SecureSentryPro
SecureSentryProTM: Combines access control and information security. The software utilizes personal tokens and passwords to allow access only to authorized users. Sensitive information is automatically encrypted "On-The-Fly" into protected folders on the hard disk and network.
English
Supported Technologies
Windows 95/98/ME,
Windows XP/2000/NT
Click on a technology to view similar products within this category.
Pricing
Users (# of seats)
sales@aliroo.com
972-9-7677732
Additional Product Information
I. Product Definition , What does SecureSentryPro do? , SecureSentryPro provides complete PC and laptop security by denying access to Windows and eliminating DOS access from the boot sequence. The software features transparent "On-The-Fly" data encryption for specific folders in the locale hard disk. SecureSentryPro continues to verify the user's identity by checking for the presence of the correct Token periodically or the users password throughout the work session. The combination of all these features provides a strong security environment., How does SecureSentryPro work? , The SecureSentryPro administrator, before installation, changes the CMOS setup to eliminate floppy disk booting, and CMOS settings are password protected. During installation, SecureSentryPro cancels the "F8" option for the PC, eliminating DOS access from the boot. The manager configures a profile that specifies the folders to encrypt, and the token or password to use for the user login and authentication. The manager can configure the screen saver mode to block access completely to the PC once the system has booted., In the course of a work session, the SecureSentryPro Client in the task bar, constantly monitors the Token reader or password timeouts, checking for the continued presence of the authorized Token. If the Token is not present in the port, SecureSentryPro brings up a screensaver (when OTF is activated the Profile Keys are immediately erased from the driver), and access is restricted. Short of physically detaching the hard drive, there is no way to gain access to the PC. If the hard disk is dismantled the hacker will see the encrypted files as gibberish!, SecureSentryPro Advantages, ?h Automatic On-The-Fly encryption, encryption of the users information is completely transparent., ?h More secure than simple password protection, data is encrypted!, ?h Ideal for "road warriors" - a stolen notebook is totally inaccessible without a token or a password., ?h Token for access protection can be multifunctional - electronic purse, etc., ?h Access is restricted even in the course of a work session , ?h "Suspend" hotkey option available, ?h User-defined lapse between Token or password checks., ?h Optional PIN protection in addition to Token presence check - protects against unauthorized access due to Token theft , ?h Full Token and PIN management through the SecureSentryPro Manager module, ?h Hold-up Protection- option initiates PIN check at user-determined intervals , SecureSentryPro, The Manager:, The Manager determines the user name and a set of rules for each user, to be called a Profile. , The Manager program, configures a Profile for a target computer in the network by creating the profile and the sending it to the target computer via email or by giving it to the client user on a floppy disk. The manager configures all the profiles in the system whether the system consists of a single machine, a locale network of a group of computers that are not connected to any network., The profile is configured of the managers- computer and then "sent" to the client that will use this profile for login. The profile can be transmitted via email, floppy disk of any other means to data transfer. The profile is theft proof because it is encrypted. If anyone obtains a copy of this file he cannot read it! Only the user that has the user password or manager password can decrypt this file., What is a profile?, A Profile is the users configuration data file. This data consists of:, ?h Main - User name and password including time of profile creation and password expire counter., ?h Hard Disk - The names of the user private folders and the symmetric encryption key for these directories. , ?h Shared - The profile has the Shared folder names and there encryption keys., ?h Floppy - floppy disk access rights., ?h Token - The users token serial number., ?h Access - time intervals between password or token reevaluation, The profile also has the Profile Global parameters:, ?h Lockout vs. Logout - SSP can be used only for working with encrypted data without using the access control features. In this case when a user logs out, the system just stops decrypting data and nothing else., If the "Block access to computer" parameter is enabled the logout process becomes a lockout process which means that the computer is locked and can not perform any function until another user loges in correctly., ?h Blocking if the "regedit" and "taskman" programs. This feature is necessary to stop anyone from uninstalling SSP by directly accessing the registry or closing any process in the system., Swap file:, The swap file is encrypted to prevent a hacker from using this file to read the decrypted data. This is done automatically by the OTF mechanism. Windows 98 supports this feature as well. In some cases, in Windows 95, the OTF is not able to support this feature. The system then works without a swap file. When this happens, The Manager has to disable the swap file in order to enable the client program to function., The Client:, The Client program is able to decrypt the user Profile from the registry in order to enable the user to work with a specific configuration. The Client cannot change anything in this configuration. When this application is not running the user is not able to read any encrypted files from the protected folders. , Because the SSP becomes part of the windows system in case of an error the user will get the relevant windows error message but the SSP window appears on the right bottom side of the screen with the SSP specific error message. When the Client gives the correct password the program is activated. It decrypts the user configuration profile and enables the user to work in the OTF mode., The Client gets messages from the driver and creates pop-up windows with relevant messages for the user. The Client program supplies information for the driver such as the initialization data, i.e. the profile. , Screen saver mode:, The client program handles locking of the system via the screen saver mode. Unlocking is possible with a Token or a password. The program locks the computer into Screen Saver mode. This mode protects the computer when the user is not present. Any attempt to user Alt-Ctrl-Del or Alt-F4 will fail. The user can only Shutdown his computer or initiate the Rescue procedure., The Filter Driver:, The OTF runs from a filter device driver positioned between the Windows interface and the hard disk driver. The Client program and this driver must be installed on every computer that the SSP supports OTF on. When a user logs in successfully the profile will be decrypted and transmitted to the driver. This will create a database reflecting the profile configuration intended. The driver captures all the user's actions, and will check each of the users' requests., The events captured by the driver: , ?h Open or Create a file of a directory , ?h Add a File to a folder, ?h Close a file , ?h Read a file, ?h Write a file, ?h Delete a file, ?h Rename a file, ?h Create a new directory, ?h Remove an exiting directory, ?h Rename a directory, ?h Change directory command with the explorer., This filter driver processes these events. The driver enables or blocks the user's actions or encrypts any files according to the user Profile., Because the driver becomes part of the windows system SSP uses the driver to defend itself against hacking. For instance, the driver will block any attempt to delete SSP files form the system. The only way to uninstall SSP is with the managers' password., Encryption , Information protection with SSP is based on symmetric key encryption of all private directories. Shared directories have a different encryption key for every directory. The encryption uses the 40-bit RC2, DES or Triple-DES key, according to the export license of the specific user or organization. All items in a specific directory are encrypted with the same key. This key may change when the file is moved to a shared directory. In the shared directory the file is encrypted again with the shared directory encryption key. , Key Recovery , The system supports complete backup and key recovery in all levels of security while still maintaining appropriate cryptographic standard . This architecture guarantees that data needed to gain authorized access to a file is not lost even in the case that a user forgot his password or the profile was accidentally deleted. The encrypted file integrity is in the jurisdiction of the operating system, which is the standard of Microsoft windows. Figure 1.1 illustrated the levels of key recovery. The dotted lines show the method of obtaining the encryption key in order to read a file. The bold lines show the hierarchy of key recovery. Every box pointing downward mean a superior user or layer that can over ride its subject password., If we look at this model bottom up:, ?h Encrypted files., The last link is the data file that we encrypt. Back up of your data on your files must be made in the standard backup method for information on windows file system. No change in this method is necessary in spite of the pact that now this is encrypted data., ?h The profile., As mentioned, the profile has the encryption symmetric keys for the users files. A profile can be backed up with the export function in the SSP manager. This backup can be stored on the hard disk or a floppy disk, ?h Token & PIN., If a Token is lost or the PIN forgotten a user can bypass this problem by logging in with his users password, until the manager will configure for this user a new Token & PIN., ?h Users Password., If a user forgets his password and does not have any token to login with, he must turn to his manager, and he will configure a new password for the user., ?h Manager Password., In the event that the manager forgets his password he can use the Recovery Data File or RDI. This file is automatically created when the manager password is configured. This file can be found in the SSP directory. If the manager is locked out of the system he can obtain a copy of this file by clicking the Rescue button on the login window. The manager contacts his certificate file provider help desk, by default this help desk is the Aliroo help desk and can retrieve his password.