Encryption Laptop

Encryption Laptop

Summary: This service provides for the encryption of the internal hard disks of University laptops.

Primary users of this service: Staff, Researchers

Who to contact to use this service: E: helpdesk@ucc.ie | T: +353 (0)21 490 2120 | IT Services |

Contact to discuss this service: Michael Field | E: m.field@ucc.ie |

Strategic Focus: Enabling Infrastructure Services

Service Webpage

This service provides for the encryption of the internal hard disks of University laptops.

Data security is of critical importance, and especially so with respect to laptops holding sensitive or confidential data. Laptops may be lost or stolen leading to unauthorized or unintentional disclosure of the information stored on them. This service assists with securing that data.

The service provides for full disk encryption of the internal hard disks of laptops. All files on the disk are encrypted irrespective of their content. As new files, data or other content is added or changed, they are encrypted. Encryption is done by using software or hardware encryption.This service uses 256-bit DIFFUSER encryption for Microsoft Windows.

Encryption is undertaken in compliance with the Encryption Guidelines with the encryption keys stored centrally and separate from the laptops. You should familiarise yourself with these guidelines.

In addition to the disk encryption, you will in future be prompted for a Startup PIN/Password when the laptop is powering up.  this is to provide an additional layer of security and is in addition to any laptop BIOS power on password you may already use.  With laptops running Microsoft Windows the startup PIN/Password is a minimum of seven characters long, for Apple we recommend using same minimum.

Microsoft Windows – Using BitLocker

At minimum, a version of Microsoft Windows 7 Enterprise or Ultimate, has a Trusted Platform Module (TPM security device) chip with at least version 1.2 installed and also satisfies the minimum hardware requirements for these platforms. The minimum hardware requirements for running the versions of Windows 7 are documented on the Microsoft web site at http://windows.microsoft.com/systemrequirements (If you purchased a Laptop within the last three years through the UCC Laptop Procurement Framework it will meet the minimum hardware requirements).

Apple OSX – Using FileVault2

At minimum, a version of Apple Mac OSX Lion or Mountain Lion is required. With the minimum hardware requirement of an Intel Core 2 duo, Core i3, Core i5, Core i7 or Xeon processor and 2 GB of RAM (If you purchased a new Apple laptop withing the last four years it will meet the minimum hardware requirements)

Both of the above platforms require separating a portion of the hard disk space for recovery.

Self-Encrypting Drives – OPAL Compliant

Supported Dell Latitude Laptops (as per UCC procurement framework) that have factory installed self-encrypting hard disks (SED) and are OPAL compliant.

Laptop Assessment

Readiness

Data stored on the laptop should only be a copy of the original that is stored or backed elsewhere, this would be the normal practice regardless of whether the laptop is encrypted or not.
Before the laptop is encrypted, tests will be carried out to ensure the integrity of its disk and suitability for encryption. This includes checking for errors and correcting where appropriate and ensuring sufficient free space is available.

Caveats

The encryption recovery key is stored centrally, but you also have the ability to save a copy. On no account should the recovery key or other passwords be stored in any form with or in the precinct of the laptop. Failure to do so will seriously undermine the security of the laptop and its data.

Request service

If your laptop meets the minimum requirements as set out above, register your request for service by contacting the helpdesk x2120 or email staffithelpdesk@ucc.ie

Minimum Specifications

  • Microsoft Windows 7 - Enterprise or Ultimate editions
  • TPM Version 1.2
  • At least 20% Free Capacity
  • Intel Core 2 duo, Core i3, Core i5, Core i7 or Xeon Processor
  • 2 GB RAM
  • Domain-Joined on Cental Domain

The following information is for domain joined computers only or non-domain computers with relevant Group Policies applied.  If your computer is not in CENTRAL (go to START, Right Click Computer and Select Properties) check with your local IT System Administrator to verify that the relevant security group policies have been applied to your domain.  If it is not in a domain, we can provide you with the policy settings if you feel confident to change then yourself of you can book a call with us

We Recommend you do the following on a Windows 7 Laptop Prior to Encryption

1. Enable the TPM Chip

  • On Dell Splash Screen hit F2 to go to Setup
  • In Setup go to Security and TPM Security
  • Tick TPM Security and Select Activate
  • Apply Changes and Exit

2. Back Up Your Data

  • Back Up Your Data to an external hard drive

3. Run Disk Cleanup

  • Go to Start and Control Panel
  • Open System and Security
  • Open Administration Tools
  • Run Disk Cleanup

4. Run Check Disk

  • Go to Start and Computer
  • Right Click on the Hard Disk Drive you want to check and select properties
  • Click on the Tools Tab and click on the Check Now button under Error-checking
  • Tick both boxes and click Start

How to Encrypt a Windows 7 Laptop

1. Turn on Bitlocker

  • Go to Start, Control Panel, Open System and Security
  • Select BitlLocker Drive Encryption
  • Select Turn on BitLocker Drive Encryption
  • Select Require a PIN at every startup
  • Enter PIN (7-20 characters)
  • Select Save Recovery Key to a USB Flash Drive
  • Save the Recovery Key and TPM files to a USB Key
  • The encryption will start and may take a few hours, you can use your laptop during this time (expect slow performace while encryption is taking place)

2. Storing the Recovery Key

  • You can maintain a copy of the recovery key yourself on a USB key
  • We recommend you also email us at helpdesk@ucc.ie with a copy to save centrally - you will need to provide your Name, Department, Make and Model of Laptop, Serial Number / Service Tag of Laptop, and your Recovery Key
  • To get the Serial Number / Service Tag you should look at the back of your laptop and there should be a sticker with this information

Safe storage of your Encryption Recovery key is of paramount importance.  If you lose the key, you lose access to your hard disk and its data.

Download Document Here:

How to Encrypt Your Windows Laptop


Minimum Specifications

  • Mac Mavericks (10.9) or Yosemite (10.10)
  • At least 20% Free Capacity
  • Intel Core 2 duo, Core i3, Core i5, Core i7 or Xeon Processor
  • 2 GB RAM

How to Encrypt a Mac OS Laptop

1. Turn on FileVault

  • Go to System Preferences, Select Security & Privacy
  • Select Turn On FileVault
  • Enable each user you want to be able to unlock the volume encryption (Note: You will need the account password for each user to enable them there and then, but these accounts can be enabled later by the owner's main account if needed)
  • You will then be presented with the Recovery Key, which can be copied and pasted into a text file and saved on a USB Key
  • You will also have the option to store the key with the users AppleID - you will need to answer 3 questions which you will need for recovery of lost password
  • The encryption will start and may take a few hours, you can use your laptop during this time

On Apple Mac OSX you will be prompted for your logon password earlier than you would normally expect to logon.  It is the same password you normally use but the laptop has started from a smaller separate partition to verify your credentials before giving you full access to the rest of your encrypted hard drive.

2. Storing the Recovery Key

  • You can store the Recovery Key using your AppleID (above)
  • You can maintain a copy of the Recovery Key yourself on a USB Key
  • You can also email us at helpdesk@ucc.ie with a copy to save centrally - you will need to provide your Name, Department, Make and Model of Laptop, Serial Number of Laptop, and Your Recovery Key
  • To get the Serial Number you should look at the back of your laptop and there should be a sticker with this information

Safe storage of your Encryption Key is of paramount importance.  If you lose the key, you lose access to your hard disk and its data.

Download Document Here:

How to Encrypt Your Mac OS Laptop

Information Coming Soon ..

For Windows 7 Laptops:

  • Go to Start, Control Panel, Open System and Security
  • Select Bitlocker Drive Encryption
  • Select Reset PIN
  • Enter New PIN using 7 to 20 characters
  • Click Set PIN

For Mac OS Laptops:

  • Go to System Preferences
  • Select Users & Groups
  • Select Change Password
  • Enter New Password

For Windows Laptop:

If you have misplaced your recovery key you can go back and re-print / re-save your recovery key, you can do this by:

  • Go to Start, Control Panel, Open System and Security
  • Select Bitlocker Drive Encryption
  • Select Manage Bitlocker
  • Select Save or print recovery key again
  • You can then either save to a usb key or print the file

 

For Mac Laptop:

If you have misplaced your recovery key you can re-issue a new key: (You will need your laptop logon credentials to do this)

  • Go to System Preferences, Select Security and Privacy
  • Select Turn Off FileVault
  • Then Select Turn On FileVault
  • You will be issued with a new Recovery Key
  • Save the recovery key to a usb key and please store the new Key with Apple if you had done so previously
Close X