure the Unlock encrypted systems/accounts (HDD) module .
See also
The Connector Pack documentation for information about integrating withHard Drive Encryption Systems .
Phone Password Manager for details on installing and configuring the Bravura Pass IVR solution.