CRYPTAS it-security GmbH



Similar documents
Innovative Secure Boot System (SBS) with a smartcard.

DriveLock and Windows 8

Using BitLocker As Part Of A Customer Data Protection Program: Part 1

DriveLock and Windows 7

Understanding Northwestern University s contract with Symantec. Symantec Solutions for Cost Reduction & Optimization

Check Point FDE integration with Digipass Key devices

SecureDoc for Mac v6.1. User Manual

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

etoken Single Sign-On 3.0

Do "standard tools" meet your needs when it comes to providing security for mobile PCs and data media?

Disk Encryption. Aaron Howard IT Security Office

Chapter 1 Scenario 1: Acme Corporation

How To Use Attix5 Pro For A Fraction Of The Cost Of A Backup

WinMagic Data Security Enterprise Full Disk Encryption Solutions

9 Steps to Data Security

VPN Solutions FAQ North America International Germany Benelux France Spain Israel Asia Pacific Japan

Compatibility with Encryption Products

Full disk encryption with Sophos Safeguard Enterprise With Two-Factor authentication of Users Using SecurAccess by SecurEnvoy

Pointsec Enterprise Encryption and Access Control for Laptops and Workstations

Latest update 18/3/2014. Comments / Applies to. Inter Engineering DataRemain online backup services

Client side. DESlock + Data Encryption

Implementing and Supporting Microsoft Windows XP Professional

Encrypting with BitLocker for disk volumes under Windows 7

How to Reinstall SQL Server 2005

Service Overview CloudCare Online Backup

Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology

Management of Hardware Passwords in Think PCs.

proudly presents WinMagic s SecureDoc

The Encryption Anywhere Data Protection Platform

Using End User Device Encryption to Protect Sensitive Information

Maintaining a Microsoft Windows Server 2003 Environment

How Endpoint Encryption Works

Last modified: November 22, 2013 This manual was updated for the TeamDrive Android client version

Managing and Maintaining a Windows Server 2003 Network Environment

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

PGP Whole Disk Encryption Training

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

Chapter 8: Security Measures Test your knowledge

etoken TMS (Token Management System) Frequently Asked Questions

Comprehensive Endpoint Security

SELF SERVICE RESET PASSWORD MANAGEMENT ARCHITECTURE GUIDE

Firmware security features in HP Compaq business notebooks

Managing BitLocker Encryption

Encrypting the Private Files on Your Computer Presentation by Eric Moore, CUGG June 12, 2010

RSA Authentication Manager 7.1 Basic Exercises

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

Securing Administrator Access to Internal Windows Servers

GoldKey Product Info. Do not leave your Information Assets at risk Read On... Detailed Product Catalogue for GoldKey

MBAM Self-Help Portals

ProtectDrive. User Manual Revision: B00

Symantec PGP Whole Disk Encryption Hands-On Lab V 3.7

EMBASSY Remote Administration Server (ERAS) BitLocker Deployment Guide

SecureAge SecureDs Data Breach Prevention Solution

How Drive Encryption Works

Course 20688A: Managing and Maintaining Windows 8

Windows BitLocker Drive Encryption Step-by-Step Guide

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

Protecting Data at Rest

Interact Intranet Version 7. Technical Requirements. August Interact

More Expenses. Only this time the Telegraph will have to pay them after their recent data breech

GoldKey Software. User s Manual. Revision WideBand Corporation Copyright WideBand Corporation. All Rights Reserved.

MCSE SYLLABUS. Exam : Managing and Maintaining a Microsoft Windows Server 2003:

A Guide to Managing Microsoft BitLocker in the Enterprise

Richmond Systems. SupportDesk Quick Start Guide

Cloudwork Dashboard User Manual

Yale Software Library

Why it s Time to Make the Change Analysis of Current Technologies for Multi-Factor Authentication in Active Directory

Training Guide: Configuring Windows8 8

PrivateServer HSM EKM Provider for Microsoft SQL Server

External Authentication with Windows 2012 R2 Server with Remote Desktop Web Gateway Authenticating Users Using SecurAccess Server by SecurEnvoy

Secure Messaging. Which kind of solution is the best for you? Agenda. Joachim Ringelnatz. Background Information. Standard Solutions

Protecting Data at Rest What to Consider When Selecting a Solution for Disk, Removable Media, and File Encryption

REDCENTRIC N3 SECURE REMOTE ACCESS SERVICE DEFINITION. SD045 V4.1 Issue Date Page 1 Public

Secure Data Exchange Solution

Two-factor authentication Free portable encryption for USB drive Hardware disk encryption Face recognition logon

FileCloud Security FAQ

For Managing Central Deployment, Policy Management, Hot Revocation, Audit Facilities, and Safe Central Recovery.

WinMagic Encryption Software Installation and Configuration

Database Administration Guide

ITKwebcollege.ADMIN-Basics Fundamentals of Microsoft Windows Server

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story

Password Manager. Version Password Manager Quick Guide

ManageEngine Desktop Central Training

APC Enterprise KVM Switches

How To Use Pki On A Pc (For A Non-Profit)

Full Disk Encryption Agent Reference

4cast Server Specification and Installation

Reporting works by connecting reporting tools directly to the database and retrieving stored information from the database.

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016

An Oracle White Paper Sep Buyer s Guide for Enterprise Single Sign On

Convenience and security

VMware Horizon Workspace Security Features WHITE PAPER

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Installing, Configuring and Administering Microsoft Windows

A new Secure Remote Access Platform from Giritech. Page 1

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

RSA SecurID Two-factor Authentication

סילבוס -MCITP מנהלי רשתות

MICROSOFT CERTIFIED SYSTEMS ENGINEER Windows 2003 Track

Transcription:

Winmagic SecureDoc Enterprise Server 4.3.1 Common functionality CRYPTAS it-security GmbH Modecenterstrasse 22/B2 A-1030 Wien www.cryptas.com Knowlegde Guide Vienna, December 2007

Winmagic SecureDoc Enterprise Server's (SES) functions in general SecureDoc Enterprise Server by Winmagic is a highly performant application protecting an enterprises confidential data by means of encryption. The product's main characteristics consist in its excellent ability to be integrated into Microsoft environments, such as Active Directory, Windows PKI, MS-SQL, its scalability, its easy maintenance, and not at least the particular good protection of data through strong encryption and the support of strong authentication. Strong encryption: SES is using AES 256 (Advanced Encryption Standard this is an algorithm with 256 key lenght) for symmetric encryption of data. These symmetric keys are protected by asymmetric encryption (digital certificates). Only the owner of the secret (private key) has access to a key file, containing the symmetric keys. The certificates can be issued either by an already existing PKI (e.g. Microsoft Windows 2K Server or newer) or by the onboard certification authority of the SES... Strong authentication: Instead of authenticating with username and password, to access the key file (weak authentication), advanced technologies like smartcards or smart tokens can be used optionally. In this case, the user s secret (the private key) to access the key file will be carried on the card or on the token and can not be taken away from the device. No vulnerable information is remaining on the user s computer (strong authentication) Something you have (token, smartcard) and something you know (pin) Applications: SecureDoc Enterprise Server allows administration of the functionalities of SecureDoc in an enterprise environment. Such as: Encrypting hard disks of client computers and servers. Optionally whole hard disks or single partitions can be encrypted. If you decide to encrypt whole hard disks, the user has to authenticate before the start of the operating system (pre boot authentication). Container encryption there is an option to set up encrypted areas on hard disks, that are mounted as drive. File and folder encryption - single files or folders on hard disks, removable media or on server shares can be encrypted for single users or user groups. Media encryption - the content of CD /DVD, usb volumes and even floppy disks can optionally be offered or required. Selfextractor in special cases, files or folders can be transfered to external users encrypted. In this case, the information is protected by password only, but the recipient does not have to be member of the internal organisation. He just needs to have the self extractor, which is free available. Scalability: SecureDoc Enterprise Server also meets requirements of huge organisations: 2

Reliability: SES components support redundancy SES supports multiple sites architectures and so called offline clients (computers, that never access the corporate networks) In addition, data can be protected not only on client computers and servers, but also on PDAs. The owner of an IT environment is free to decide, which functionalities are provided to specific groups of computers. Thus, it is possible to meet the requirements of sites and classes of users and computers according to their role in the corporate environment. (For example: a desktop computer in a head office is likely subject to very different threats than a field technician s notebook and therefore it needs a total different set of configurations and functionalities) Administration of access to encrypted information: Access to resources, encrypted data and computers, is administrated by defined administrators using a management-console. Therefore users can be assigned to administrate groups or containers, which stand for a set of resourced or devices. Users and groups can be imported from Microsoft Active Directory (AD) and stay synchronised with it. The local key files on the computers are automatically updated whenever a key is added or removed in the object properties settings in the SES database (management console). Additional to this, the helpdesk has access to a user friendly and secure password recovery / key recovery tool. Administration of Client-settings: Permissions, provided functionalities and other client specific settings are defined in profiles. Those settings are distributed automatically to all assigned clients whenever a configuration has changed. Thus, single computers and groups of devices with similar demands can be administrated in an easy and comfortable way. Integration in Microsoft environments: SES uses MS SQL as database server SES can use MS Active Directory a source for user accounts, groups and containers as well as the administration structure. SES can use certificates, issued by MS PKI SES can use the Windows integrated smartcard authentication Installation packages for SecureDoc client software, created by SES, can be distributed and installed by MS SMS and its follow up products. Support of other environments: SES can import user accounts and groups from any available LDAP directory SES can use certificates of any X.509V3 compatible PKI SecureDoc installation packages can de distributed to client computers by any software distribution systems. Components of SecureDoc Enterprise Servers (SES) SecureDoc Enterprise Server consists of at least 3 (optional 5) components 3

In the background there are: The SES database The SES Management Console In the front there are: SD Connex SD Active Directory Sync (optional) Online Password Recovery (optional) The SES Database: SecureDoc Enterprise Server stores all information, group membership, object properties, passwords and access keys in an encrypted database. This database can be hosted on any existing SQL server as additional database or run in an instance of SQL desktop edition (SQL 2000 MSDE or SQL 2005 Express Edition). Administrative rights on the SQL server are not necessary after the creation of the database. SES Management Console: The Management Console is used to access and display the encrypted content of the database. In the Console the assigned administrator can setup configurations, administer user accounts and keys, prepare installation packages and follow up events. It can be installed on the workstation of the assigned administrators. Multiple consoles can access one SES database. SD Connex This is the communication service of SecureDoc Enterprise Server. It connects SecureDoc client software and the SES database. It has to be visible to all online clients in an organisation. In huge organisations, there can be multiple SD Connex servers. Offline clients communicate with the database using email, CD or USB medias. Active Directory Sync (optional) This service synchronises user accounts, groups and container with Active Directory. Changes, made in AD are automatically taken into the SES database. The other way round, changes on objects in the SES database are not written back into AD. Online Password Recovery (optional) The OPR is a web interface, that allows the helpdesk team (or optional the user himself) to recover forgotten passwords or unlock locked computers in a secure way without contacting the SES administrator. 4

CRYPTAS it-security Gmbh Modecenterstrasse 22/B2 A-1030 Wien, Austria T +43 (1) 798 96 96 0 F +43 (1) 798 96 96 99 info@cryptas.com www.cryptas.com 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information