How is the ADAM instance used by Encryption Anywhere secured from spoofing?
What security measures have we designed to eliminate the possibility of spoofing the ADAM instance that contains the Encryption Anywhere encryption keys? What prevents someone from creating a second ADAM instance that "pretends to be the Encryption Anywhere ADAM instance" and thereby gets the user's WEK or other critical data related to Encryption Anywhere Hard Disk encryption?
Active Directory Application Mode - ADAM
One Time Password Program - OTP
Any encryption key that is transmitted to ADAM is encrypted with the OTP Program public key on the client before it is transferred to ADAM. This means the encryption keys, including the WEK, travel encrypted and are received by ADAM encrypted. Thus, all spoofing could hope to attain is a bunch of encrypted keys that would be of no value.
In order to decrypt the keys on ADAM, one must have access to the Administrator OTP Program. The OTP Program is stored on ADAM and in order to use it, a person must first gain access rights to ADAM and then they must know the OTP Program administrator password. The OTP Program administrator password can be changed as often as needed.
This is machine translated content
Login to Subscribe
Please login to set up your subscription.
Didn't find the article you were looking for? Try these resources.