Innovative Secure Boot System (SBS) with a smartcard.



Similar documents
Do "standard tools" meet your needs when it comes to providing security for mobile PCs and data media?

DriveLock and Windows 7

How Drive Encryption Works

DriveLock and Windows 8

How to Encrypt your Windows 7 SDS Machine with Bitlocker

Encrypting with BitLocker for disk volumes under Windows 7

Using BitLocker As Part Of A Customer Data Protection Program: Part 1

CRYPTAS it-security GmbH

WinMagic Data Security Enterprise Full Disk Encryption Solutions

How Endpoint Encryption Works

Firmware security features in HP Compaq business notebooks

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015

Two-factor authentication Free portable encryption for USB drive Hardware disk encryption Face recognition logon

GoldKey Software. User s Manual. Revision WideBand Corporation Copyright WideBand Corporation. All Rights Reserved.

White Paper: Whole Disk Encryption

Windows BitLocker Drive Encryption Step-by-Step Guide

Introducing etoken. What is etoken?

Introduction to BitLocker FVE

GoldKey Product Info. Do not leave your Information Assets at risk Read On... Detailed Product Catalogue for GoldKey

SecureAge SecureDs Data Breach Prevention Solution

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows

Enhancing Organizational Security Through the Use of Virtual Smart Cards

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

TrustKey Tool User Manual

Verbatim Secure Data USB Drive. User Guide. User Guide Version 2.0 All rights reserved

Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology

Pointsec Enterprise Encryption and Access Control for Laptops and Workstations

Release Notes. NCP Secure Client Juniper Edition. 1. New Features and Enhancements. 2. Problems Resolved

PROXKey Tool User Manual

Token User Guide. Version 1.0/ July 2013

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

SafeGuard Easy Administrator help. Product version: 6 Document date: February 2012

Disk Encryption. Aaron Howard IT Security Office

PGP Whole Disk Encryption Training

Management of Hardware Passwords in Think PCs.

Kaspersky Lab s Full Disk Encryption Technology

Yale Software Library

Security Considerations for DirectAccess Deployments. Whitepaper

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

Digital Signatures on iqmis User Access Request Form

Installing and Upgrading to Windows 7

Managing and Supporting Windows XP Chapter #16

Service "NCPCLCFG" is not running In this case, increase the WaitForConfigService setting until the problem is circumvented

HP ProtectTools Embedded Security Guide

etoken Single Sign-On 3.0

Comodo Disk Encryption

EMBASSY Remote Administration Server (ERAS) BitLocker Deployment Guide

Symantec Endpoint Encryption Full Disk

Sophos Disk Encryption License migration guide. Product version: 5.61 Document date: June 2012

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere

YOUR DATA UNDER SIEGE. DEFEND IT WITH ENCRYPTION.

Full Disk Encryption Policy Reference

Full Disk Encryption Agent Reference

A Guide to Managing Microsoft BitLocker in the Enterprise

Using Microsoft Windows Encrypted File System (EFS)

Encrypting the Private Files on Your Computer Presentation by Eric Moore, CUGG June 12, 2010

Windows BitLocker TM Drive Encryption Design Guide

SecureDoc for Mac v6.1. User Manual

DIGIPASS CertiID. Getting Started 3.1.0

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016

Aegis Padlock for business

Managing BitLocker Encryption

Understanding Northwestern University s contract with Symantec. Symantec Solutions for Cost Reduction & Optimization

RSA Authentication Manager 7.1 Basic Exercises

Guidelines on use of encryption to protect person identifiable and sensitive information

Deploying EFS: Part 1

Check Point FDE integration with Digipass Key devices

SafeGuard Easy startup guide. Product version: 7

BitLocker Encryption for non-tpm laptops

TPM. (Trusted Platform Module) Installation Guide V for Windows Vista

IBM Client Security Solutions. Client Security User's Guide

SafeGuard Enterprise User help. Product version: 6.1

Full Disk Encryption Pre-Boot Authentication Reference

epass2003 User Guide V1.0 Feitian Technologies Co., Ltd. Website:

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

ProtectDrive. User Manual Revision: B00

Virtual Machine Encryption Basics

Chapter 1 Scenario 1: Acme Corporation

Secure Data Exchange Solution

McAfee Endpoint Encryption (SafeBoot) User Documentation

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation

In order to enable BitLocker, your hard drive must be partitioned in a particular manner.

ACER ProShield. Table of Contents

Table of Contents. TPM Configuration Procedure Configuring the System BIOS... 2

SafeGuard Enterprise User help. Product version: 7

Functional diagram: Secure encrypted data. totally encrypted. XOR encryption. RFID token. fingerprint reader. 128 bit AES in ECB mode Security HDD

ScoMIS Encryption Service

Guide for Securing With WISeKey CertifyID Personal Digital Certificate (Personal eid)

TPM. (Trusted Platform Module) Installation Guide V2.1

1. New Features and Enhancements in Service Release 9.31 Build 104

HP ProtectTools User Guide

The Encryption Anywhere Data Protection Platform

Symantec PGP Whole Disk Encryption Hands-On Lab V 3.7

Transcription:

Managed Security Services Desktop Security Services Secure Notebook Desktop Security Services. Secure Notebook. Today s business environment demands mobility, and the notebook computer has become an indispensable item for everyone from top executives to sales representatives. Each year notebooks collectively valued at more than a billion euros are stolen worldwide. Notebook users take sensitive information with them for retrieval and updating while traveling. When hardware is stolen, businesses and institutions require the maximum in reliable protection against unauthorized access to their data. What is Secure Notebook and what can it do? Secure Notebook is a secure hard disk encryption solution that uses Secure Boot System (SBS). It provides the perfect power-off protection through innovative security mechanisms that ensure the highest level of security for both the system and the data stored on it, even when the system is powered down. Secure Notebook is especially effective in thwarting attempts to gain access by booting from external media. Hacker tools don t stand a chance. Even installing the hard disk drive in another computer will fail to provide access to the encrypted disk or partition. Your data are secure! Innovative Secure Boot System (SBS) with a smartcard. The Secure Boot System is started during the boot process. Authentication with the smart card begins even before the notebook s operating system (Microsoft Windows) boots. This effectively prevents unauthorized access to data, as a would-be attacker would be unable to access the hard disk data without both possession of the smart card and knowledge of the appropriate PIN. The smart card offers the best protection available to date for such secret elements as keys or passwords. By integrating the authentication process with the Secure Boot System, this solution, unlike others, allows the use of a variety of (PC/SC compatible) smart card readers or smart cards (with a PKCS#11 interface). Data are encrypted using standardized public key methods. Secure Notebook can be integrated seamlessly into public key infrastructures. An integrity checking process provides additional protection against manipulation and offers the highest level of security. Additional functions such as an online and offline PIN reset capability for the smart card are already implemented in the Secure Boot System. Business flexibility

Superfast initial encryption and secure algorithms. The very fast initial encryption encodes 20 GB of data in only 45 minutes. The encryption process is completely transparent for the user and causes no noticeable loss in performance. Such widely used encryption algorithms as 256 bit AES or 128-bit DESX provide the highest level of data security. Scalable security and extreme user friendliness. Secure Notebook is a scalable security solution that provides the highest level of security for sensitive business information on notebooks and removable USB media. User authentication settings are flexible, allowing authentication with either a password or the smart card-based Secure Boot System. The option of activating the Secure Boot System at a later time is also available. An installation wizard enables fast and easy installation of Secure Notebook even in large corporate enterprises. Using the integrated script builder, an administrator can perform configuration and software distribution tasks centrally. A company can implement the security policies of its choice company-wide without requiring any action on the part of the end user. Subsequent configuration changes can be implemented quickly and automatically in the same way. the level of data security and help reduce the workload burden on support staff. Benefits: Perfect power-off protection Secure smart card-based authentication according to the possession and knowl - edge principle Standard interfaces for smart cards (PKCS#11) and smart card readers (PC/SC) Simple integration in public key infrastructures (PKI) Use of PKI methods for encryption Multiple user capability with a smart card Data encryption on removable USB media Highly secure algorithms: 256 bit AES, 448 bit Blowfish, 128 bit DESX Cost-reducing and user-friendly help desk function using modern, ISO-compliant challenge/response procedures Login restrictions can also be controlled through challenge/response procedures Highly interoperable with boot managers Integrated installation wizard Supports unattended installation and deinstallation Modern, centrally administrable recovery functions Integrity checks (code hashing) protect the Secure Boot System against manipulation Supports Norton Ghost and other hard disk imaging tools Superfast initial encryption: 120 GB in 4.5 hours Technical characteristics: Operating systems: Windows 2000 Windows XP (NTFS file system) Standards: PKCS#11 PC/SC AES DESX Blowfish Date of publication 10/2006; subject to change without notice; printed on chlorine-free paper, typix A help desk button in the Secure Boot System login dialog provides emergency access to the Secure Notebook challenge/response function. In the event of a faulty smart card or smart card reader, authentication can alternatively take place via the Windows operating system simply by calling a member of the help desk staff. State-of-the-art, centrally administrable recovery functions provide reliable protection against data loss when hard disk errors occur. They also raise Pulished by: Corporate Marketing & Communications Mainzer Landstrasse 50 60325 Frankfurt am Main, Germany Responsible for content: Contact: E-Mail: security-solutions@t-systems.com Phone: +49 (0)6151 818 6105 Product Marketing Manager: Andreas Brasching

Managed Security Services Desktop Security Services Hard drive encryption Desktop Security Services. Hard drive encryption. Confidential data, particularly that on laptops, must be protected. If sensitive data is appropriated by third parties, the result can be major losses. Statistics show that every year, one billion euros worth of notebooks are stolen. And the value of the information stolen far exceeds the value of the hardware. boot protection und encryption of the hard drive with strong algorithms. "Hacker tools" cannot decrypt the protected data. The solution relies on a central management console where the authorized users and machines are managed. Hard-drive encryption offers company-wide protection for sensitive information on notebooks and desktops. Unauthorized access is reliably prevented through pre-boot user authentication, Architecture of the hard drive encryption service with centralized management console. The user is provided with a package that automatically logs in to the management console immediately after installation and registers the PC there. Naturally, installation can also be done through software distribution. Within the framework of flexible security management, encryption can be triggered by the help desk or directly automated following installation. The hard drive is encrypted in a fully transparent manner in the background so that the user can continue to work without a problem, creating significant synergies with respect to the total cost of ownership (TCO). If the laptop is locked or the password is forgotten, a very flexible recovery scenario is possible through the help desk or by means of a Web interface. The user logs in using a password or a highly certified USB security token (based on the "possession and knowledge" principle) on system startup. Without valid system authentication, no access to the hard drive is possible and the data are protected against viewing and theft. Business flexibility

The security policy can be configured through the management console and determines how often a user can log on incorrectly or how long he can work with the system without logging on to the server again. scribes rights and configuration and handles software updates using its own system Secure screensaver System requirements: Date of publication 10/2006; subject to change without notice; printed on chlorine-free paper, typix As an option, a secure screen saver can be activated, allowing the user to log in with the token or the hard-drive encryption password. The "Lock when token is withdrawn" option allows the PC to be locked when the smart card or the USB token is removed. Clients: Windows 95, 98 Windows ME Windows NT Windows 2000 Windows XP Service features: Server: Access control through pre-boot with varied USB token support (knowledge and possession) Transparent encryption and decryption for the user Initial encryption occurs during operation, allowing the user to continue working and making for low TCO Efficient central security management and recovery via helpline or using Web interface Single sign on for all Windows platforms and reconciliation with domain password possible User administration possible by accessing Active Directory or another directory service Central management, allowing separate administration of users and machines, pre- Windows 2000 server Windows 2003 server Windows 2000 (optional) Windows XP (optional) offers support and will assist in designing and installing the product as part of its advisory services. Pulished by: Corporate Marketing & Communications Mainzer Landstrasse 50 60325 Frankfurt am Main, Germany Responsible for content: Contact: E-Mail: security-solutions@t-systems.com Phone: +49 (0)6151 8186105 Product Marketing Manager: Andreas Brasching

Managed Security Services Desktop Security Services Container encryption Desktop Security Services. Container encryption. Container encryption reliably protects sensitive data on notebooks and desktop computers, ensuring transparency for the user regardless of where it is stored (local hard drives, exchangeable media, file servers) and at any time. The result: the user need not have a single concern about the security of his data. It is all done by creating secure virtual drives that represent logical drives within the system and store data in encrypted form in a single, large file (a container). This solution combines extensively user-independent encryption with the simultaneous protection of any files in a secure container. It creates a sort of "electronic safe" that protects confidential data on a computer. All the user needs to do is log into a container to open up the electronic safe, and he can then work with his encrypted data as if it were decrypted. The data is automatically encrypted when it is stored in an open container. Likewise, the data is automatically decrypted when it is opened with a program or by Windows Explorer. The user no longer has to deal with encrypting his data. Key Features: Automatic encryption (high transparency) All contents and additional information, such as directory information, filename, file size and author are encoded When working with encrypted files, the data remains encrypted on the hard drive; the content is available as text in the local memory only Confidential data can be secured without making it necessary to encrypt an entire hard drive or partition Access to smart cards via Microsoft CryptoAPI Containers can be created on any available drive. They can be located on portable media (diskettes, CD-ROMs, DVDs, ZIP drives, USB and Flash memory cards etc.), on local drives and even on network drives. All read and write operations on the virtual drive are encrypted and decrypted. Business flexibility

Security is under the protection of the container. Without access rights, users can under certain circumstances delete a container (if access is not prevented) and read the encrypted content, but they are not able to read the files in text. The directory structure, which was defined within the container, also remains hidden from them. The option of using Microsoft CryptoAPI architecture allows corresponding hardware components (e. g. chip cards or USB tokens) of leading thirdparty manufacturers to be used for authenticating users. This means it is possible to use certificates and public key key pairs instead of passwords. Once a certificate is assigned to a container, it can be used for authentication after that. Only the user of the certificate has access to the private key associated with the certificate and can thus use it to log in to the container. As with passwords, certificates can be provided with user or administrator rights. Service features: Fast and transparent encryption through simulation of an additional drive Can be used on hard drives, network drives and portable media (diskettes, CD-ROMs, DVD, ZIP drives, Jaz, MO disks, USB and Flash memory cards, etc.) Seamless integration into Windows Explorer User authentication via password and/or X.509 certificates Support for chip cards and USB tokens (e. g. Aladdin) Central administration of security-relevant settings through group guidelines in ADS Optional deletion of Windows pagefile when computer is shut off Secure crypto-algorithms: AES (Rijndael) 128-bit key length, RSA, PKCS#5, X.509 certificates Date of publication 10/2006; subject to change without notice; printed on chlorine-free paper, typix System requirements: offers support and will assist in designing and installing the product as part of its advisory services. Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows NT Version 4.0 Pulished by: Corporate Marketing & Communications Mainzer Landstrasse 50 60325 Frankfurt am Main, Germany Responsible for content: Contact: E-Mail: security-solutions@t-systems.com Phone: +49 (0)6151 818 6105 Product Marketing Manager: Andreas Brasching

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information