What is the service?

The service provides for full disk encryption of the internal hard disks of laptops. All files on the disk are encrypted irrespective of their content. As new files, data or other content is added or changed, they are encrypted. Encryption is done by using software or hardware encryption.This service uses 256-bit DIFFUSER encryption for Microsoft Windows.

Encryption is undertaken in compliance with the Encryption Guidelines with the encryption keys stored centrally and separate from the laptops. You should familiarise yourself with these guidelines.

In addition to the disk encryption, you will in future be prompted for a Startup PIN/Password when the laptop is powering up.  this is to provide an additional layer of security and is in addition to any laptop BIOS power on password you may already use.  With laptops running Microsoft Windows the startup PIN/Password is a minimum of seven characters long, for Apple we recommend using same minimum.

Supported Platforms

Microsoft Windows – Using BitLocker

At minimum, a version of Microsoft Windows 7 Enterprise or Ultimate, has a Trusted Platform Module (TPM security device) chip with at least version 1.2 installed and also satisfies the minimum hardware requirements for these platforms. The minimum hardware requirements for running the versions of Windows 7 are documented on the Microsoft web site at http://windows.microsoft.com/systemrequirements (If you purchased a Laptop within the last three years through the UCC Laptop Procurement Framework it will meet the minimum hardware requirements).

Apple OSX – Using FileVault2

At minimum, a version of Apple Mac OSX Lion or Mountain Lion is required. With the minimum hardware requirement of an Intel Core 2 duo, Core i3, Core i5, Core i7 or Xeon processor and 2 GB of RAM (If you purchased a new Apple laptop withing the last four years it will meet the minimum hardware requirements)

Both of the above platforms require separating a portion of the hard disk space for recovery.

Self-Encrypting Drives – OPAL Compliant

Supported Dell Latitude Laptops (as per UCC procurement framework) that have factory installed self-encrypting hard disks (SED) and are OPAL compliant.

Laptop Assessment

Readiness

Data stored on the laptop should only be a copy of the original that is stored or backed elsewhere, this would be the normal practice regardless of whether the laptop is encrypted or not.
Before the laptop is encrypted, tests will be carried out to ensure the integrity of its disk and suitability for encryption. This includes checking for errors and correcting where appropriate and ensuring sufficient free space is available.

Caveats

The encryption recovery key is stored centrally, but you also have the ability to save a copy. On no account should the recovery key or other passwords be stored in any form with or in the precinct of the laptop. Failure to do so will seriously undermine the security of the laptop and its data.

Request service

If your laptop meets the minimum requirements as set out above, register your request for service by contacting the helpdesk x2120 or email staffithelpdesk@ucc.ie

How to Encrypt Your Mac OS Laptop

Minimum Specifications

• Mac Mavericks (10.9) or Yosemite (10.10)
• At least 20% Free Capacity
• Intel Core 2 duo, Core i3, Core i5, Core i7 or Xeon Processor
• 2 GB RAM

How to Encrypt a Mac OS Laptop

1. Turn on FileVault

• Go to System Preferences, Select Security & Privacy
• Select Turn On FileVault
• Enable each user you want to be able to unlock the volume encryption (Note: You will need the account password for each user to enable them there and then, but these accounts can be enabled later by the owner's main account if needed)
• You will then be presented with the Recovery Key, which can be copied and pasted into a text file and saved on a USB Key
• You will also have the option to store the key with the users AppleID - you will need to answer 3 questions which you will need for recovery of lost password
• The encryption will start and may take a few hours, you can use your laptop during this time

On Apple Mac OSX you will be prompted for your logon password earlier than you would normally expect to logon.  It is the same password you normally use but the laptop has started from a smaller separate partition to verify your credentials before giving you full access to the rest of your encrypted hard drive.

2. Storing the Recovery Key

• You can store the Recovery Key using your AppleID (above)
• You can maintain a copy of the Recovery Key yourself on a USB Key
• You can also email us at helpdesk@ucc.ie with a copy to save centrally - you will need to provide your Name, Department, Make and Model of Laptop, Serial Number of Laptop, and Your Recovery Key
• To get the Serial Number you should look at the back of your laptop and there should be a sticker with this information

Safe storage of your Encryption Key is of paramount importance.  If you lose the key, you lose access to your hard disk and its data.

Download Document Here:

How to Encrypt Your Mac OS Laptop

Self-Encrypting Drive

Information Coming Soon ..

How to Reset the Startup PIN/Password

For Windows 7 Laptops:

• Go to Start, Control Panel, Open System and Security
• Select Bitlocker Drive Encryption
• Select Reset PIN
• Enter New PIN using 7 to 20 characters
• Click Set PIN

For Mac OS Laptops:

• Go to System Preferences
• Select Users & Groups
• Select Change Password
• Enter New Password

How to Print or Re-save a Recovery Key

For Windows Laptop:

If you have misplaced your recovery key you can go back and re-print / re-save your recovery key, you can do this by:

• Go to Start, Control Panel, Open System and Security
• Select Bitlocker Drive Encryption
• Select Manage Bitlocker
• Select Save or print recovery key again
• You can then either save to a usb key or print the file

For Mac Laptop:

If you have misplaced your recovery key you can re-issue a new key: (You will need your laptop logon credentials to do this)

• Go to System Preferences, Select Security and Privacy
• Select Turn Off FileVault
• Then Select Turn On FileVault
• You will be issued with a new Recovery Key
• Save the recovery key to a usb key and please store the new Key with Apple if you had done so previously