Welcome to CompuSec® 4.24
|
|
|
| CompuSec®
Release 4.24 Overview |
This is
an overview of the new CompuSec® 4.24 release.
New functions and major improvements have been implemented for our corporate
customers and individual users. |
|
| 5
Versions of CompuSec® are Now Available |
FREE CompuSec® is a free software version
representing the latest security technology. |
| CompuSec® with
e-Identity® provides latest Public-Key technology on the highest security
level. |
| CompuSec® BIO adds
Biometrics to the e-Identity® version. |
| CompuSec® HSM uses
a Hardware Security Module as encryption platform based on a PCI card. |
| CompuSec® Mobile
uses a PC Card as security platform and integrates a smart card reader. |
All
product versions are designed for both corporate and individuals use. |
|
| New
in Release 4.24 |
| |
A new easy-to-use interface provides customers with a fresh yet familiar environment. |
| |
CompuSec® 4.24 has incorporated many back-end code improvements for improved usability and performance. |
|
|
| FREE
CompuSec® |
| |
The FREE
CompuSec® version is provided free of charge for both personal and
commercial use.
|
| |
No
registration is required.
|
| |
CE-Infosys
provides service and support for the FREE CompuSec® version through
telephone hotline in Germany, e-mail and a Yahoo user group forum. |
| |
Maintenance
contracts are available for corporate who require fast guaranteed response
time. |
| |
Corporate
users deploy the GlobalAdmin management station or the GlobalAdmin LITE
software to administer large numbers of CompuSec®. |
|
Corporate
users may use all versions of CompuSec® in a mixed environment. |
|
The free
product is a full version without any limitations. It is NOT a demo or trial
version. |
|
A version for FREE CompuSec® Linux with limited support is available for download at www.ce-infosys.com. |
|
|
| Functions
and Features for FREE CompuSec® Version |
| |
Access control with user ID and password.
|
| |
Password
reset code for lost passwords.
|
| |
Emergency
rescue diskette for lost password and lost password reset code.
|
| |
Security
information will be generated during installation and can be stored on the
media of your choice. |
| |
Hard disk
encryption of all sectors (used and unused). |
|
Hibernation
mode support (suspend to disk). |
|
The
hibernation data are stored in encrypted format on the disk. |
|
Removable Media encryption (i.e. USB Memory Sticks, ZIP Drives, Floppy). |
|
CD/DVD encryption. |
|
Encryption of Server
Files & Subdirectories (SafeLan). |
|
Encryption of
Individual Files (DataCrypt). |
|
Up to 8 hard disks can
be encrypted. |
|
Secure voice
communication - [ClosedTalk]® |
|
Single Sign On for
Microsoft Windows 2000 and Microsoft XP. |
|
Background encryption
saves installation time. |
|
Multiple Boot Device
support. |
|
|
| Functions and Features Highlight for CompuSec® products with e-Identity® |
| There are 5 versions of CompuSec® available to suit individual and cooperate needs. CompuSec® e-Identity® extended the Free CompuSec® security suite features and functions with PKI technologies. CompuSec® e-Identity® comes with an e-Identity® security device, such as smart card with USB reader or an USB token.
Below is the highlight of the functions and features for the CompuSec® products with e-Identity®. Please contact your dealer or CE-Infosys for further information on specify products or visit our website for more information – http://www.ce-infosys.com. |
|
| Access
Control |
| |
Multi-factor authentication prior to the operating system boot process.
|
| |
USB bus access before the OS is loaded. |
| |
Wide ranges of password policies are provided for our corporate users.
|
| |
A challenge-response procedure is used to reset forgotten passwords. |
|
|
| Pre
Boot PKI |
| |
Public-Key
based access control before the system boots.
|
| |
Access
is granted based on validity of the certificate. |
| |
Central
management of user - computer relation based on PKI.
|
| |
Allows
any number of user groups and flexible computer pools. |
| |
Remote
control for user assignment
(Add and remove users from a remote machine). |
|
Many-to-many
relationship between users and machines. |
|
|
| Identity
Managment |
| |
CompuSec®
manages the identity of the user for applications.
|
| |
For existing applications requiring passwords, CompuSec® learns the user's passwords, stores them in encrypted format and automatically inserts the correct password into the application when required. This is available for local and WEB based applications. |
| |
For new designed applications, CompuSec® manages the complete application policies for each user. CompuSec® collaborates with a policy database where tickets are generated for the applications. A powerful and easy-to-use API is provided for applications to query the user policies. This allows central management of user rights within applications.
|
| |
For critical business processes, a BioClick is used to initiate trustful transactions. BioClick is a touch of the biometric scanner for finger-print authentication within half a second by the authorized person. (CE-Infosys' Biometric Scanner is required) |
|
|
| Hard
Disk Encryption |
| |
CompuSec® provides sector based hard disk encryption.
|
| |
This
includes encryption of the operating system. |
| |
The keys are safely stored in CompuSec® e-Identity®.
|
| |
The hard disk encryption supports virtual disk, a great new feature for our corporate users. |
|
Hibernation
mode support (suspend to disk) stores encrypted hibernation data
on the disk. |
|
Fast
AES Algorithm with 128 or 256 bit key length. |
|
Up
to 8 hard disks can be encrypted. |
|
The
initial encryption of the hard disk can be performed in the background while
the user continues his/her normal work. |
|
Support hardware based encryption. |
|
|
| Encryption of Diskettes, CD-ROM & Removable Media - CDCrypt |
| |
CompuSec® comes with a full media, sector based encryption for removable devices like external hard disk, USB Memory Sticks and including floppy diskettes.
|
| |
A Removable Media Encryption (RME) icon at the task bar allows users to switch between plain and encrypted operation. |
| |
Formatting of the removable device creates an encrypted device.
|
| |
An encrypted device is seen with unknown partition type if the user does not own the media key. |
|
Encryption for CD / DVD uses CDCrypt feature to support external CD burner that is connected using USB or IDE. |
|
With central administration, an encryption policy may be define whether a user may or may not switch the mode (encrypted/plain) when using such devices. As such, an organization can easily enforce a policy to use only encrypted Diskettes, Removable Media Devices and CD-RW / CD-R / DVD to minimize the threat of data theft. Such encryption is unobtrusive and does not change the way the user works with these devices. |
|
|
| Encryption of Server Files & Subdirectories - SafeLan |
| |
This great product is now a part of CompuSec® for our corporate users. SafeLan keys are managed using a GlobalAdmin station. Private end users can try SafeLan without buying an Admin station.
|
| |
Allows encrypted folders on the NTFS file server or on your local NTFS
partitions. |
| |
SafeLan keeps file contents private wherever your files are, on the local drive, on the file server or on the backup made from the file server. |
|
Your SafeLan keys are safely stored in the CompuSec® e-Identity®. Up to 8 sample keys are provided with every standalone version. |
|
|
| Encryption
of Voice Communication - [ClosedTalk]® |
| |
[ClosedTalk]® is a component of the FREE CompuSec® security suite used for encrypted voice
communication between 2 CompuSec users.
|
| |
No IP
telephone is required. [ClosedTalk]® uses Internet to transport the voice data
from one user to the other. |
| |
Email addresses are
used to contact communication partners. An email address is self-explanatory
and easier to remember than traditional telephone numbers.
|
| |
[ClosedTalk]® uses a
gatekeeper service to find the communication partner on the network. |
|
The ECC based
Diffie-Hellman key generation protocol is used to provide secure session keys
for each talk. |
|
Security code is generated and displayed for each communicating partner. Verbal verification can be done to make sure there is no man in the middle attacks. |
|
|
| Encryption of Individual Files - DataCrypt |
| |
DataCrypt is included in CompuSec® that enables users to encrypt individual files.
|
| |
The file encryption
uses a public-key system based on elliptic curve cryptography. |
| |
Encrypted files can be
sent as email attachment, ftp, etc.
|
| |
DataCrypt can be used
as a software module without CompuSec® and can be forwarded
to other users free of charge without a license. |
|
DataCrypt
uses a new technology called 'SEALING' that hides all structures in the
encrypted file, giving additional protection against 'traffic analysis'
(spying) on the network. |
|
|
| Advance VPN Client for Secure Connection to Corporate Networks – IPCrypt Client |
| |
IPCrypt
Client is built into CompuSec®. |
| |
VPN
client supports Corporate users traveling worldwide using any kind of
connection. |
| |
VPN
security supports wireless LAN applications. |
|
|
| Single
Sign On |
| |
Automatic
logon to Windows 2000 and Windows XP.
|
|
Credentials
stored inside the e-Identity®. |
|
Screen Lock to secure your OS from unauthorized access. |
| |
Password lockout for defined number of failed attempts. |
|
|
| Certificate
Store |
| |
CompuSec®
uses e-Identity® as certificate store for X509.V3 certificates.
|
| |
e-Identity®
stores Logon certificates for Microsoft Domain Server Logon. |
| |
e-Identity®
stores certificates for E-Mail encryption and E-Mail signature.
|
| |
e-Identity®
stores network certificates. |
|
|
| Large
Customer Support |
e-Identity®
can be used in four different modes:
| |
User
Mode
|
An
e-Identity® managed by the GlobalAdmin using the PKI for a user.
|
|
| Expert
Mode |
An
e-Identity® managed by the GlobalAdmin using the PKI for a user that is
installing the system on a one-time basis.
|
|
|
Installer
Mode
|
An
e-Identity® managed by the GlobalAdmin using the PKI for an installer used to
install multiple systems. |
|
| Direct
Access Mode |
An
e-Identity® managed by the GlobalAdmin for direct access from one user to one
computer. |
An
unattended automatic installation mode is available for large organizations.
Please contact your dealer or CE-Infosys.
|
|
| Options |
| The
philosophy of CE-Infosys is to provide the customers with the best possible
solution that is made as easy as possible. Guided by this philosophy, we
provide a vast number of functions in our FREE CompuSec® Security Suite so that
users can choose their preferred functionality during installation. The minimum
requirement is to install the central management station and custom-specific
enhancements. |
|
| GlobalAdmin
- Central Management for Large Organizations |
|
Central Management for CE-Infosys Security products.
|
|
|
GlobalAdmin
is the solution for central management of large numbers of CompuSec®
installations.
|
| |
Any
number of users per computer can be assigned. At the same time, each user can
be assigned to any number of computers.
|
|
| VPN and Firewall Management.
|
| |
The
assignment of users to computers is performed at the GlobalAdmin station
without physical access to the users smart card or the computer.
|
| |
GlobalAdmin
is a complete Certification Authority and may be used to implement a complete
Public Key Infrastructure. |
|
|
| GlobalAdmin
LITE - Central Management for SME customers |
| |
GlobalAdmin
LITE manages all CompuSec® products for organizations using up to 200 users.
|
| |
Software version without the Hardware Security Module. |
|
|
| Public-Key
Infrastructure |
CompuSec®
customers may use the CE-Infosys PKI, which is part of the GlobalAdmin products
and supports e-Identity®. The use of e-Identity® is not limited to CompuSec®
security functions. Other user applications can easily be secured using
e-Identity®.
Further
enhancements of the product will be announced at http://www.ce-infosys.com |
|
| Installation
Notes |
| CompuSec®
comes with its own boot sector virus protection. Before installing CompuSec®,
any existing boot sector virus protection must be deactivated. CompuSec® will
save the existing boot sector and replace it with the CompuSec® boot sector.
After installation, CompuSec® protects the boot sector with its integrated
protection mechanisms. A normal BIOS based boot sector protection may be
activated again. |
|
| CompuSec®
Installation Tips |
A
single user installation creates a file with all the keys required for a later
security activity. This file is named SecurityInfo.dat. It is recommended to
copy this file onto a reliable external media and store it at a safe place.
The
security file, SecurityInfo.dat, is required to uninstall the product, or when
the password and the password-reset code are forgotten.
The
security file, SecurityInfo.dat, is unique to a computer. It can only be used
for the machine where it was initially created.
The
initial password after the installation of CompuSec® is "start123".
The user ID must be 1 to 16 characters long. Characters can be alphanumeric.
The password must be 6 to 16 characters long. Characters can be alphanumeric.
The first time Windows is started, a MANUAL logon is required. CompuSec® learns
the password for future automatic logon.
A
CompuSec® managed by a GlobalAdmin station does not generate such a file. All
the required data are stored in the GlobalAdmin database. |
| |
|