PGP Whole Disk Encryption

Text:
Increase font size
Decrease font size

What is PGP Whole Disk Encryption?

PGP Whole Disk Encryption (WDE) is a software product that secures files stored on protected drives with transparent full disk encryption. If a protected system is lost or stolen while shut down or in hibernate mode, data stored on the protected drive is not readable without the proper credentials.

Why do I need it?

The data encryption software continuously safeguards data from unauthorized access, protecting sensitive information from misuse due to lost or stolen computers. PGP Whole Disk Encryption; locks down the entire contents of a laptop, desktop, external drive, or USB flash drive, including boot sectors, system, and swap files.

Full Disk Encryption is required on Windows and recommended on Mac/Linux laptop computers that store or process Personal Identifiable Information (PII) or Protected Health Information(PHI) according to the Information Security Policy (available at http://software.sites.unc.edu/files/2012/07/ccm1_033440.pdf).

Can I encrypt files with PGP and send them to others?

The PGP software supports password-based and key-based file encryption. This may or may not be available based on your departmental IT policy.

Public keys for some University members are published to PGP clients.

Can I encrypt e-mail with PGP?

No, the University will not use PGP for e-mail security.

What differences will a WDE user see?

Users continue to work as usual. However, when PGP is first installed, users will experience slow response while the entire disk is encrypted. After the initial encryption of the disk PGP WDE automatically encrypts and decrypts data on the fly, without impacting user productivity*. On startup, the PGP Boot-Guard screen will appear, requiring appropriate authentication before allowing access to data on the system.

* Performance may suffer on solid-state disks.

How do I get it?

Schools and Centers interested in deploying PGP on laptops that store or process sensitive information should contact their departmental IT support staff who will work with ITS Security on a deployment.

What happens when a WDE user forgets his/her password?

The PGP software will always try to synchronize with the user’s login password. However, if that is forgotten, users can call their departmental support or please contact the ITS Service desk at 919-962-HELP (962-4357) or 1-866-962-4457 (US and Puerto Rico) and identify themselves by answering a set of questions. They may be given a passphrase that can bypass the PGP protection, at which point most standard password reset procedures could be used to reset the Windows password, and then the PGP password.

Keys stored on USB hardware tokens are also available to departmental support personnel which provide access to their users’ systems which are PGP Whole Disk Encrypted.

What are the Supported Operating Systems?

Windows

- Microsoft Windows 7 (all 32- and 64-bit editions)

- Microsoft Windows Vista (all 32- and 64-bit editions)

- Microsoft Windows XP Tablet PC Edition 2005 (requires attached keyboard)

- Microsoft Windows XP Home Edition (Service Pack 2 or 3)

- Microsoft Windows XP Professional 64-bit (Service Pack 2)

- Microsoft Windows XP Professional 32-bit (Service Pack 2 or 3)

Note: The above operating systems are supported only when all of the latest hot fixes and security patches from Microsoft have been applied.

Mac OS X

- Apple Mac OS X 10.5.x or 10.6.x (Intel-based Macs only)

Linux

- Ubuntu 8.04 and 9.04 (32- and 64-bit versions)

- Red Hat Enterprise Linux/CentOS 5.2 and 5.3 (32-bit versions)

- Red Hat Enterprise Linux 5.2 and 5.3 (64-bit versions)

Note: PGP Whole Disk Encryption for Linux is command line only

Does PGP Support Smart Phones?

No. PGP cannot be installed on smart phones. For more information on how to best encrypt smartphones including iPhones, Android devices, and Blackberries please see Encrypting Cell Phones.