McAfee Endpoint Encryption for PC is a Personal Computer (PC) security system that provides data at rest protection, preventing the data stored on a PC from being read or used by an unauthorized person. It combines single sign-on user access control with transparent full disk encryption of HDD/SSD storage media to offer effective security for PCs running the Microsoft Windows operating system.
\r\nIntegration with McAfee ePolicy Orchestrator (ePO) eases agent deployment, management, and reporting.
\r\nCommunication between the Endpoint and ePO is secured using McAfee Agent.
\r\nePO provides the management user interface for the TOE via a GUI accessed from remote systems using web browsers. User and Machine policies can be created, edited and deployed from ePO. Manual recovery allows users who have lost or compromised their logon credentials to regain secure access to their Endpoint PC.
\r\nePO requires users to identify and authenticate themselves before access is granted to any data or management functions.
\r\nAudit records from both ePO and the Endpoints managed by it may be reviewed via the ePO GUI using fully customizable reports of which there are many built into the product.
\r\nMcAfee Endpoint Encryption for PC prevents the data stored on a PC’s HDD/SSD storage media from being read or used by an unauthorized person. Non-removable and eSATA hard drives can be encrypted. USB, FireWire or PCMCIA connected media cannot be encrypted.
\r\nBy necessity, the boot record and certain non-security relevant configuration data must remain in plaintext, but everything else on the storage media is encrypted. In simple terms, the McAfee Endpoint Encryption client software takes control of a user’s storage media away from the operating system. The McAfee Endpoint Encryption client software encrypts data written to the storage media, and decrypts data read from it. If the storage media is read directly, one would find only encrypted data, even in the Windows swap file and temporary file areas.
\r\nePO provides the functionality to securely deploy, configure and manage the McAfee Endpoint Encryption Client usage policies. A policy is a set of rules that determine how the McAfee Endpoint Encryption Client software functions on the user’s computer.
\r\nIn order to operate in compliance with this Security Target, the TOE Endpoint must be installed and operated in a certain manner. This is referred to as its Common Criteria mode of operation, or CC mode for short. CC mode is defined as follows:
\r\nThe client software is installed on the client system. After the installation, the system synchronizes with ePO and acquires the user data, token data, and Pre-Boot graphics. When this is complete, the user authenticates and logs on through the Pre-Boot environment, which loads the operating system, and uses the system as normal.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and procedures. The evaluation demonstrated that the McAfee Endpoint Encryption for PC 6.2 with McAfee ePolicy Orchestrator 4.6 meets the security requirements contained in the Security Target.
\r\nThe criteria against which the McAfee Endpoint Encryption for PC 6.2 with McAfee ePolicy Orchestrator 4.6 was judged is described in the Common Criteria for Information Technology Security Evaluation, Version 3.1. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1. The COACT, Inc. CAFE Lab determined that the evaluation assurance level (EAL) for the McAfee Endpoint Encryption for PC 6.2 with McAfee ePolicy Orchestrator 4.6 is EAL2+ ALC_FLR.3
\r\nThe TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target.
\r\nA team of Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by the COACT, Inc. CAFE Lab. The evaluation was completed in August 2012. Results of the evaluation and associated validation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report.
","environmental_strengths":"The TOE’s Security Functions are:
\r\nCryptographic Operations
\r\nWhen the TOE Endpoint is activated, it generates a number of cryptographic keys using its key generation algorithm that incorporates an SP 800-90 random bit generator. The TOE Endpoint generates a System key (AES-256) that it uses to encrypt the TOE Data and a System Recovery Key (AES-256) used for administrative recovery.
\r\nFor uninitialized user accounts, the system key is stored encrypted with a hash of the default password. This is changed as soon as the user logs on for the first time.
\r\nIn addition, for users that have certificates from Active Directory and an associated smart card containing the matching private key, the TOE Endpoint also generates an RSA key pair (2048 bits) for each system user for which the client has not yet received initialized user token data.
\r\nThe System Key is only stored persistently in its encrypted form. It is stored in the Pre-Boot File System encrypted by the User Public Key, one copy for each user. It is also stored wrapped with the System Recovery key. The User Secret Key is stored encrypted in the TOE Endpoint and during the logon process is decrypted by the user’s token to enable it to be used to secure the hard disk during normal operation of the TOE Endpoint.
\r\nThe link between ePO and the TOE Endpoint is secured by McAfee Agent. This uses TLS to establish a shared secret and then uses this as an AES-256 key to encrypt subsequent session-based traffic between the ePO server and the TOE Endpoint.
\r\nThe System Key and System Recovery Key are encrypted by the Key Server Public Key (a 2048 bit RSA key) and sent to ePO after they are generated where they are stored in the Key Server for archiving purposes. The User Public Key of each system user is also sent to ePO after generation, as is the User Private Key, encrypted by the user’s token (password or smartcard).
\r\nThe Key Server is an ePO component that stores a copy of the System Key from each activated Endpoint. The Key Server data is stored in an SQL Server. The Key Server is only used for out of bound emergency recovery of an Endpoint or the forensic decryption of Endpoint storage.
\r\nThe TOE Endpoint uses AES-256 and the System Key to secure the TOE Endpoint storage media. All data written to the storage media is encrypted and all data read from the storage media is decrypted.
\r\nIdentification and Authentication
\r\nBoth ePO and the TOE Endpoint provide identity based access control.
\r\nAn ePO Administrator must logon successfully before being granted access to the ePO functionality. Authentication is provided in one of three ways, the specific mechanism used is determined when the user account is created. The available authentication types are ePO authentication (ePO user name and password), Windows authentication and certificate based authentication. The ePO administrator logs on to ePO as appropriate to their configured authentication type, by default, using a username and password. No access to ePO functionality is available before the administrator has been successfully identified and authenticated.
\r\nThe TOE Endpoint provides token-based user authentication, for instance using PKI certificate smartcards, stored value smartcards or password-only tokens. No access to the encrypted data on the storage media is available before the user has been successfully identified and authenticated.
\r\nWith password-only tokens, the administrator can define and edit user policies with ePO and deploy these to Endpoint systems via policy updates. This allows the administrator to administer ePO connected endpoints. In this way, user accounts can be enabled or disabled, new accounts created, user password policies set (maximum and/or minimum password length and enforced password content defining the number of Alpha, Numeric, Alphanumeric, and Symbols characters required to form a password) or user passwords reset.
\r\nFor physical tokens, it may be possible to change the token’s PIN either locally in the Endpoint Pre-boot environment or using proprietary middleware. They are not managed by ePO.
\r\nFor all authentication methods, there is obscured feedback, consisting of a ‘*’ for each character typed for all passwords, to protect the authentication data from accidental disclosure during the logon process.
\r\nAudit
\r\nThe audit log maintains a record of TOE Administrator (ePO user) actions and a set of events relating to the TOE User.
\r\nThe audit log is accessed from ePO. Administrator actions can be reviewed from the Menu --> User Management --> Audit Log. TOE Endpoint events are generated on the TOE Endpoint and then sent to ePO by the McAfee Agent periodically according to a defined schedule. Such User audit events can be reviewed from Menu --> Reporting --> Queries & Reports and running the EE: Product Client Events report.
\r\nEach entry of the Administrator audit log is associated with an identified Administrator. With the User audit log, if an action is performed by an identified user, then the audit log entry is associated with that identified user. However, some audit events result from system actions rather than user actions and these are associated with the system that they relate to.
\r\nAudit records are only available from ePO and so are only available to Administrators. In order to view the audit logs, an Administrator must have first successfully logon to ePO using his logon credentials.
\r\nManagement
\r\nThe TOE supports two types of operator. Within the context of the TOE, ePO operators are administrators and TOE Endpoint operators are referred to as users.
\r\nAll aspects of the TOE Endpoint systems can be managed from ePO. User details are downloaded from Active Directory, and user and machine configurations are deployed to TOE Endpoints as User Policies and System Policies respectively. User policies determine the user password policy, as well as whether a user account is enabled or not on a system. Similarly, system policies determine the storage media encryption policy and where and when users are forced to logon (Preboot, Windows, both or neither).
\r\nAudit events are periodically uploaded from TOE Endpoints to ePO so that there is a central store of audit data that an administrator can use to aggregate audit data into reports to aid the management of a managed network of Endpoint Encryption for PC client machines.
\r\nUsers may also change their own password if they are permitted to as part of their user policy.
\r\nTo ensure that the Endpoint remains synchronized with ePO policies, McAfee Agent is used to periodically upload events from the Endpoint to ePO and also to download policy updates from ePO and enforce them on the Endpoint.
\r\nProtection of the TSF
\r\nThe TOE Endpoint has a number of related functions that help to maintain its integrity under certain circumstances, such as hardware failure, or communications link failure.
\r\nWhen installed in CC mode as required to meet the requirements of the Security Target, the TSF runs a suite of tests during initial start-up, and in the case of the random number generator test, continuously to demonstrate the correct operation of the security assumptions provided by the abstract machine that underlies the TSF. The TOE Endpoint performs RSA, AES and SHA-256 known answer tests at startup and also performs an integrity test on the executable code of the TOE cryptographic algorithm components. In addition, the TOE Endpoint continuously monitors the output of the Random Bit Generator to ensure that the mechanism is operating correctly.
\r\nAn administrator may disable a user account, preventing that user from logging on to a machine within the network of protected TOE Endpoint machines.
\r\nBy default, and when operating in CC mode, a user account is disabled after ten successive logon failures.
\r\nAfter a user account has been disabled or the user has forgotten their logon password when they try to logon, the TSF enters a maintenance mode where the ability to recover the normal functionality of the TOE Endpoint is provided either online via a secure administration session, or offline using the offline recovery procedure.
\r\nThe online recovery mechanism allows an ePO authorized administrator to modify user security attributes to allow a user to recover access to the TOE Endpoint machine. However this mechanism requires synchronization between the ePO Server Database and the TOE Endpoint and Windows needs to be running for this to be possible. Online recovery is not possible from the pre-boot environment.
\r\nThere are two types of offline recovery: Administrator offline recovery and self recovery. Both types of offline recovery are options that can be enabled or disabled on a user by user and machine by machine basis.
\r\nAdministrator offline recovery allows a TOE Endpoint user to pass a TOE Endpoint recovery code request to the ePO administrator. The ePO administrator can then provide a recovery response code to allow the TOE Endpoint user to regain access to the TOE Endpoint.
\r\nSelf-recovery allows the user to reset a forgotten password by answering a set of security questions. The full list of security questions is set by the administrator using ePO. (Note: Endpoint Encryption contains a generic set of questions by default that may be used or replaced with a set chosen by the authorized administrator).
\r\nA user account may be revoked from ePO by an authorized administrator. This change is deployed to an Endpoint via a policy update and so requires the Endpoint machine to be connected to the ePO server via a network connection. Once the updated policy is enforced, the user with the revoked account will no longer be able to logon to the Endpoint.
\r\nThe TSF ensures that normal operation continues when the link to ePO is lost, by maintaining a local copy of its policies in the Preboot File System.
","features":[]}