|
FREE CompuSec® version 5
Software Security for Notebooks, Desktop & Tablet PCs
|
Welcome to FREE CompuSec® for Windows. This software is provided free of charge for both personal and commercial use, and does not have any limitations. No registration is needed for using this product. This Read Me is divided into the following sections:
|
| System Requirements |
Operating System
Microsoft Windows® 2000, XP Professional Edition, Windows® 2003, Windows® XP Tablet Edition and Windows® Vista
Hardware (Minimum Requirements)
600 MHz Pentium® III processor
128 MB RAM
100 MB of available hard-disk space
Hardware (Recommended Requirements)
2 GHz Pentium® 4 processor or higher
512 MB RAM
|
| Overview |
FREE CompuSec® is a full functioning software without any limitations.
- Pre-boot Authentication and Single Sign On
- Full Sector-based Hard Disk Encryption
- Removable Media Encryption
- SafeLan – Encrypt files and folders on a server
- DataCrypt – Encrypt individual files using Public Key Cryptography
- Identity Management
- [ClosedTalk]® - Secure VoIP
- [DriveCrypt]® - Container Encryption
- IPCrypt Client
- Password history and complexity checks for higher security
- Remote challenge/response password reset mechanism when managed by GlobalAdmin
Top |
| New in this Version |
- Support for Windows Vista
- New and improved DataCrypt
- New [DriveCrypt]® application for container encryption
- FREE CompuSec® status reporting
- Improved Audit Logging
- Improved architecture for easier user management using GlobalAdmin
- New remote challenge/response password reset mechanism
- 256-bits AES encryption for Standalone installations
Top |
| Installing & Uninstalling FREE CompuSec® for Windows |
In order to install FREE CompuSec®, you must have administrator privileges. These steps should be followed for the installation:
- Disable boot sector virus checking in the BIOS
- Close any other running programs
- Turn off all anti-virus software before beginning the installation
- Run the Setup.exe
There are 2 different installation options, Standalone or GlobalAdmin Managed.
If you are installing a Standalone installation, please take note of the following points:
- The initial password after installation is “start123”.
- The password reset code can be used to reset a lost password. It should be kept securely.
- Please keep the “SecurityInfo.dat” file generated during installation carefully. You will need the file in cases of service recovery.
If your installation is GlobalAdmin Managed, please ensure you have either your GlobalAdmin generated installation files ready or access to the Security Server for retrieving the installation files.
To uninstall FREE CompuSec®, follow these steps:
Close any other running programs
Select Start / Programs / Security / CompuSec Service
Click on the Uninstallation button and follow the on-screen instructions
Top |
| CompuSec® Features |
Pre-boot Authentication and Single Sign On
- Correct user ID and password must be entered before the operating system can be booted.
- If hard disk is encrypted, the encryption key is only available after the user is successfully authenticated.
- The operating system user ID, password and domain are encrypted and stored, so that users can be automatically logged into the operating system.
- Only 1 set of username and password needs to be remembered.
- Password synchronization can be performed for CompuSec® password and Windows password in the Active Directory.
Full Sector-based Hard Disk Encryption
- Full hard disk encryption (including operating system, swap files, temporary files and free space)
- Sector-based encryption using AES in CBC mode with 256-bit keys.
- Different Initialization Vector used for each sector for higher security.
- Initial encryption of hard disk can be performed either at pre-boot (slower but more secure) or in the background after the OS boots (faster).
- Transparent encryption/decryption on the fly after the initial encryption.
- Support for hibernation mode – data in the RAM is encrypted before storing in the hard disk.
Removable Media Encryption
- Transparent encryption for removable media such as diskettes, memory sticks or USB thumb drives.
- CDCrypt feature for encryption of CD-R/DVD-R.
- Sector-based encryption using AES in CBC mode with 256-bit keys.
- Options available to user to choose whether to use the removable media in encrypted format.
SafeLan – Encrypt files and folders on a server
- Encrypt files and folders on a central file server without installing any other encryption software on the file server.
- Encryption is performed using AES in CBC mode with 256-bit keys.
- Server administrators without the correct set of keys will not be able to read the encrypted files and folders.
- Separate groups of users in a strong cryptographic way.
- Supports NTFS, Novell and other network-based file systems.
DataCrypt – Encrypt individual files using Public Key Cryptography
- Encrypt individual files using public-key encryption based on elliptic curves for key generation.
- “Sealing” technology used to hide all structures in the header of the encrypted file, so as to protect against “traffic analysis” on the network.
- Encrypted file can be sent safely over unsecured mediums, such as email attachments.
- Can also be used as a separate software module that can be forwarded to other users.
Identity Management
- Encrypt and stores usernames and passwords for software and web applications.
- Automatically inserts correct credentials into applications requiring authentication.
- Reduces the need to remember numerous user id and passwords.
[ClosedTalk]® - Secure VoIP
- Software phone application for encrypted VoIP through the Internet.
- Diffie-Hellman key generation protocol is used to provide new secure session keys for each talk.
- Email addresses instead of long telephone numbers are used to contact communication partners.
- Free gatekeeper service is used to find the communication partner on the network.
[DriveCrypt]® - Container Encryption
- Created an encrypted file for secure file storage.
- AES with 256-bit keys used for encryption.
- Container mounted as a drive.
- Easy-to-use context menus for managing containers.
Email Encryption and Signing
- Only available if the FREE CompuSec® installation is GlobalAdmin Managed.
- Email messages can be encrypted and then signed before they are sent out to another CompuSec® user.
Top |
| GlobalAdmin – Central Management System |
GlobalAdmin is the central management system for CompuSec®. It allows the security administrator to manage the FREE CompuSec® installations in the organization with ease. Using the graphical user interface, the administrator can add, remove or modify users and define or amend security policies. An interface to the company’s active directory (AD) using LDAP allows the administrators to easily synchronize the user database to the AD.
GlobalAdmin can be used either as a root certification authority (CA) or as a sub-CA in a trust centre. Certificates issued for login, VPN, secure email signing and secure email key exchange are generated in GlobalAdmin and distributed to the users. In addition, GlobalAdmin is used to maintain Certificate Revocation Lists as well as renew any expiring user certificates.
Besides managing FREE CompuSec® installations in the organization, GlobalAdmin can be used to manage the other products in the PC Security range, such as the CompuSec® e-Identity®, CompuSec® Bio, CompuSec® HSM, and CompuSec® Mobile. In addition, GlobalAdmin is also used to manage the MicroCryptors and GigaCryptors in the Network Security range. By using one single system to manage the security products in the organization decreases the total cost of ownership in the organization, which increases the return on investment.
Top |
| Brief Differences between Standalone and GlobalAdmin Managed Installations |
| |
Standalone Installation |
GlobalAdmin Managed |
| Installation |
| - Interactive Installation |
Yes |
Yes |
| - Unattended Installation |
No |
Yes |
| Pre-boot Access Control |
| - Change password at pre-boot |
Yes |
Yes |
| - Static password reset code for resetting password |
Yes |
No |
| - Challenge response mechanism for remote password help |
No |
Yes |
| Access Rights |
| - Multi-users allowed on 1 machine |
No |
Yes |
| - Users allowed to use multiple machines |
No |
Yes |
| - Add/remove user’s access rights |
No |
Yes |
| Password Policies |
| - Password complexity check |
Yes |
Yes |
| - Password change options |
Yes |
Yes |
| - Modify default initial password |
No |
Yes |
| - Modify password lifetime |
No |
Yes |
| - Modify password usage count |
No |
Yes |
| - Modify min length of passwords |
No |
Yes |
| - Case-insensitive passwords |
No |
Yes |
| - Password Synchronization with Windows Password |
No |
Yes |
| Encryption Algorithm |
| - AES with 256-bit keys |
Yes |
Yes |
| Security Policies |
| - Add/remove privileges for IO ports |
No |
Yes |
| - Automatic updating of user privileges |
No |
Yes |
| - Central management of security policies |
No |
Yes |
Top |
| Additional Security Options |
CE-Infosys offers a range of PC Security products to meet a myriad of security needs. The product categories can be broadly separated into 4 major classifications: Basic Security, Professional Security, Top Security and Security for Governments. FREE CompuSec® belongs to the Basic Security category. Products in this category are designed for simple adoption and usage by a large number of users, with easy-to-use interfaces. For higher security, the organization can opt for products in either the Professional Security category, or the Top Security category.
Professional Security
The CompuSec® e-Identity® and the CompuSec® Bio in the Professional Security category provide either a 2 or 3-factor authentication with hardware tokens. Before the machine can be booted, the user is required to insert the e-Identity® smartcard or USB token, and enter the correct password. In CompuSec® Bio, an additional biometric check of the user’s fingerprint is implemented, so as to have a 3-factor pre-boot authentication.
Top Security
CompuSec® Mobile and CompuSec® HSM form the Top Security category. These are hardware products featuring 2 or 3-factor authentication. The encryption used is performed in the hardware and the keys are securely kept on board the hardware. CompuSec® HSM is a PCI board that can be plugged into any machine with a PCI slot, and CompuSec® Mobile is a PC card with an integrated smartcard reader.
More information about CE-Infosys or our products, please visit us at www.ce-infosys.com
Top |
| Online Support |
|
FREE CompuSec® support is available online via the support forum. The forum provides technical support to all our current users of FREE CompuSec®. Users can now post their technical issues on the dedicated forum and our CE-Infosys technical support staff will try to answer or help solve problems that users may encounter. Visit the forum at www.ce-infosys.com/cei_forum and register as a FREE CompuSec® forum member today.
Top |
© 2006 - 2007 CE-Infosys. All rights reserved |