Dell Data Protection | Endpoint Security Suite Enterprise

As per the Information Security Policy, it is our mandate to protect the University's information and data. To improve our cyber-security, UIT Information Security is implementing Dell’s Endpoint Security Suite Enterprise (ESSE) as our enterprise-grade disk encryption software.

Support

This product is supported by UIT during regular business hours (Monday-Friday 8:30am-4:30pm). The maintenance window for this service is Thursdays 6:00am-8:00am.

Additional information can be found in York University's Information Security Policy. For questions and concerns please contact askit@yorku.ca

What is it?

Encryption

Encryption is a way to enhance security by scrambling data so that it can only be read by someone who has the right encryption key to unscramble it.

The Dell ESSE is a suite of applications that:

  • Detects data security risks on desktops, laptops and external media
  • Protects data on these devices by enforcing access control policies, authentication and the encryption of sensitive data
  • Manages data centrally with policies using collaborative tools that integrate into existing user directories
  • Supports key and data recovery, automatic updates and tracking for protected devices

Dell's Endpoint Security Suite Enterprise interacts with your OS' native encryption tools (Native FileVault2 [Mac] or BitLocker [windows]) to encrypt your machine's entire hard drive, protecting your data from theft.

Why are we using it?

ESSE ensures that all sensitive information will be inaccessible without a decryption key. The keys are stored securely on a server managed by Infosec and SMS.

In the event that any University device or information is stolen, ESSE will ensure that the thief cannot access the stolen data.

Who can get it?

This product is currently offered to all Faculty, full-time Staff, and Graduate Students sponsored by a faculty member.

The Dell encryption product will only be installed on University-owned devices that are running supported operating systems and meet the minimum technical requirements.

Currently, all new university-devices will come with Dell ESSE pre-installed.

Supported Operating Systems 

Windows (32- and 64-bit)

  • Windows 7 (Enterprise, Pro Editions)
  • Windows 8, 8.1 (Enterprise, Pro Editions)
  • Windows 10 (Education, Pro Editions)

Mac

  • OS X 10.10 Yosemite
  • OS X 10.11 El Capitan
  • MacOS 10.12 Sierra
  • MacOS 10.13 High Sierra

System Requirements 

Windows

  • Minimum 4GB RAM
  • Intel Core i3, i5 or i7 processor or AMD A series, FX, Opteron or Phenom II processor
  • 20% free Hard Drive space

Mac

  • Intel-x86 processor
  • 512 MB RAM
  • 150 MB of free disk space

How do I get it?

ESSE will be available to all eligible users at no cost. If you would like to have ESSE installed on your machine, simply submit a request for the installation of encryption suite to askit@yorku.ca

Terms of Service

Mandatory Requirements for a Desktop/Laptop Running ESSE:

User is required to apply the latest Microsoft updates on a monthly schedule, typically every 2nd Tuesday of the month

Automatic Windows Updates

Mandatory setting:

  • Install updates automatically, including other Microsoft product updates

Automatic 3rd party Updates

User is required to apply 3rd party security updates on a regular schedule. Examples are Adobe Acrobat / Flash / Shockwave, Oracle Java

      Mandatory settings

  • Check/Allow to install updates automatically

Anti-Virus / Anti-Spyware

A reputable anti-virus / anti-spyware client is mandatory

Mandatory settings

  • Full Scan, weekly

Passwords

Please refer to the password guidelines (http://computing.yorku.ca/faculty-staff/support-services/your-york-computer/protecting-your-computing-devices/) when choosing a password. Password/passphrase for encryption should be different from the Passport York password.

Mandatory settings

Auto-login is not allowed and should be disabled; user should be prompted for credentials on boot or when recovering from any power state automatic login

  • You must choose a password that is not easy to guess
  • Please do not use passwords based on dictionary words or personal information
  • Some combinations of dictionary words, and some foreign words are not allowed even if they are reversed or otherwise modified
  • Passwords must be at least 9 characters long and may not contain a semi-colon (;) or double quotes (")
  • Passwords should not contain sequential characters i.e., 9876543

Password lock

To return to normal operation from a sleep / hibernate / screen lock/screen saver / any other hybrid state, a password is required

Mandatory settings

  • Require a password on wakeup from sleep/hibernate/screen lock/screensaver/ any other hybrid power state
  • Screensave=on;’On resume, display login screen’=checked
    Mandatory setting:
    Auto-login is not allowed and should be disabled; user should be prompted for credentials on boot or when recovering from any power state
  • Auto-login, disabled

Automatic login

Auto-login is not allowed and should be disabled; user should be prompted for credentials on boot or when recovering from any power state

Mandatory settings

  • Auto-login, disabled

DES check-in

Computer is required to check in to service on a weekly basis

Mandatory settings

  • Connected to the Internet, weekly

Other prohibitions

Participating computers are discouraged from running:

  • Web server
  • FTP server
  • File server
  • Peer to peer service
  • Providing un-authenticated access of any kind