FREE CompuSec v5.3 manual

User Manual

FREE CompuSec® Version 5.3 For Windows® 7/Vista / XP / 2000/Server 2003/Server 2008

FREE CompuSec® v5.3 Manual - i - v3.0 – 14 May 2010

User Manual FREE CompuSec® Version 5.3 Published by: CE-Infosys Pte Ltd 31 International Business Park #04-03A Creative Resource Singapore 609921 Copyright © 2008CE-Infosys Pte Ltd www.ce-infosys.com CompuSec® and e-Identity® are registered trademarks of CE-Infosys Pte Ltd Windows, Windows 2000, Windows XP, Windows Vista and Windows 7 are registered marks of Microsoft Corporation. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recoding, or otherwise, without prior permission from CE-Infosys Pte Ltd. No part of this document may be changed without the consent or permission from CE-Infosys Pte Ltd. Disclaimer This handbook has been validated and reviewed for accuracy. The instructions contained are accurate for FREE CompuSec® at time of printing. CE-Infosys Pte Ltd reserves the right to modify or supplement the documentation at any time without previous announcement. CE-Infosys Pte Ltd assumes no liability for damages incurred directly from errors, omissions or discrepancies between the product and the handbook. The information of this handbook is regularly checked, and necessary corrections are contained in the following editions. We are grateful for any suggestions to further improve our existing products. If any further information is required, or problems that are not covered in this handbook, please refer to the Support Department at CE-Infosys Pte Ltd. Email: [email protected] For updates of existing products or new products, please visit our web page at the following URL: http://www.ce-infosys.com

FREE CompuSec® v5.3 Manual - ii - v3.0 – 14 May 2010

Table of Contents

Table of Contents ................................................................................................................................... ii List of Figures ....................................................................................................................................... iv

1. Introduction ................................................................................................................................... 1

2. Overview ....................................................................................................................................... 2

2.1. Basic Features ...................................................................................................................... 2

2.2. New in this Release............................................................................................................... 2

2.3. System Requirements ........................................................................................................... 2

2.3.1. Minimum System Requirements .................................................................................... 2

2.3.2. Supported Operating Systems ...................................................................................... 2

3. Installation ..................................................................................................................................... 3

3.1. Pre-Installation Checklist ....................................................................................................... 3

3.2. Installation Procedure ............................................................................................................ 3

4. Pre-boot Authentication ................................................................................................................. 9

4.1. Basic Authentication ............................................................................................................ 10

4.2. Change Password ............................................................................................................... 11

4.3. More Functions ................................................................................................................... 11

4.4. Password Help Functions .................................................................................................... 12

5. Encryption and Decryption of Hard Disks .................................................................................... 13

5.1. Encryption or Decryption Before Booting ............................................................................ 13

5.2. Encryption or Decryption While Working ............................................................................. 13

6. CompuSec® GINA ...................................................................................................................... 15

6.1. Single Sign-On .................................................................................................................... 15

6.2. System Lock ........................................................................................................................ 16

7. CompuSec® Credential Provider ................................................................................................ 18

7.1. Access CompuSec® Credential Provider ............................................................................ 18

7.2. Single Sign-On .................................................................................................................... 18

7.3. Change Password ............................................................................................................... 19

7.4. CompuSec® Credential Provider Tools............................................................................... 20

7.4.1. Manage Single Sign On .............................................................................................. 20

7.4.2. Change CompuSec® Password .................................................................................. 20

7.5. Screen Lock ........................................................................................................................ 21

8. CompuSec® Service ................................................................................................................... 22

8.1. Information .......................................................................................................................... 22

8.2. Installation and removal of CompuSec® components ......................................................... 22

8.3. Service and Update ............................................................................................................. 23

8.3.1. Information about CompuSec® ................................................................................... 24

8.3.2. Manage HD Encryption ............................................................................................... 24

8.3.3. Backup Security File .................................................................................................... 25

8.3.4. Change Logon Screen ................................................................................................ 26

8.4. Uninstallation of CompuSec® ............................................................................................. 27

9. Removable Media Encryption ..................................................................................................... 28

9.1. CD Encryption ..................................................................................................................... 29

10. DataCrypt ................................................................................................................................ 31

10.1. Starting DataCrypt ........................................................................................................... 31

10.2. Encrypting Files ............................................................................................................... 32

10.3. Decrypting Files ............................................................................................................... 34

10.4. Managing Keys ................................................................................................................ 35

10.4.1. Delete Keys ................................................................................................................. 35

10.4.2. Import Keys ................................................................................................................. 36

10.4.3. Backup Keys ............................................................................................................... 36

10.4.4. Restore Keys ............................................................................................................... 36

10.4.5. Export Public Key ........................................................................................................ 37

10.5. Change Options .............................................................................................................. 37

11. [DriveCrypt] ............................................................................................................................. 38

11.1. Starting [DriveCrypt] ........................................................................................................ 38

FREE CompuSec® v5.3 Manual - iii - v3.0 – 14 May 2010

11.2. Creating a new container ................................................................................................ 38

12. Identity Management ............................................................................................................... 39

12.1. Starting Identity Management ......................................................................................... 39

12.2. Saved Applications .......................................................................................................... 39

12.3. Never Saved Applications ............................................................................................... 41

12.4. Windows Logon ............................................................................................................... 41

12.5. Saved Web Sites ............................................................................................................. 42

12.6. Never Saved Web Sites .................................................................................................. 43

12.7. Settings ........................................................................................................................... 44

13. SafeLan ................................................................................................................................... 45

13.1. Starting SafeLan .............................................................................................................. 45

13.2. Creating a new folder ...................................................................................................... 46

13.3. Encrypt an existing folder ................................................................................................ 46

14. Uninstallation ........................................................................................................................... 48

14.1. Uninstallation Checklist ................................................................................................... 48

14.2. Uninstallation Steps ......................................................................................................... 48

15. Advanced Options ................................................................................................................... 51

15.1. Installing FREE CompuSec® on Hard Disks with Multiple Operating Systems ............... 51

15.1.1. Overview ..................................................................................................................... 51

15.1.2. Pre-Installation Checklist ............................................................................................. 51

15.1.3. Installation Procedure .................................................................................................. 52

16. Troubleshooting and Recovery Procedures ............................................................................ 53

16.1. Emergency Decryption of an Encrypted Hard Disk ......................................................... 53

FREE CompuSec® v5.3 Manual - iv - v3.0 – 14 May 2010

List of Figures

Figure 3-1 – FREE CompuSec® Installation ......................................................................................... 3

Figure 3-2 – Select CompuSec® Components ..................................................................................... 4

Figure 3-3 – User Details and Password Profile ................................................................................... 5

Figure 3-4 – Select Encryption Keys ..................................................................................................... 6

Figure 3-5 – Set Hard Disk Encryption State ........................................................................................ 7

Figure 3-6 – Password Reset Code ...................................................................................................... 7

Figure 4-1 – Standard CompuSec® Pre-boot Authentication ............................................................... 9

Figure 4-2 – 8-bit graphics for CompuSec® pre-boot authentication .................................................... 9

Figure 4-3 – VGA graphics for CompuSec® pre-boot authentication .................................................. 10

Figure 4-4 – Basic Authentication: User ID ......................................................................................... 10

Figure 4-5 – Basic Authentication: Password ...................................................................................... 10

Figure 4-6 – Password expired ........................................................................................................... 11

Figure 4-7 – Enter new password ....................................................................................................... 11

Figure 4-8 – Confirm new password ................................................................................................... 11

Figure 4-9 – New password accepted ................................................................................................. 11

Figure 4-10 – More Options ................................................................................................................ 11

Figure 4-11 – More Options ................................................................................................................ 12

Figure 4-12 – Password Help .............................................................................................................. 12

Figure 4-13 – Password Reset: User ID ............................................................................................. 12

Figure 4-14 – Enter Password Reset Code ........................................................................................ 12

Figure 5-1 – Encryption before booting ............................................................................................... 13

Figure 5-2 – Encryption before booting in progress ............................................................................ 13

Figure 5-3 – Encryption while working ................................................................................................ 14

Figure 5-4 – Encryption status during booting..................................................................................... 14

Figure 5-5 – Background encryption status......................................................................................... 14

Figure 6-1 – CompuSec® GINA.......................................................................................................... 15

Figure 6-2 – Enter user credentials (Windows XP) ............................................................................. 15

Figure 6-3 – Auto-Logon ..................................................................................................................... 16

Figure 6-4 – Manage single sign-on .................................................................................................... 16

Figure 6-5 – System Locked ............................................................................................................... 17

Figure 6-6 – Unlocking system lock with the CompuSec® password ................................................. 17

Figure 7-1 – Enter user credentials (Windows Vista) .......................................................................... 18

Figure 7-2 – Enter user credentials (Windows XP) ............................................................................. 18

Figure 7-3 – Auto-Logon ..................................................................................................................... 19

Figure 7-4 – Change Windows Password ........................................................................................... 19

Figure 7-5 – CompuSec® Credential Provider Tools .......................................................................... 20

Figure 7-6 – Manage Single Sign-On .................................................................................................. 20

Figure 7-7 – Change CompuSec® Password ..................................................................................... 21

Figure 7-8 – Screen Lock .................................................................................................................... 21

Figure 8-1 – Main Dialog for CompuSec® Service ............................................................................. 22

Figure 8-2 – CompuSec® Components .............................................................................................. 23

Figure 8-3 – Authentication before Service and Update ..................................................................... 23

Figure 8-4 – Service and Update Options ........................................................................................... 24

Figure 8-5 – CompuSec® Information ................................................................................................ 24

Figure 8-6 – Manage HD Encryption Screen ...................................................................................... 25

Figure 8-7 – Backup Security File ....................................................................................................... 26

Figure 8-8 – Modify pre-boot logon screen ......................................................................................... 26

Figure 9-1 – Change encryption state ................................................................................................. 28

Figure 9-2 – Viewing the encryption state of drives ............................................................................ 28

Figure 9-3 – RME Warning message .................................................................................................. 29

Figure 9-4 – Format dialog .................................................................................................................. 29

Figure 9-5 – Choose CDCrypt encryption key..................................................................................... 29

Figure 10-1 – Enter user information in DataCrypt .............................................................................. 31

Figure 10-2 – Main screen of DataCrypt ............................................................................................. 32

Figure 10-3 – Encrypting files ............................................................................................................. 32

FREE CompuSec® v5.3 Manual - v - v3.0 – 14 May 2010

Figure 10-4 – Select recipients ........................................................................................................... 33

Figure 10-5 – Encryption Status .......................................................................................................... 33

Figure 10-6 – Decrypting Files ............................................................................................................ 34

Figure 10-7 – Decryption status .......................................................................................................... 35

Figure 10-8 – Manage Keys ................................................................................................................ 35

Figure 10-9 – Backup password ......................................................................................................... 36

Figure 10-10 – Restore password ....................................................................................................... 36

Figure 10-11 – Change default options ............................................................................................... 37

Figure 11-1 – Create a new container ................................................................................................. 38

Figure 12-1 – Identity Management .................................................................................................... 39

Figure 12-2 – Saved Applications ....................................................................................................... 40

Figure 12-3 – Manage properties for saved application ...................................................................... 40

Figure 12-4 – Never saved applications .............................................................................................. 41

Figure 12-5 – Windows logon passwords ........................................................................................... 42

Figure 12-6 – Saved web sites ............................................................................................................ 42

Figure 12-7 – Properties for saved web sites ...................................................................................... 43

Figure 12-8 – Never saved web sites .................................................................................................. 43

Figure 12-9 – Identity Management settings ....................................................................................... 44

Figure 13-1 – SafeLan welcome page ................................................................................................ 45

Figure 13-2 – Creating a new encrypted folder in SafeLan ................................................................. 46

Figure 13-3 – Encrypting an existing folder using SafeLan ................................................................. 46

Figure 14-1 – CompuSec® Service .................................................................................................... 48

Figure 14-2 – Authentication before uninstallation .............................................................................. 49

Figure 14-3 – Important uninstallation notes ....................................................................................... 49

Figure 15-1 – Select option to only install the driver ........................................................................... 52

Figure 16-1 – Service Menu Access ................................................................................................... 53

Figure 16-2 – Service Menu Functions ............................................................................................... 53

Figure 16-3 – Decryption Notice ......................................................................................................... 53

Figure 16-4 – Emergency Decryption in progress ............................................................................... 53

Introduction

FREE CompuSec® v5.3 Manual Page 1 of 54 v3.0 – 14 May 2010

1. Introduction Personal computers and notebooks are essential for any organization in the wired world today. These machines are used for a myriad of purposes, such as software development, accounting, product development and others. As such, an increasing amount of information is stored in the hard disks of these machines, some of which are highly confidential and classified. Consequently, the theft or loss of such computing equipment will cost the organization many times more than the cost of the actual computing equipment alone. Too often, we read of careless employees losing hundreds of thousands of customer details when they left their notebooks in the back seat of the taxi on the way to the airport. FREE CompuSec® is the fast and easy solution to the problem of protecting the confidentiality of the information stored on these computing equipment. This software product encrypts the entire hard disk of the machine, including the operating system and other system files. A pre-boot access control is enforced, so as to prevent any unauthorized access. Only with the correct username and password, can the operating system on the machine be booted. This software security suite also provides other software components to encrypt removable media such as USB memory sticks and floppy disks, files and folders on the network, and individual files. The encryption is performed transparently, and the user is not required to make extraneous steps to encrypt files.

Overview


2. Overview

2.1. Basic Features

� Pre-boot access control using User Name and Password � Easy to convenient method to reset user password � Full hard disk encryption using AES with 256-bit keys � Option for background encryption and decryption during installation or uninstallation � Fast and secure automatic logon to Windows using CompuSec® Single Sign On feature � Secure screen lock with CompuSec® GINA � Hibernation Mode supported � Removable media encryption for encrypting floppy disks, USB memory sticks, and others � Single file encryption using public key cryptography � CD/DVD encryption using CDCrypt � SafeLan for automatic folder and file encryption � DataCrypt for file encryption � [DriveCrypt] for container encryption � Identity Management for simple password management � [ClosedTalk] ® for secure VOIP talks � Password history and complexity checks for higher security � Password reset code for resetting lost passwords

2.2. New in this Release

� Support for Windows 7 (32 & 64 bit), Windows Server 2008 & Server 2008 R2 � New and improved DataCrypt � [DriveCrypt]

for container encryption

2.3. System Requirements 2.3.1. Minimum System Requirements

� Intel or AMD processor � 128 MB RAM � 100 MB of free hard disk space

2.3.2. Supported Operating Systems

FREE CompuSec® supports the following operating systems (32 bit and 64 bit):

� Windows 2000 with Service Pack 4 � Windows XP Professional Edition with Service Pack 2 � Windows Server 2003 � Windows Server 2008 R2 � Windows Vista � Windows 7

Installation


3. Installation

3.1. Pre-Installation Checklist Please read this list carefully and ensure that these points are adhered to.

� Before installing FREE CompuSec®, please make a backup of your data. � Please ensure that you use only standard IDE or SATA disks and they are properly

connected. � Use CHKDSK to check the hard drive for errors. � Please disable ‘Boot Sector Virus Protection’ from you system’s BIOS � Please deactivate any antivirus software before the installation/uninstallation process � Stop all other applications before running the FREE CompuSec® installation program. � Please ensure that you have administrator rights in your operating system.

3.2. Installation Procedure To install FREE CompuSec®, follow these steps. 1. Browse to the correct path to locate the FREE CompuSec® installation folder. 2. Run Setup.exe to start the installation wizard that will lead you through the installation. 3. The welcome page of the installation wizard is displayed. Click on the button "Installation and

removal of CompuSec® Components”.

Figure 3-1 – FREE CompuSec® Installation

4. The License Agreement dialog is displayed. If you agree to the license terms, click on the

“Accept” button. If not, click on the “Decline” button, and the installation will end. 5. A reminder dialog is displayed. Please check that the antivirus software is disabled, and close all

other applications before proceeding. Click on the “Continue” button when ready. 6. The FREE CompuSec® files will be copied to the folder “C:\Program Files\CE-

Infosys\CompuSec”. This folder will be created automatically if it does not exist. 7. A list of FREE CompuSec® components is displayed. Select the functions required and click on

the “Continue” button to proceed. A description of the different options is listed in Table 3-1. Select the desired components and click on the button “Continue” to proceed.

Installation


Figure 3-2 – Select CompuSec® Components

Table 3-1 – FREE CompuSec® Installation Options

Option Description

Pre Boot Authentication When this function is selected, users will be required to enter the username and password before Windows can be started.

Hard Disk Encryption When this option is selected, the hard disks in the computer will be encrypted when the machine is rebooted.

Single Sign On using User Credentials

When this function is selected, the CompuSec® GINA (Windows XP) or Credential Provider (Windows Vista) will be installed. More details of this component can be found in Sections 6 and 7.

SafeLan for network folder encryption

When this option is selected, the SafeLan software component will be installed. More details of this component can be found in Section 13.

DataCrypt for file encryption When this option is selected, the DataCrypt software component will be installed. More details of this component can be found in Section 10.

[ClosedTalk] ® When this option is selected, the [ClosedTalk] software for encrypted VOIP will be installed. More details of this component can be found in the [ClosedTalk] ® Manual.

Identity Management When this option is selected, the Identity Management software will be installed. More details of this component can be found in Section 12.

[DriveCrypt] ® When this option is selected, the [DriveCrypt] ® software for container encryption will be installed. More details of this component can be found in Section 11.

Install driver for additional OS on disk

Select this option to install the FREE CompuSec® software partially for systems with multiple OS.

��Note:

Please do not enable Single Sign On if you already have another login program. If you would like to use the Single Sign On option in FREE CompuSec®, please uninstall your other login program first.

Installation


��Note:

If you have more than one operating system on your hard disk, you will need to enable the “Install driver for additional OS on disk” option for the secondary OS to install the FREE CompuSec® software partially. You will then need to install the FREE CompuSec® software on your primary OS without selecting the “Install driver for additional OS on disk” option to install the software completely. For more information, please see Section 15.1 - Installing

FREE CompuSec® on Hard Disks with Multiple O. 8. In the user account dialog, input your desired User ID that will be used by FREE CompuSec® for

pre-boot authentication. Select the password policies that are desired. You can activate or deactivate each setting by checking the boxes next to these options.

� The first option limits the lifetime of the password to the specified number of days. � The second option limits the lifetime of the password to the specified number of logons. � The third option specifies whether a password change question will be displayed after

every successful login. Click on the button “Continue” to proceed.

Figure 3-3 – User Details and Password Profile

��Note:

The User ID is case sensitive. Please write down the user ID and keep the information safe. 9. The keys used for the in FREE CompuSec® are displayed. These keys have been randomly

generated by the installation application. Table 3-2 describes how the generated keys can be modified. Click on the button “Continue” to proceed with the installation.

Installation


Figure 3-4 – Select Encryption Keys

Table 3-2 – Possible Modification of the Generated Keys

Button Description

Generate another random key

Manually input a new key

Import the key from an existing securityinfo.dat file

10. The hard disk encryption setting is displayed. FREE CompuSec® supports up to 8 physical hard

disks. Click on the drop down bar to change the setting. There are 3 options for hard disk encryption:

� Not Encrypted: The hard disk will not be encrypted � Encryption before booting: The hard disk will be encrypted before the operating system

starts. This process is slower and cannot be interrupt once started. � Encryption while working: The hard disk will be encrypted after the operating system is

started. This process is faster, and can be interrupted by a normal shutdown of the operating system or hibernation.

Installation


Figure 3-5 – Set Hard Disk Encryption State

Click on the button “Continue’ to proceed with the installation.

11. Enter your password reset code here. This can be used to help users in cases where the

password is forgotten. Click on the button “Continue” to proceed with the installation.

Figure 3-6 – Password Reset Code

��Note:

The password reset code is case sensitive. Please write down the password reset code and keep the information safe.

12. A reminder dialog is displayed. Please note that the default initial password is “start123”. Please

enter this password during the pre-boot authentication immediately after the installation. Click on the “Continue” button to proceed.

13. In the next screen, click on the button “Start Install” to begin the actual software installation

based on the parameters chosen.

Installation


14. The setting of the FREE CompuSec® installation is saved into a backup file, securityinfo.dat. This file is required during service updates and uninstallation of FREE CompuSec®. It is also required in service situations. Click on the button “Continue” to save the securityinfo.dat.

��Note:

The securityinfo.dat contains sensitive information that is unique to this installation of FREE CompuSec®. Please save a copy of the file and store it in a safe and secure place.

15. The FREE CompuSec® will install the necessary drivers and files into the machine. When the

installation is completed, you will be prompted to finalise the installation by clicking on the button “Finish”. When you click on the button, your computer will be automatically restarted. When the computer starts the next time, the CompuSec® pre-boot authentication screen will appear. Enter the selected user ID and the initial “start123” password.

Pre-boot Authentication


4. Pre-boot Authentication The pre-boot authentication protects the machine from unauthorized access. It is started immediately after the BIOS POST. Figure 4-1 shows the screenshot of the pre-boot authentication screen. Please follow the instructions at the lower third of the screen for the pre-boot authentication.

��Note:

The diagrams in the following subsections will only show the instructions displayed on the screen.

Figure 4-1 – Standard CompuSec® Pre-boot Authentication

During the FREE CompuSec® setup, the installer will detect your video card settings. If it does not detect a compatible mode, different pre-boot authentication screens may be displayed, as shown in Figure 4-2 and Figure 4-3.

Figure 4-2 – 8-bit graphics for CompuSec® pre-boot authentication



Figure 4-3 – VGA graphics for CompuSec® pre-boot authentication

4.1. Basic Authentication The pre-boot authentication will prompt you to enter your user ID, as shown in Figure 4-4. Please type your user ID and press “Enter”. The characters will be displayed as asterisks (*) on the screen for higher security.

Figure 4-4 – Basic Authentication: User ID

At the password prompt, as shown in Figure 4-5, type your password and press the key “Enter”. As you type, the characters will be displayed as asterisks (*) on the screen for higher security.

Figure 4-5 – Basic Authentication: Password

��Note:

Your user ID was provided during installation. Please see step 8 in Section 3.2.

��Note:

The default password is “start123”.

Please input your user ID or press F1 for Help

User ID:

Please input your password.

Password:



If you are logging in the first time, or if your password has expired, you will be prompted to type in a new password, as shown in Figure 4-6. Please see Section 4.2 for more details.

Figure 4-6 – Password expired

4.2. Change Password When you change your password, you will be prompted to enter new password, as shown in Figure 4-7. Enter your new password and press the key “Enter” when done. As you type, the characters will be displayed as asterisks (*) on the screen for higher security. If your password does not meet the complexity and password history checks, the CompuSec® pre-boot authentication will prompt you to enter another password.

Figure 4-7 – Enter new password

When your password is accepted, you will be required to enter your password again to verify it, as shown in Figure 4-8. Enter your password again and press the key “Enter” when done.

Figure 4-8 – Confirm new password

If the password change is successful, the message shown in Figure 4-9

Figure 4-9 – New password accepted

4.3. More Functions After you have successfully authenticated, a message for the service menu is displayed for 2 seconds. Press “F1” when this is displayed to see the other options available. Figure 4-11 shows the different other options available.

Figure 4-10 – More Options

Your password has expired. You must change your password now.

Please input your new password.

Password:

Please retype your new password to verify it.

Password:

The password is accepted and stored encrypted.

Press F1 for more options. The system will boot in 2 seconds.



Figure 4-11 – More Options

Option 1 allows you to change the current password. Option 2 allows you to decrypt the hard disk immediately without booting into your operating system. Option 3 exits the menu and boots the operating system.

4.4. Password Help Functions If you forget the password, you can press F1 instead of typing the user ID. This will lead you to the password help screen as shown in Figure 4-12.

Figure 4-12 – Password Help

Press “1” to start the password reset mechanism. You will be prompted to type your user ID. Type your user ID and press the key “Enter”.

Figure 4-13 – Password Reset: User ID

The pre-boot authentication will prompt you for the password reset code, that was selected during the installation, as shown in Figure 4-14.

Figure 4-14 – Enter Password Reset Code

The following service functions are available. Please select:

1 - Change current password

2 - Emergency decryption

3 - Boot


1 - Reset Password

2 - Return

Please input your user ID

User ID:

Please enter your password reset code.

Code:

Encryption and Decryption of Hard Disks


5. Encryption and Decryption of Hard Disks The encryption or decryption of the hard disks starts immediately after the pre-boot authentication. Before starting the encryption or decryption process, please ensure the following:

� A backup of all the important data in the hard disk has been made. � The machine is running on electrical power supply mains and not on batteries. � There should be no abrupt attempts to stop the encryption process once it has started.

5.1. Encryption or Decryption Before Booting When the option “Encryption before booting” or “Decryption before booting” is selected, the encryption or decryption process will be performed immediately after the pre-boot authentication and before the operating system is booted. Before beginning the encryption or decryption, FREE CompuSec® will ask you whether to start the process. Pressing “y” will start the encryption or decryption. Pressing “n” will skip the process, and leave the encryption or decryption to the next boot. An example of the confirmation message is shown in Figure 5-1.

Figure 5-1 – Encryption before booting

Figure 5-2 – Encryption before booting in progress

If you choose to start the encryption or decryption process, FREE CompuSec® will display the status of the process as shown in Figure 5-2. The “Remaining Sectors” statistic shows the number of sectors left in the process. When it reaches 0, the encryption or decryption will finish.

��Note:

This encryption or decryption process cannot be interrupted once it is started. If the process is stopped halfway, all the data on the disk will be rendered unreadable.

5.2. Encryption or Decryption While Working If the option “Encryption while working” or “Decryption while working” is selected, the encryption or decryption process is performed in the background. The user is able to use the operating system normally. Normal shutdown, hibernation and standby is allowed in this encryption or decryption mode. Before beginning the encryption or decryption, FREE CompuSec® will ask you whether to start the process. Pressing “y” will start the encryption or decryption. Pressing “n” will skip the process, and leave the encryption or decryption to the next boot. An example of the confirmation message is shown in Figure 5-3.

The following hard disk (1-8) is now ready for encryption: Disk 1

Do you want to encrypt this disk now? (Y / N)

Hard Disk 1 is encrypting. Please wait and don’t switch off power.

Remaining Sectors : 82130000

Encryption and Decryption of Hard Disks


Figure 5-3 – Encryption while working

The FREE CompuSec® device driver will start the encryption during the booting of the operating system, and display the status message during the booting of the operating system, as shown in Figure 5-4.

Figure 5-4 – Encryption status during booting

After your operating system is started, the encryption or decryption will continue in the background. The background encryption icon in the taskbar shows the status of the encryption or decryption process. A description of the icons is provided in Table 5-1.

Table 5-1 - Background encryption taskbar icon description

Icon Description

The spinning hourglass shows that the background encryption is still in progress.

When the spinning hourglass changes to the image of a drive, the encryption or decryption while working process has finished.

For more information regarding the background encryption process, click the spinning hourglass icon to see the background encryption status, as shown in Figure 5-5.

Figure 5-5 – Background encryption status

The background hard disk encryption is ready. Hard disk 1

Do you want to start it now? (Y / N)

CE-Infosys (c) 2005 – 2007 Security Device Driver

Starting hard disk encryption for disk 0…

6 % of hard disk 0 is already encrypted

Warning: Do not power off the system when hard disk encryption is running.

Regular system shutdown and hibernation is allowed.

CompuSec® GINA


6. CompuSec® GINA CompuSec® GINA is an extension of the Graphical Identification and Authentication for Windows 2000 and Windows XP. It provides a single sign-on capability so as to automatically log into Windows. In addition, it provides a secure screen lock function. To access the CompuSec® GINA, press “Ctrl”, “Alt” and “Del”. The CompuSec® GINA will start, and display the dialog shown in Figure 6-1.

Figure 6-1 – CompuSec® GINA

6.1. Single Sign-On When you first use the single sign-on feature, you will be asked to enter your user details as shown in Figure 6-2. This usually occurs in the first boot after the FREE CompuSec® installation, or when there is no single sign-on accounts saved in the CompuSec® GINA.

Figure 6-2 – Enter user credentials (Windows XP)

To save the user credentials and start using the single sign-on function, click on the button “Logon & Save”. The user credentials will be saved securely, and automatically used for authentication from now on. If you do not want to save the user credentials, click on the button “Logon”. This is useful for administrators or one-time users who need to access a user’s PC temporarily. If you have already configured your operating system to automatically log on for you, the single sign-on module will retrieve the information from your operating system, and automatically fill in the corresponding fields for you. All you need to do is click on the button “Logon & Save” to continue.

CompuSec® GINA


The next time Windows is started, the user credentials will automatically be inserted into the Windows logon after a delay of 5 seconds, as shown in Figure 6-3. During this time, the user can click on the button “Manual” to skip the single sign-on and log into Windows normally. To skip the delay, you can click on the button “Logon” to sign in immediately.

Figure 6-3 – Auto-Logon

To manage the saved usernames and passwords in the single sign-on component, click on the button “Manage Single SignOn…” button in the CompuSec® GINA. A list of the saved users is displayed, as shown in Figure 6-4. To delete previously saved accounts, click on the account and click on the button “Delete”. Click on the button “Close” when done.

Figure 6-4 – Manage single sign-on

6.2. System Lock The CompuSec® GINA system lock is an alternative to the Windows screen lock function. When the system is locked, the logged in user must enter the CompuSec® password before the system can be accessed again. To use the system lock, click on the button “Lock Workstation” and the lock screen will be displayed, as shown in Figure 6-5.

CompuSec® GINA


Figure 6-5 – System Locked

To unlock the system, , press “Ctrl”, “Alt” and “Del”, and type in the CompuSec® password in the password dialog, seen in Figure 6-6.

Figure 6-6 – Unlocking system lock with the CompuSec® password

CompuSec® Credential Provider


7. CompuSec® Credential Provider CompuSec® Credential Provider is an additional Credential Provider in Windows Vista that can be used to access Windows Vista. Similar to the CompuSec® GINA, the CompuSec® Credential Provider has a single sign-on capability for automatically login Windows. In addition, it provides a secure screen lock function for users leaving the machine temporarily.

7.1. Access CompuSec® Credential Provider To access the different functionalities provided by the CompuSec® Credential Provider, press “Ctrl”, “Alt” and “Del”. The CompuSec® Credential Provider will be started, and display the dialog shown in Figure 7-1.

Figure 7-1 – Enter user credentials (Windows Vista)

7.2. Single Sign-On When you first use the single sign-on feature, you will be asked to enter your user details as shown in Figure 7-2. This usually occurs in the first boot after the FREE CompuSec® installation, or when there is no single sign-on accounts saved in the Credential Provider.

Figure 7-2 – Enter user credentials (Windows XP)

To save the user credentials and start using the single sign-on function, enter the Windows user name and password, and check the box “Remember this credential”. Click on the submit button to save the credentials and log into Windows Vista. The user credentials will be saved securely, and automatically used for authentication from now on.



If you do not want to save the user credentials, uncheck the box “Remember this credential” before clicking on the submit button. This is useful for administrators or one-time users who need to access a user’s PC temporarily. If you have already configured your operating system to automatically log on for you, the single sign-on module will retrieve the information from your operating system, and automatically fill in the corresponding fields for you. All you need to do is click on the button “Logon & Save” to continue. The next time Windows is started, the saved user’s credentials will automatically be provided for Windows user authentication after a delay of 5 seconds, as shown in Figure 6-3. During this time, the user can click on the button “Manual” to skip the single sign-on and log into Windows normally. To skip the delay, you can click on the button “Logon” to sign in immediately.

Figure 7-3 – Auto-Logon

7.3. Change Password To change your Windows password, press the buttons “Ctrl”, “Alt” and “Del” together to access the CompuSec® Credential Provider. Click on the button “Change a Password …”. In the next window, as shown in Figure 7-4, you can change your Windows password. Enter your current and your desired new password and click on the submit button to save your new password.

Figure 7-4 – Change Windows Password



7.4. CompuSec® Credential Provider Tools To access the CompuSec® Credential Provider Tools, press the buttons “Ctrl”, “Alt” and “Del” together to access the CompuSec® Credential Provider. Click on the button “Change a Password …”. In the next window, as shown in Figure 7-4, click on the button “Option…” to access the CompuSec® Credential Provider Tools as shown in Figure 7-5.

Figure 7-5 – CompuSec® Credential Provider Tools

7.4.1. Manage Single Sign On

To manage the user credentials saved in the Single Sign On component, click on the button “Manage Single SignOn…”. You will now be able to see the user credentials saved by the CompuSec® Credential Provider. A list of the saved user credentials is displayed, , as shown in Figure 7-6. To delete the user credentials, select the user, and click on the button “Delete”. Click on the button “Save” to confirm the deletion. To quit this menu, click on the button “Cancel”.

Figure 7-6 – Manage Single Sign-On

7.4.2. Change CompuSec® Password

To change your CompuSec® password, click on the button “Change CompuSec® Password”. The dialog for changing CompuSec® password will be displayed, as shown in Figure 7-7. Enter your current CompuSec® password, and then your desired new CompuSec® password, and click on the button “OK” to save.



Figure 7-7 – Change CompuSec® Password

7.5. Screen Lock To temporarily lock your system, press the buttons “Ctrl”, “Alt” and “Del” together to access the CompuSec® Credential Provider. Click on the button “Lock this Computer”, and your system will be locked, as shown in Figure 7-8.

Figure 7-8 – Screen Lock

To unlock your system, type in your CompuSec® password and click on the submit button.

CompuSec® Service


8. CompuSec® Service The CompuSec® service allows to modify the settings of the FREE CompuSec® installation, or perform an upgrade of the components. You will need administrator rights in your operating system to access the CompuSec® Service. To access the CompuSec

® Service, go to Start � Program Files � Security � CompuSec Service.

The main page of the CompuSec® Service offers four different options:

� Information � Installation and removal of CompuSec® components � Service and Update � Uninstallation of CompuSec®

Figure 8-1 – Main Dialog for CompuSec® Service

8.1. Information This function opens the FREE CompuSec® Readme file in the installation package. It describes the functions for each module in FREE CompuSec® software, and other information.

8.2. Installation and removal of CompuSec® components This option allows you to add or remove CompuSec® components after you have performed the installation. You will need the securityinfo.dat that was created during the installation in order to use this option.

CompuSec® Service


Figure 8-2 – CompuSec® Components

To add components to the current FREE CompuSec® installation, check the corresponding box. To remove components, uncheck the corresponding box. Click on the button “Continue” to proceed.

8.3. Service and Update This service menu allows you to change the functioning of the FREE CompuSec® installed in your machine. Before configuring the FREE CompuSec® in your system, you will be prompted for your CompuSec® password, as shown in Figure 8-3.

Figure 8-3 – Authentication before Service and Update

If you correctly authenticate yourself, you will be allowed to change the configuration of the FREE CompuSec®. The options available are shown in Figure 8-4. Select the option desired, and click on the button “Continue”.

CompuSec® Service


Figure 8-4 – Service and Update Options

8.3.1. Information about CompuSec®

This option shows the details of the version of FREE CompuSec® that is installed in this computer.

Figure 8-5 – CompuSec® Information

8.3.2. Manage HD Encryption

This function allows users to set the encryption status of the hard disks in the machine. For each hard disk that is connected in the machine, CompuSec® Service will display the current encryption state. Up to 8 disks can be supported by FREE CompuSec®, and each of the statuses is displayed in this page.

CompuSec® Service


Figure 8-6 – Manage HD Encryption Screen

Encryption State Description Not encrypted Hard disk is not encrypted. Encryption before booting The hard disk will be encrypted immediately after the pre-boot

authentication, and before the operating system is booted. This process cannot be interrupt once it is started.

Encryption while working The hard disk will be encrypted in the background after the operating system has finished booting.

Encryption in progress The hard disk is currently being encrypted. Encrypted The hard disk is encrypted. Decryption before booting The hard disk will be decrypted immediately after the pre-boot

authentication, and before the operating system is booted. This process cannot be interrupt once it is started.

Decryption while working The hard disk will be decrypted in the background after the operating system has finished booting.

Decryption in progress The hard disk is currently being decrypted. No disk found No hard disk is connected.

The state of the hard disk can be changed by selecting the options from the pull-down menu. When finished, click on the button “Continue” to save the new state, and return to the main menu. The hard disk encryption or decryption will begin after the next reboot.

��Note:

The options “Encryption before booting” and “Decryption before booting” result in a slower process. In addition, this process cannot be interrupted once it is started. As such, it is advisable to use “Encryption while working” or “Decryption while working” to encrypt or decrypt the hard disks.

8.3.3. Backup Security File

If the securityinfo.dat file for your installation is misplacd, you can use this option to regenerate another file. Select “Backup Security File” from the main “Service and Update” menu, and click on the button “Continue”.

CompuSec® Service


Figure 8-7 – Backup Security File

You will be prompted to select a location to save the securityinfo.dat file. 8.3.4. Change Logon Screen

The functions provided allow you to customize the look and feel of the pre-boot authentication in FREE CompuSec®.

Figure 8-8 – Modify pre-boot logon screen

There are 3 different bitmaps provided, “COMPUSEC_1.BMP”, “COMPUSEC_2.BMP” and “COMPUSEC_3.BMP”, with different graphics for your pre-boot authentication screen. The background and text colour can also be changed. Modify the “Foreground Color” to change the colour of the text, and the “Background Color” to change the colour of the background. Click on the button “Apply” to save the changes.

CompuSec® Service


8.4. Uninstallation of CompuSec® This function starts the uninstallation process to remove FREE CompuSec® from your machine. See Section 14 for more details.

Removable Media Encryption


9. Removable Media Encryption The removable media encryption (RME) is a module that allows you to use encrypt removable media devices, such as USB memory sticks, floppy disks, and CD-ROMs. If installed, the RME module can be accessed by clicking on the lock icon in the taskbar. Depending on the encryption state of the devices in your computer, the lock can appear as either locked or unlocked.

Table 9-1 – RME status

Icon Description

The “unlocked” icon is displayed when none of the removable media devices are encrypted.

The “locked” icon is displayed when one or more removable media devices are encrypted.

To change the encryption state of the removable media device, click on the icon. A menu showing the different removable media devices will be displayed, as shown in Figure 9-1. If you want to change the state of your removable media device from plain to encrypted, select the “Encrypted” option for the required drive. To change it back to plain, select the “Plain” option for the required drive.

Figure 9-1 – Change encryption state

You can also see the status of the encryption in the “My Computer” property page, as seen in Figure 9-2. Encrypted drives are displayed with a green lock icon.

Figure 9-2 – Viewing the encryption state of drives

When you change the state from “Plain” to “Encrypted”, the RME module will start handling the drive as an encrypted media. If you connect a plain removable media device, you will receive a warning about the state of the removable media device, as shown in Figure 9-3. If you click on the button “OK”, the RME module will start handling this removable media device as an encrypted media, even though it is not encrypted.



When you attempt to access the drive, you will be prompted to format the drive, as shown in Figure 9-4. If you click on the button “Yes”, your removable media device will be encrypted and all your data on the device will be lost. After the format, your removable media device can be used as an encrypted media. All data copied to the device is automatically encrypted, and all data read from the device is automatically decrypted.

Figure 9-3 – RME Warning message

Figure 9-4 – Format dialog

9.1. CD Encryption When the CDCrypt module is installed, you will be create encrypted CD/DVDs. To create an encrypted CD or DVD, select “Encrypted” under the “CD/DVD burner” section in the RME menu. A dialog box will appear, asking you to select the key that will be used to encrypt the CD or DVD, as shown in Figure 9-5. Select the key to be used, and click on button “OK”.

Figure 9-5 – Choose CDCrypt encryption key

��Note:

These keys were defined during the installation. A total of 8 keys are available for use.



��Note:

The selection of keys is only required when creating encrypted CD/DVDs. When CDCrypt detects that an encrypted CD/DVD is inserted, it will automatically try all the keys available to find the appropriate key for decryption.

DataCrypt


10. DataCrypt DataCrypt is a module that enables users to encrypt individual files, using Public-Key-Cryptography based on elliptic curves. DataCrypt will automatically create a key pair (2 keys) for each user, which will be used for the encryption and decryption of files in DataCrypt. The function of the key pair is such that if one key (Public Key) is used to encrypt the data, only the other key (Private Key) can be used to decrypt the message. It is almost impossible to calculate one key from the other, so the Public Key can be published, as long as the Private Key is kept secret. As such, you will be able to send out your Public Key to your friends, associates, or business partners. To securely send you sensitive files through untrusted mediums by encrypting the files using DataCrypt with your Public Key. When received, the encrypted files are decrypted using your Private Key. DataCrypt supports multiple users on the same computer. A unique key pair is calculated for each user, and then stored into the Windows registry.

10.1. Starting DataCrypt To start DataCrypt, go to Start � Programs � Security � DataCrypt. If this is your first time using DataCrypt, you will be prompted to enter your user name and you email as shown in Figure 10-1. Enter your username and email and click on the button “OK” to start using DataCrypt. This username and password will be used as your identity for DataCrypt.

Figure 10-1 – Enter user information in DataCrypt

When started, the DataCrypt application will be started in the “Start” tab, as shown in Figure 10-2. There are a total of 6 tabs for use in DataCrypt, Start, Encrypt, Decrypt, Manage Keys, Change options, and About.

DataCrypt


Figure 10-2 – Main screen of DataCrypt

10.2. Encrypting Files To encrypt files, select the tab “Encrypt”. DataCrypt will display a tree view of the folders in your computer, as shown in Figure 10-3.

Figure 10-3 – Encrypting files

To navigate, click on the “+” icon to expand the folder. Select the file you want to encrypt by clicking on the checkbox beside the desired file. When selected, a red tick will appear in the checkbox. You can select multiple files to decrypt. To select entire folders of files for encryption, click on the checkbox beside the desired folder. When selected, all the files in the folder will be automatically selected. Only the files that reside in the target folder will be selected. Files in the sub-folders will not be selected. Click on the button “Next” to continue.

DataCrypt


Figure 10-4 – Select recipients

The next step is to select the intended recipients of the encrypted file. Click on the checkbox beside the desired recipients. If you have multiple users, use the “Search” field to find the desired recipient, by typing a portion of the user’s name or email. To send to all recipients, select the checkbox “All Recipients”. Select the desired destination folder for the encrypted files. There are 3 different options available:

� Same folder as selected files � Default folder set in options (See Section 10.5) � Custom folder location

When finished, click on the button “Encrypt” to begin encrypting the file.

Figure 10-5 – Encryption Status

When completed, click on the button “OK” to return to the DataCrypt application.

DataCrypt


10.3. Decrypting Files To decrypt files, click on the tab “Decrypt”. DataCrypt will display a tree view of the folders in your computer, as shown in Figure 10-6.

Figure 10-6 – Decrypting Files

To navigate, click on the “+” icon to expand the folder. Select the file you want to decrypt by clicking on the checkbox beside the desired file. When selected, a red tick will appear in the checkbox. You can select multiple files to decrypt. To select entire folders of files for decryption, click on the checkbox beside the desired folder. When selected, all the files in the folder will be automatically selected. Only the files that reside in the target folder will be selected. Files in the sub-folders will not be selected. Select the desired destination folder for the decrypted files. There are 3 different options available:

� Same folder as selected files � Default folder set in options (See Section 10.5) � Custom folder location

Click on the button “Next” to continue. The selected files will be decrypted by DataCrypt, as show in Figure 10-7.

DataCrypt


Figure 10-7 – Decryption status

Click on the button “OK” to return to the DataCrypt application.

10.4. Managing Keys To manage the keys used in DataCrypt, click on the tab “Manage Keys”. DataCrypt will list the public keys available in the application for use, as well as some options to manage your own public key, as shown in Figure 10-8.

Figure 10-8 – Manage Keys

10.4.1. Delete Keys

To delete keys from the DataCrypt recipient database, click on the checkbox to select the keys that you want to delete. Click on the button “Delete” to remove the selected keys from the database. You can type the name or email into the search field to find the recipient if the list is too long.

DataCrypt


10.4.2. Import Keys

To import keys, click on the button “Import”. A dialog box will appear to ask you to choose the location for the recipient’s public key file. Select the file and click on the button “Open” to save the public key into the DataCrypt recipient database. 10.4.3. Backup Keys

DataCrypt allows you to backup your own DataCrypt key pair. Click on the button “Backup” to begin the process. A dialog box will appear to choose the location to save the backup. Browse to the intended location and click on the button “Save” to complete the backup process. To prevent any unauthorised access to your public and private key in the backup, click on the button “Password protect” before beginning the backup process. A dialog box will appear asking you to enter a password to protect this backup file, as shown in Figure 10-9. Enter the intended password and click on the button “OK” to use this password.

Figure 10-9 – Backup password

10.4.4. Restore Keys

This function can be used to restore a saved key-pair and use it in DataCrypt. Click on the button “Restore” to begin the restore process. A dialog box will appear, requiring you to choose the location of the backup file. Browse to the location where you saved the backup file and click on the button “OK” to select it. The contents of the backup file will be restored into DataCrypt. If the backup file is protected with a password, you will be prompted to enter the password, as shown in Figure 10-10. Enter the password and click on the button “OK” to continue the backup process.

Figure 10-10 – Restore password

DataCrypt


10.4.5. Export Public Key

To export your own public key to other users, click on the button “Export Public Key. A dialog box will appear, asking you to select the location to save your public key. Browse to the intended location, and click on the button “Save”. The exported public key can now be sent to all your communication partners, so that they use it to send encrypted files to you.

10.5. Change Options To change the default options in DataCrypt, click on the tab “Change Options”. This page will allow you to change the default folders used for storing files after they are encrypted or decrypted, as shown in Figure 10-11.

Figure 10-11 – Change default options

Click on the button “...” to choose the location to save the encrypted or decrypted files. To automatically delete the plain files after encryption, click on the checkbox “Delete after encrypt”. Similarly, to automatically delete the encrypted files after decryption, click on the checkbox “Delete after decrypt”. When you have finished changing the default settings, click on the button “Save”.

[DriveCrypt]


11. [DriveCrypt] The [DriveCrypt] module provides a simple way to store sensitive data securely on the hard disk without the need to encrypt the entire hard disk. [DriveCrypt] creates a large file on the hard disk and encrypts it. The file is then mounted it as a separate drive in the file system for normal use. Data written into the “drive” will automatically be encrypted, while data read out will automatically be decrypted.

11.1. Starting [DriveCrypt] To start [DriveCrypt], go to Start � Programs � Security � [DriveCrypt]. This will open the dialog box to create a new container, as shown in Figure 11-1.

Figure 11-1 – Create a new container

This dialog allows you to create a new encrypted container. See Section 11.2 for more details.

11.2. Creating a new container To create a new container, right-click anywhere over the explorer window and select New � [DriveCrypt]. Alternatively, you can run [DriveCrypt] from Start � Programs � Security � [DriveCrypt]. This will open the dialog as shown in Figure 11-1. Click on the button “Browse…” to select the filename and location for the new container. Enter the size of the container needed in the “Size” field. Click on the dropdown bar to change the units from megabytes (MB) to gigabytes (GB).

��Note:

The minimum size of the container is 3 MB. You can specify the name of the volume that will be displayed when the container is mounted into the filesystem. This field is optional. Click on the button “OK” when finished. The container will be created, and formatted. It will also be encrypted.

Identity Management


12. Identity Management The Identity Management module allows you to save login data, such as usernames and passwords, in applications or websites. The first time you enter your credentials into the authentication form, Identity Management will prompt you to save your login credentials. If you save the information, the next time you need to log in, the Identity Management module will automatically insert the credentials into the forms. As such, you will not need to remember the usernames and passwords.

12.1. Starting Identity Management Identity Management is set to auto-start with Windows. To see the Identity Management application, go to Start � Programs � Security � Identity Management. Alternatively, you can double-click on the Identity Management icon in the taskbar. The Identity Management module consists of 6 different tabs, Saved Applications, Never Saved Applications, Windows Logon, Saved Web Sites, Never Saved Web Sites and Settings, as shown in Figure 12-1.

Figure 12-1 – Identity Management

To navigate around the Identity Management, click on the different tabs. These tabs are described in the sub-sections below. To exit the Identity Management application, click on the button “OK”.

12.2. Saved Applications The Saved Applications tab shows a list of application logins that Identity Management has saved. To view the saved applications, click on the tab “Saved Applications” and you will be presented with the list as shown in Figure 12-2.

Identity Management


Figure 12-2 – Saved Applications

This page shows you the name of the application, the title for the log-on dialog box, and the full path of the application that required the authentication. To view the properties for the saved application, select the application and click on the button “Properties”. This will open a dialog box to manage the properties for the saved application, as shown in Figure 12-3.

Figure 12-3 – Manage properties for saved application

Click on the button “Show Password” to view the password, instead of asterisks. Click on the button “OK” to go back to the Identity Management application. To delete the login credentials for a saved application, select the application, and click on the button “Delete”. This will delete the application from the Identity Management’s database, and you will need to enter your credentials to use the application the next time.

Identity Management


12.3. Never Saved Applications The Never Saved Applications tab shows a list of applications that you have specifically identified for Identity Management to ignore. To view these applications, click on the tab “Never Saved Applications” and you will be presented with a list as shown in Figure 12-4.

Figure 12-4 – Never saved applications

This page shows the full path to the application that Identity Management will ignore. To add an application, either click on the button “Append”, or click on the next available row. You can manually type the full path to the application, or you can click on the button “...” to browse to the location of the application. To edit an entry, you can either double click on the entry, or select the entry and click on the button “Edit”. You can now change the path to the application that you want Identity Management to ignore. To delete an entry, select the desired entry and click on the button “Delete”.

12.4. Windows Logon The Windows Logon tab shows the Windows logon passwords that you have saved for single sign-on. To view this information, click on the tab “Windows Logon” and you will be presented with the list as shown in Figure 12-5.

Identity Management


Figure 12-5 – Windows logon passwords

To view the password instead of asterisks, click on the button “Show Password”. To delete a saved Windows password, select the password and click on the button “Delete”.

12.5. Saved Web Sites The saved websites tab shows the list of websites that you have used Identity Management to manage your login credentials. To view this list, click on the tab “Saved Web Sites”, and you will be presented with list, as shown in Figure 12-6.

Figure 12-6 – Saved web sites

To edit an entry, select the desired entry and click on the button “Edit”. Alternatively, you can double-click on the entry. You can now change the URL of the website that you want to use Identity Management to remember your credentials. The Full Path option specifies whether Identity Management should only use exact URL or allows a variant of the URL entry. To delete an entry, select the desired entry and click on the button “Delete”.

Identity Management


To manage the properties for the entry, select the desired entry and click on the button “Properties”. In the next dialog box, as shown in Figure 12-7, you can view the properties for the selected entry.

Figure 12-7 – Properties for saved web sites

Click on the button “Edit URL(s)” to edit the URL for the entry. Click on the button “Show Password” to show the saved password instead of asterisks. Click on the button ‘OK” to exit and return to the Identity Management application.

12.6. Never Saved Web Sites The Never Saved Websites tab shows a list of websites that you have specifically identified for Identity Management to ignore. To view these websites, click on the tab “Never Saved Web Sites” and you will be presented with a list as shown in Figure 12-8.

Figure 12-8 – Never saved web sites

To add a new entry manually, you can either click on the button “Append”, or alternatively, you can double-click on the next empty row. Select the Full Path option, which specifies whether Identity Management should only use exact URL or allow a variant of the URL entry. Next, type in the URL that Identity Management should ignore. The new entry will be saved automatically. To edit an entry, select the desired entry and click on the button “Edit”. Alternatively, you can double-click on the entry. You can now change the URL, as well as the Full Path option for that entry. To delete an entry, select the desired entry and click on the button “Delete”.

Identity Management


12.7. Settings The Settings tab shows a list of options that you can set to modify the behaviour of Identity Management. To view these websites, click on the tab “Settings” and you will be presented with a screen as shown in Figure 12-9.

Figure 12-9 – Identity Management settings

To use Identity Management to manage your credentials for Windows applications, select the option “Enable Identity Management for Windows Application”. This option is selected by default. To start Identity Management every time Windows boots, select the option “Run as startup program”. This option is selected by default. Select the “Hide tray icon” option to hide the Identity Management icon from the system tray. This option is not selected by default. To change the delay before Identity Management automatically submits your credentials to the Windows application, change the value in the field “Pre logon time out”. The default delay is 3 seconds. Currently, Identity Management is compatible with 2 different browsers, Microsoft Internet Explorer and Mozilla. By default, Identity Management is enabled for Microsoft Internet Explorer. To enable Identity Management for Mozilla, select the option “Enable Identity Management for Mozilla”. To use the CompuSec® single sign-on as a chain to another application’s GINA, select the option “Enable chain to third party GINA”.

SafeLan


13. SafeLan The SafeLan module allows you to create encrypted files and folders on a remote folder, without needing to install any new application on the remote machine. SafeLan will transparently encrypt the data before transmitting the data through the network, and decrypt the data as it is received. As such, when used in a corporate environment, the files and folders stored in the file server are encrypted, preventing unauthorised access by system administrators and other IT support staff. It also provides a means of separating user spaces on the file server.

13.1. Starting SafeLan To start SafeLan, go to Start � Programs � Security � SafeLan. This will open the SafeLan application as shown in Figure 13-1.

Figure 13-1 – SafeLan welcome page

Click on the button Next to start encrypting folders.

SafeLan


13.2. Creating a new folder

Figure 13-2 – Creating a new encrypted folder in SafeLan

To create a new encrypted folder using SafeLan, please follow these steps: 1. Select the radio button “Create New Folder”. 2. Enter the name of your new folder in the field provided. 3. Click on the button “…” and select the location for your new folder. Please ensure you have write

permissions to the selected folder. 4. Select the key that you want to use for encryption. 5. Click on the button “Create” to start the encryption.

13.3. Encrypt an existing folder

Figure 13-3 – Encrypting an existing folder using SafeLan

SafeLan


To encrypt an existing folder, please follow these steps: 1. Select the radio button “Encrypt Existing Folder”. 2. Click on the button “…” and select the location for your desired folder. Please ensure you have

write permissions to the selected folder. 3. Select the key that you want to use for encryption. 4. Click on the button “Create” to start the encryption.

Uninstallation


14. Uninstallation

14.1. Uninstallation Checklist Please read this list carefully and ensure that these points are adhered to.

� Please ensure that you have administrator rights in your operating system. � Stop all other applications before uninstalling FREE CompuSec®. � If your hard disks are encrypted, it is advisable to decrypt them using the “Decryption

while working” option before beginning the uninstallation process. If the uninstallation process detects that the hard disks are encrypted, it will automatically use the “Decryption before booting” option to decrypt the hard disks.

14.2. Uninstallation Steps To perform an uninstallation of FREE CompuSec®, please follow these steps: 1. Run CompuSec® Service from Start � Program Files � Security � CompuSec Service. 2. The welcome page of the CompuSec® Service is displayed. Click on the button "Uninstallation of

CompuSec”.

Figure 14-1 – CompuSec® Service

3. In the next screen, please enter the correct CompuSec® password to prove your identity and click on the button “Continue” to proceed.

Uninstallation


Figure 14-2 – Authentication before uninstallation

4. In the next section, uninstallation notes note is showns:

Figure 14-3 – Important uninstallation notes

5. In the next screen, click on the button “Start Uninstall” to begin the uninstallation. If your hard

disks are not encrypted, the CompuSec® drivers and other files will be removed from your system.

��Note:

If your hard disks are encrypted, the CompuSec® uninstallation will set your hard disks to be decrypted before booting and restart the machine. You will need to enter your user ID and password at the pre-boot authentication, and decryption process will start immediately. When the decryption of the hard disks is completed, the machine will boot, and the uninstallation process will continue.

6. To finalise the uninstallation, click on the button “Finish”. You computer will be restarted

automatically.

Uninstallation


Advanced Options


15. Advanced Options This section describes the different advanced options available to FREE CompuSec®.

15.1. Installing FREE CompuSec® on Hard Disks with Multiple Operating Systems

This option should be used if you already have multiple operating systems in your machine and want to encrypt the hard disks. 15.1.1. Overview

FREE CompuSec® encrypts the entire hard disk using a sector-based encryption. In Windows, this encryption or decryption of the data is performed using a device driver. As such, it is necessary for the device driver to be installed in both the operating systems in the hard disk. To do this, a few extra steps have to be taken to ensure that the device drivers are properly installed in both the operating systems. 15.1.2. Pre-Installation Checklist

Before performing the installation, please read the following list carefully and ensure that the points are adhered to:

� Before installing FREE CompuSec®, please make a backup of your data. � Please ensure that you use only standard IDE or SATA disks and they are properly

connected. � Use CHKDSK to check the hard drive for errors. � Please disable ‘Boot Sector Virus Protection’ from you system’s BIOS � Please deactivate any antivirus software before the installation/uninstallation process � Stop all other applications before running the FREE CompuSec® installation program. � Please ensure that you have administrator rights in both your operating system. � Please ensure that all your required operating systems are installed.

Advanced Options


15.1.3. Installation Procedure

To install FREE CompuSec® on a machine with 2 or more operating systems, please follow these steps: 1. Boot to the first operating system and browse to the FREE CompuSec® installation folder. Run

Setup.exe to start the installation wizard. 2. Follow the installation steps listed in Step 8 in Section 3.2 where the installation wizard shows

the CompuSec® components.

Figure 15-1 – Select option to only install the driver

3. Select the option “Install driver for additional OS on disk”, then click on the button “Continue” to

proceed. The CompuSec® installation will install the CompuSec® device driver and exit. 4. Reboot your computer and repeat steps 1 to 3 on your other operating systems if you have more

than 2 operating systems in your machine. It is correct that the pre-boot authentication page does not appear as the installation is not completed.

5. In the last operating system, run Setup.exe and DO NOT check the “Install driver for additional

OS on disk” checkbox. This will now install the FREE CompuSec® software completely, and the machine will be restarted automatically when the installation is finished.

6. When the machine restarts again, you will be prompted with the pre-boot authentication screen,

and you will have to enter the correct username and password in order to access your system. The installation is now complete, and you have successfully installed FREE CompuSec® on a machine with multiple operating systems.

Troubleshooting and Recovery Procedures


16. Troubleshooting and Recovery Procedures This section describes various troubleshooting techniques for FREE CompuSec®. Although the software has been thoroughly tested, there are certain unforeseen circumstances or hardware configurations that may lead to a non-correct functioning of the software. As such, these steps can help you troubleshoot and recover your system.

16.1. Emergency Decryption of an Encrypted Hard Disk This procedure can be used to decrypt an encrypted hard disk in cases where the operating system cannot boot properly. After the hard disk is fully decrypted, you can then use your Windows installation CD to recover your operating system. To decrypt your hard disk, please follow these steps: 1. Power on your computer and authenticate yourself at the pre-boot authentication. 2. After you have successfully authenticated, a message for the service menu shown in Figure 16-1

is displayed for 2 seconds. Press “F1” when this is displayed to access the service menu.

Press F1 for more options. The system will boot in 2 seconds

Figure 16-1 – Service Menu Access

3. Figure 16-2 shows the different service options available. Select option 2 to begin the Emergency

decryption for your hard disk.


1 - Change current password

2 - Emergency decryption

3 - Boot

Figure 16-2 – Service Menu Functions

Figure 16-3 – Decryption Notice

4. The decryption process will take some time, depending on the size of the hard disk. The

remaining sectors to decrypt will be displayed on the screen, as shown in Figure 16-4.

Figure 16-4 – Emergency Decryption in progress

The following hard disk (1-8) is now ready for decryption: Disk 1

Do you want to encrypt this disk now? (Y / N)

Hard Disk 1 is decrypting now. Please wait and don’t switch off power.

Remaining Sectors : 82130000

Troubleshooting and Recovery Procedures


5. When the decryption process is complete, the machine will boot. Then, you will be able to

perform the necessary recovery procedures for your operating system.

��Note:

This encryption or decryption process cannot be interrupted once it is started. If the process is stopped halfway, all the data on the disk will be rendered unreadable.

CE-Infosys GmbH Am Kuemmerling 45 D-55294 Bodenheim Germany Tel: +49 (0) 6135 77 0 Fax: +49 (0) 6135 77 77 [email protected]

CE-Infosys Pte Ltd 31 International Business Park #04-03A Creative Resource Singapore 609921 Tel: +65 6899 9392 Fax:: +65 6899 9373 [email protected]

CE-Infosys FZ-LLC Dubai Internet City Thuraya 2 Bldg Office 1007 P.O. Box 500434 Dubai U.A.E. Tel: +971 4 369 7578 Fax: +971 4 369 7579 [email protected]

For more information, please visit our website http://www.ce-infosys.com

Documents

FREE CompuSec v5.3 manual