HSU has licensed Symatec's PGP Desktop/Netshare security software to protect Level 1 and Level 2 data as required by the HSU IT Procedure on Encryption so that it can be safely accessed, stored, and shared with others without risking that data falling into the wrong hands. The software can be used to:
PGP is available to and has been installed for those individuals who require encrypted network shares. Departments must consult with ITC support to determine configuration settings and encryption policies using the ITC PGP Encryption Worksheet. A typical policy includes a list of shared folders and the users entitled to access those folders. Note that, if the administrator makes any configuration changes, all authorized department users will automatically receive the updated settings through the department's customized policy.
PGP Desktop/Netshare works with the following operating systems:
The encryption strength, cipher type, and key sizes have been pre-configured in the policy server according to HSU recommended standards and include the use of Advanced Encryption Standard (AES) 256-bit encryption.
The software must be installed by your ITC, and every authorized user is required to go through the enrollment process in order to gain access to the resources. As part of the iinstallation, users will be provided with a “key pair”. These keys are required to encrypt/decrypt the data and will be automaticallyused by the software to provide seamless access to the shared data. After the initial setup and configuration, users' interaction with the encrypted data should be transparent.
Folder access can be configured to designate specific permissions to decrypt information after file system access has been granted. The key pairs described above are used to determine which individual users are allowed to access the contents of the shared folders.Typically, two levels of access exist: administrator (admin) and normal users (users); these roles are described below:
Administrators have the following privileges:
Users have the following privileges:
Note: At least one Admin is assigned to each protected folder in order to reduce the potential for inadvertent encryption of file shares. HSU Information Security recommends assigning a specialized admin whose responsibility it is to encrypt folders and assign users to each folder. This can be achieved by creating different administrator roles based on separate policies.
Any files using encryption remain encrypted, even if copied locally to the desktop or saved to a USB stick. However, administrators should be aware that users with rights to decrypt the file have the potential to purposefully or accidentally decrypt the file in one of the following scenarios:
Other examples of applications that may affect encrypted files and folders are Secure File Transfer Protocol (SFTP) and backup client software.
Contact your ITC support or the Information Security Information Office for assistance, key recovery, or any questions you may have concerning Symantec PGP Desktop/Netshare.