Encryption
EndPoint Control offers GFI OneGuard administrators the ability to enable volume encryption.
When volume encryption is enforced, users must provide a password to encrypt and access a storage device's data.
Passwords are an important part of the security system. A good password should be easy to remember but difficult for others to guess. A strong password should have a combination of upper and lower cases, numbers and symbols.
The following actions can be performed:
Enabling encryption
To start encryption:
- Insert the device into the drive.
Option to activate encryption
- Right-click the USB drive and click Encrypt....
Enabling encryption
- Key in the Password and Retype the password to confirm.
Encryption bar progress
The process may take several minutes depending on the size of the drive. Once the process is complete, the device is ready for use.
Each time the device is re-inserted in the drive the user must enter the password again.
Removing the encryption
Encryption can be removed at any time. Be aware that a device cannot be used on a machine that has encryption enabled. The procedure can be useful if you need to use the device in a computer that is not protected by GFI OneGuard EndPoint Control and the traveler application is not enabled.
To remove encryption follow these steps:
- Insert the device into the drive.
Options available when inserting the device
- Select Remove encryption and enter the Password.
EndPoint Control starts the process and and prompts on completion that decryption was disabled.
Changing the password
If you need to change the password for the encryption, follow these steps:
- Insert the device in the drive.
- Click Change Password....
- Type in the following information:
| Fields | Description |
|---|---|
| Current password | Key-in the password used when encrypting the device. |
| New password | Key-in a new password. |
| Retype the new password | Retype to confirm the password. |
- Click Save.
Remove and re-insert the device for the new prompt for the password.
Using the Traveler Application
By default, a device encrypted by GFI OneGuard EndPoint Control can only be decrypted by devices using the same agent.
An exception is when the policy for the device enables the Traveler application. Traveler enables you to decrypt data encrypted by GFI OneGuard on storage devices from computers that are not running a GFI OneGuard Agent.
Encrypted drive with the traveler application
When this option is enabled, during the encryption process the Traveler app is installed on the device. Then, when inserting the device in a machine that does not have the EndPoint Control agent, the user gets the same prompt for the password used with the agent.
To start the traveler application:
- Insert the device into the drive of a machine that does not have the EndPoint Control agent.
- Navigate the content of the drive and double-click traveler.
- Enter the password used to encrypt the device.
A second driver appears and the content of the driver is available.