What's New in CompuSec®

CompuSec ® Overview Release 4.17

This is an overview of the new CompuSec® 4.17 Release.

New functions for our company customers were added.

Major improvements were implemented for the individual users.

A Linux version is available as FREE CompuSec®.

4 Versions of CompuSec® are now available:

A free SW version representing the latest security technology.

CompuSec® e-Identity®™ provides latest Public-Key technology on the highest security level.

CompuSec® BIO adds Biometrics to the e-Identity® version.

CompuSec® HSM uses a Hardware Security Module as encryption platform based on a PCI card.

CompuSec® Mobile uses a PC Card as security platform and integrates a smartcard reader and will be available
with the next release.

All product versions are designed for corporate use and also for use by individuals.

New in release 4.17

Linux kernel 2.4.x is supported for Red Hat and SuSe distributions.
DataCrypt for Windows can now be used as a standalone version and can be redistributed to other users without the need of having CompuSec® installed.
Automatic image installation, automatic image activation and unattended installation is now supported for all CompuSec® versions.
CompuSec® BIO is released for individual users. Fingerprint enrollment is part of the installation program.
Support for CardMan 4040 PCMCIA card reader was added.
A security policy service for centrally managed installations of CompuSec® was added.
Support for CompuSec® HSM is included in the installation program.
CompuSec® Installation detects automatically the platform it is running on.
Citrix client single sign-on support added.
Remote Desktop for Windows XP and Terminal Services for Windows 2000 supported.
Several minor improvements and bug fixes.

FREE CompuSec®

The FREE CompuSec® version is free of charge for both personal and commercial use.

No registration is necessary.
CE-Infosys provides service and support for the FREE CompuSec® version through telephone hot-line in Berlin, e-mail and a Yahoo user group.
Maintenance contracts are available for those company users who require fast guaranteed response time.
Corporate customers may use the GlobalAdmin management station or the GlobalAdmin LITE software to administer large numbers of CompuSec®.
Corporate customers may use all versions of CompuSec® in a mixed environment.
The free product is a full version without any limitation. It is NOT a demo or trial version.

Functions and Features of the free CompuSec® version

Access control with user ID and password.
Password reset code for lost passwords.
Emergency rescue diskette for lost password and lost password reset code.
Security information will be generated during installation and can be stored on the media of your choice.
Hard disk encryption of all sectors (used and unused).
Hibernation mode support (Suspend to disk).
The hibernation data are stored encrypted on the disk.
Floppy diskette encryption.
Removable Media encryption (ZIP Drives…)
Removable Device encryption.
Up to 8 hard disks can be encrypted.
Single Sign On for Microsoft Windows 2000 and Microsoft XP.
Background encryption saves installation time.
Encryption of USB Memory-Sticks.
Multiple Boot Device support.

Functions and Features of CompuSec® e-Identity®

This version of the product is sold together with a USB based smart card token or with a smart card reader and a smart card.

Access control

2-factor authentication prior to the operating system boot process.
USB bus access before the OS is loaded.
e-Identity® based 2 factor access control.
A wide range of password policies are provided for our corporate customers.
Forgotten passwords are no problems for our corporate customers. Secure Remote.
Password Change will solve the situation in a minute.
Multiple Boot Device support.

Pre Boot PKI

Public Key based access control before the system boots.
Access granted based on validity of the certificate.
Central management of user - computer relation based on PKI.
Allows any number of user groups and flexible computer pools.
Remote control for user assignment (Add and remove users without touching the machine or the users e-Identity®).
Multiple users per machine and multiple machines per user.

Hard disk encryption

CompuSec® provides sector based hard disk encryption of the total hard disk.
This includes encryption of the operating system.
The keys are safely stored in your e-Identity® token either as USB token or as smart card.
The hard disk encryption supports virtual disk, a great new opportunity for our corporate customers.
Hibernation mode support (Suspend to disk) stores encrypted hibernation data on the disk.
Fast AES Algorithm with 128 or 256 bit key length.
Up to 8 hard disks can be encrypted.
The initial encryption of the hard disk can be performed while the user continues his/her normal work.

Floppy encryption

CompuSec® comes with a sector based Floppy disk encryption. Every sector of a floppy is encrypted.
A small Floppy icon at the task bar is used to switch between plain and encrypted diskette operation.
Formatting in encrypted mode converts a normal floppy to an encrypted floppy.
An encrypted diskette is seen as unformatted in a non-encrypted drive.

Removable device encryption

CompuSec® comes with a full media, sector based encryption for removable devices like hard disks.
A small Floppy icon at the task bar is used to switch between plain and encrypted operation.
Formatting of the removable device creates an encrypted device.
An encrypted device is seen with unknown partition type if the user does not own the media key.

Safelan

This great product is now a part of CompuSec® for our corporate customers. Corporate users use a GlobalAdmin station to manage SafeLan keys.
Encrypted folders on the NTFS file server or on your local NTFS partitions.
SafeLan keeps file contents secret wherever your files are, on the local drive, on the file server or on the backup made from the file server.
Your SafeLan keys are safely stored on your e-Identity®.
Three sample keys come with the every e-Identity®. Private end users can try SafeLan without buying an Admin station.

IPCrypt Client VPN

IPCrypt Client is inbuilt into CompuSec®.
VPN client for Corporate users traveling worldwide using any kind of connection.
Secure VPN client for http://www.guardmydata.com/ services.
VPN security for wireless LAN applications.

Single Sign On

Automatic logon at Windows 2000 and Windows XP.
Credentials stored inside the e-Identity®.

Pre Boot PKI

Public Key based access control before the system boots.
Access granted based on validity of the certificate.
Central management of user - computer relation based on PKI.
Allows any number of user groups and flexible computer pools.
Multiple users per machine and multiple machines per user.

Certificate Store

CompuSec® uses e-Identity® as certificate store for X509.V3 certificates.
e-Identity® stores Logon certificates for Microsoft Domain Server Logon.
e-Identity® stores certificates for E-Mail encryption and E-Mail signature.
e-Identity® stores network certificates.

Large Customer Support

e-Identity® can be used in four different modes:

	User Mode	An e-Identity® managed by the GlobalAdmin using the PKI for an user
	Expert Mode	An e-Identity® managed by the GlobalAdmin using the PKI for an user installing the system by himself
	Installer Mode	An e-Identity® managed by the GlobalAdmin using the PKI for an installer used to install multiple systems
	Direct Access Mode	An e-Identity® managed by the GlobalAdmin for direct access from one user to just one computer

An unattended automatic installation mode is available for large organizations. Please contact your dealer or CE-Infosys.

Options

The philosophy of CE-Infosys is to provide the customers the best possible solution and make the solution as easy as possible for the users. Following this philosophy as many functions as possible are integrated into the CompuSec® Security Suite. The customer can choose at installation time what functions are installed. Therefore the list of options is very small and contains only the central management station and custom specific enhancements.

GlobalAdmin - Central Management for large Organizations

GlobalAdmin is the solution for central management of large numbers of CompuSec® installations.
Any number of users per computer can be assigned. At the same time each user can be assigned to any number of computers.
The assignment of users to computers is performed at the GlobalAdmin station without physical access to the users smart card or the computer.
GlobalAdmin is a complete Certification Authority and may be used to implement a complete Public Key Infrastructure.

GlobalAdmin - Central Management for SME customers

GlobalAdmin LITE manages CompuSec® for organizations using up 500 licenses.
SW version without Hardware Security Module.
Supports all CompuSec® Products.

Public Key Infrastructure

CompuSec® customers may use the CE-Infosys PKI which is part of the GlobalAdmin products and supports e-Identity®™. The use of e-Identity®™ is not limited to CompuSec® security functions. User provided applications can easily be secured using e-Identity®™.

Further enhancements of the product will be announced at for http://www.ce-infosys.com

Installation Notes

CompuSec® comes with its own boot sector virus protection. Before installing CompuSec® any existing boot sector virus protection must be deactivated. CompuSec® will save the existing boot sector and replace it with the CompuSec® boot sector. After installation CompuSec® protects the boot sector with its integrated protection mechanisms. Anyway a normal BIOS based boot sector protection may be activated again.

CompuSec® Installation Tips

A single user installation creates a file with all the keys required for a later service activity. This file is named SecurityInfo.dat and it is recommended to copy this file onto a reliable external media. Please store this file at a safe place.

The security file SecurityInfo.dat is required for the de-installation of the product or when the password and the password-reset code are forgotten.

The security file SecurityInfo.dat is related to a computer. They can only be used for the machine where they were initially created.

The initial password after the installation of CompuSec® is “start123”.
The user ID must be 1 to 16 characters long. Characters can be alphanumeric.
The password must be 6 to 16 characters long. Characters can be alphanumeric.

The first time Windows is started a MANUAL log on is required. CompuSec® learns the password for future automatic log on.

A CompuSec® managed by a GlobalAdmin station does not generate such a file. All the required data are stored in the GlobalAdmin database.