Network Location Security
Network Location Security (NLS) was designed to enhance the flexibility of encrypted workstations by detecting known secure networks and dynamically adjusting the protection level of the workstations accordingly. When a NLS-protected system is operating in a known environment, the workstation will bypass the Pre-Boot Authentication (PBA) screen of the encryption vendor and automatically continue to boot into Windows. In the event that an NLS protected system is lost, stolen, or otherwise booted into an unknown network environment, the workstation will then reboot to the Pre-Boot Authentication screen and require a valid user to decrypt the protected Windows system. NLS contains the following features:
- Controlled via a standard Windows Service
- Configurable sleep intervals between network checks
- Security events logged to Windows Event Log
- Fast network detection routines to minimize exposure upon boot
- Convenient and non-intrusive for end users
- Flexible design to account for planned network downtimes
Use Case 1: Desktop machines. One of the primary goals of any disk encryption project is to make the software as invisible and non-intrusive to the user as possible. The Pre-Boot environment can be a significant user experience change for users and can lead to an increase in password related calls to the Help Desk. NLS will bypass the PBA screen for normal users who are on your network and allow the users to continue using their existing familiar Windows login method. When a desktop machine is removed from the network, the full protection of the encryption product will prevent Windows-based attacks by leaving the drive in a fully-encrypted state.
Use Case 2: Shared machines and laptops. Certain environments, especially Healthcare organizations, often make use of shared workstations on wheels, tablets, and kiosks that are automatically logged into Windows using a default account without requiring a password upon boot. These machines are highly portable or in common areas and usually have access to sensitive data. They are a perfect target for someone wishing to gain access to your network or sensitive data. NLS allows these workstations to be protected by the same level of security as ma machines requiring an authorized user at Pre-Boot Authentication, with the added convenience of not requiring a particular user to log into the machine when it is initially booted.
