FREE CompuSec v5.3 Manual

User Manual
FREE CompuSec Version 5.3 For Windows 7/Vista / XP / 2000/Server 2003/Server 2008
User Manual FREE CompuSec Version 5.3

Published by: CE-Infosys Pte Ltd 31 International Business Park #04-03A Creative Resource Singapore 609921 Copyright 2008CE-Infosys Pte Ltd www.ce-infosys.com CompuSec and e-Identity are registered trademarks of CE-Infosys Pte Ltd Windows, Windows 2000, Windows XP, Windows Vista and Windows 7 are registered marks of Microsoft Corporation. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recoding, or otherwise, without prior permission from CE-Infosys Pte Ltd. No part of this document may be changed without the consent or permission from CE-Infosys Pte Ltd. Disclaimer This handbook has been validated and reviewed for accuracy. The instructions contained are accurate for FREE CompuSec at time of printing. CE-Infosys Pte Ltd reserves the right to modify or supplement the documentation at any time without previous announcement. CE-Infosys Pte Ltd assumes no liability for damages incurred directly from errors, omissions or discrepancies between the product and the handbook. The information of this handbook is regularly checked, and necessary corrections are contained in the following editions. We are grateful for any suggestions to further improve our existing products. If any further information is required, or problems that are not covered in this handbook, please refer to the Support Department at CE-Infosys Pte Ltd. Email: support.sg@ce-infosys.com For updates of existing products or new products, please visit our web page at the following URL: http://www.ce-infosys.com
FREE CompuSec v5.3 Manual
-i-
v3.0 14 May 2010
Table of Contents
Table of Contents................................................................................................................................... ii List of Figures ....................................................................................................................................... iv 1. Introduction ................................................................................................................................... 1 2. Overview ....................................................................................................................................... 2 2.1. Basic Features ...................................................................................................................... 2 2.2. New in this Release............................................................................................................... 2 2.3. System Requirements ........................................................................................................... 2 2.3.1. Minimum System Requirements.................................................................................... 2 2.3.2. Supported Operating Systems ...................................................................................... 2 3. Installation ..................................................................................................................................... 3 3.1. Pre-Installation Checklist ....................................................................................................... 3 3.2. Installation Procedure............................................................................................................ 3 4. Pre-boot Authentication................................................................................................................. 9 4.1. Basic Authentication ............................................................................................................ 10 4.2. Change Password ............................................................................................................... 11 4.3. More Functions ................................................................................................................... 11 4.4. Password Help Functions.................................................................................................... 12 5. Encryption and Decryption of Hard Disks.................................................................................... 13 5.1. Encryption or Decryption Before Booting ............................................................................ 13 5.2. Encryption or Decryption While Working ............................................................................. 13 6. CompuSec GINA ...................................................................................................................... 15 6.1. 6.2. 7. 7.1. 7.2. 7.3. Single Sign-On .................................................................................................................... 15 System Lock ........................................................................................................................ 16 CompuSec Credential Provider ................................................................................................ 18 Access CompuSec Credential Provider ............................................................................ 18 Single Sign-On .................................................................................................................... 18 Change Password ............................................................................................................... 19 CompuSec Credential Provider Tools............................................................................... 20
7.4. 7.4.1. Manage Single Sign On .............................................................................................. 20 7.4.2. Change CompuSec Password .................................................................................. 20 7.5. Screen Lock ........................................................................................................................ 21 8. CompuSec Service ................................................................................................................... 22 8.1. 8.2. 8.3. Information .......................................................................................................................... 22 Installation and removal of CompuSec components ......................................................... 22
Service and Update ............................................................................................................. 23 8.3.1. Information about CompuSec ................................................................................... 24 8.3.2. 8.3.3. 8.3.4. Manage HD Encryption ............................................................................................... 24 Backup Security File .................................................................................................... 25 Change Logon Screen ................................................................................................ 26 Uninstallation of CompuSec ............................................................................................. 27
8.4. Removable Media Encryption ..................................................................................................... 28 9.1. CD Encryption ..................................................................................................................... 29 10. DataCrypt ................................................................................................................................ 31 10.1. Starting DataCrypt ........................................................................................................... 31 10.2. Encrypting Files ............................................................................................................... 32 10.3. Decrypting Files............................................................................................................... 34 10.4. Managing Keys................................................................................................................ 35 10.4.1. Delete Keys ................................................................................................................. 35 10.4.2. Import Keys ................................................................................................................. 36 10.4.3. Backup Keys ............................................................................................................... 36 10.4.4. Restore Keys ............................................................................................................... 36 10.4.5. Export Public Key ........................................................................................................ 37 10.5. Change Options .............................................................................................................. 37 11. [DriveCrypt] ............................................................................................................................. 38 11.1. Starting [DriveCrypt] ........................................................................................................ 38 9.
- ii -
v3.0 14 May 2010
11.2. Creating a new container ................................................................................................ 38 12. Identity Management ............................................................................................................... 39 12.1. Starting Identity Management ......................................................................................... 39 12.2. Saved Applications .......................................................................................................... 39 12.3. Never Saved Applications ............................................................................................... 41 12.4. Windows Logon ............................................................................................................... 41 12.5. Saved Web Sites ............................................................................................................. 42 12.6. Never Saved Web Sites .................................................................................................. 43 12.7. Settings ........................................................................................................................... 44 13. SafeLan ................................................................................................................................... 45 13.1. Starting SafeLan.............................................................................................................. 45 13.2. Creating a new folder ...................................................................................................... 46 13.3. Encrypt an existing folder ................................................................................................ 46 14. Uninstallation........................................................................................................................... 48 14.1. Uninstallation Checklist ................................................................................................... 48 14.2. Uninstallation Steps......................................................................................................... 48 15. Advanced Options ................................................................................................................... 51 15.1. Installing FREE CompuSec on Hard Disks with Multiple Operating Systems ............... 51 15.1.1. Overview ..................................................................................................................... 51 15.1.2. Pre-Installation Checklist ............................................................................................. 51 15.1.3. Installation Procedure .................................................................................................. 52 16. Troubleshooting and Recovery Procedures ............................................................................ 53 16.1. Emergency Decryption of an Encrypted Hard Disk ......................................................... 53
- iii -
v3.0 14 May 2010
List of Figures
Figure 3-1 FREE CompuSec Installation ......................................................................................... 3 Figure 3-2 Select CompuSec Components ..................................................................................... 4 Figure 3-3 User Details and Password Profile ................................................................................... 5 Figure 3-4 Select Encryption Keys ..................................................................................................... 6 Figure 3-5 Set Hard Disk Encryption State ........................................................................................ 7 Figure 3-6 Password Reset Code ...................................................................................................... 7 Figure 4-1 Standard CompuSec Pre-boot Authentication ............................................................... 9 Figure 4-2 8-bit graphics for CompuSec pre-boot authentication .................................................... 9 Figure 4-3 VGA graphics for CompuSec pre-boot authentication.................................................. 10 Figure 4-4 Basic Authentication: User ID ......................................................................................... 10 Figure 4-5 Basic Authentication: Password...................................................................................... 10 Figure 4-6 Password expired ........................................................................................................... 11 Figure 4-7 Enter new password ....................................................................................................... 11 Figure 4-8 Confirm new password ................................................................................................... 11 Figure 4-9 New password accepted ................................................................................................. 11 Figure 4-10 More Options ................................................................................................................ 11 Figure 4-11 More Options ................................................................................................................ 12 Figure 4-12 Password Help.............................................................................................................. 12 Figure 4-13 Password Reset: User ID ............................................................................................. 12 Figure 4-14 Enter Password Reset Code ........................................................................................ 12 Figure 5-1 Encryption before booting ............................................................................................... 13 Figure 5-2 Encryption before booting in progress ............................................................................ 13 Figure 5-3 Encryption while working ................................................................................................ 14 Figure 5-4 Encryption status during booting..................................................................................... 14 Figure 5-5 Background encryption status......................................................................................... 14 Figure 6-1 CompuSec GINA.......................................................................................................... 15 Figure 6-2 Enter user credentials (Windows XP) ............................................................................. 15 Figure 6-3 Auto-Logon ..................................................................................................................... 16 Figure 6-4 Manage single sign-on .................................................................................................... 16 Figure 6-5 System Locked ............................................................................................................... 17 Figure 6-6 Unlocking system lock with the CompuSec password ................................................. 17 Figure 7-1 Enter user credentials (Windows Vista) .......................................................................... 18 Figure 7-2 Enter user credentials (Windows XP) ............................................................................. 18 Figure 7-3 Auto-Logon ..................................................................................................................... 19 Figure 7-4 Change Windows Password ........................................................................................... 19 Figure 7-5 CompuSec Credential Provider Tools .......................................................................... 20 Figure 7-6 Manage Single Sign-On .................................................................................................. 20 Figure 7-7 Change CompuSec Password ..................................................................................... 21 Figure 7-8 Screen Lock .................................................................................................................... 21 Figure 8-1 Main Dialog for CompuSec Service ............................................................................. 22 Figure 8-2 CompuSec Components .............................................................................................. 23 Figure 8-3 Authentication before Service and Update ..................................................................... 23 Figure 8-4 Service and Update Options ........................................................................................... 24 Figure 8-5 CompuSec Information ................................................................................................ 24 Figure 8-6 Manage HD Encryption Screen ...................................................................................... 25 Figure 8-7 Backup Security File ....................................................................................................... 26 Figure 8-8 Modify pre-boot logon screen ......................................................................................... 26 Figure 9-1 Change encryption state ................................................................................................. 28 Figure 9-2 Viewing the encryption state of drives ............................................................................ 28 Figure 9-3 RME Warning message .................................................................................................. 29 Figure 9-4 Format dialog .................................................................................................................. 29 Figure 9-5 Choose CDCrypt encryption key..................................................................................... 29 Figure 10-1 Enter user information in DataCrypt.............................................................................. 31 Figure 10-2 Main screen of DataCrypt ............................................................................................. 32 Figure 10-3 Encrypting files ............................................................................................................. 32
- iv -
v3.0 14 May 2010
Figure 10-4 Select recipients ........................................................................................................... 33 Figure 10-5 Encryption Status.......................................................................................................... 33 Figure 10-6 Decrypting Files ............................................................................................................ 34 Figure 10-7 Decryption status .......................................................................................................... 35 Figure 10-8 Manage Keys ................................................................................................................ 35 Figure 10-9 Backup password ......................................................................................................... 36 Figure 10-10 Restore password ....................................................................................................... 36 Figure 10-11 Change default options ............................................................................................... 37 Figure 11-1 Create a new container................................................................................................. 38 Figure 12-1 Identity Management .................................................................................................... 39 Figure 12-2 Saved Applications ....................................................................................................... 40 Figure 12-3 Manage properties for saved application ...................................................................... 40 Figure 12-4 Never saved applications .............................................................................................. 41 Figure 12-5 Windows logon passwords ........................................................................................... 42 Figure 12-6 Saved web sites............................................................................................................ 42 Figure 12-7 Properties for saved web sites ...................................................................................... 43 Figure 12-8 Never saved web sites .................................................................................................. 43 Figure 12-9 Identity Management settings ....................................................................................... 44 Figure 13-1 SafeLan welcome page ................................................................................................ 45 Figure 13-2 Creating a new encrypted folder in SafeLan ................................................................. 46 Figure 13-3 Encrypting an existing folder using SafeLan ................................................................. 46 Figure 14-1 CompuSec Service .................................................................................................... 48 Figure 14-2 Authentication before uninstallation .............................................................................. 49 Figure 14-3 Important uninstallation notes ....................................................................................... 49 Figure 15-1 Select option to only install the driver ........................................................................... 52 Figure 16-1 Service Menu Access ................................................................................................... 53 Figure 16-2 Service Menu Functions ............................................................................................... 53 Figure 16-3 Decryption Notice ......................................................................................................... 53 Figure 16-4 Emergency Decryption in progress ............................................................................... 53
-v-
v3.0 14 May 2010
Introduction
1.
Introduction
Personal computers and notebooks are essential for any organization in the wired world today. These machines are used for a myriad of purposes, such as software development, accounting, product development and others. As such, an increasing amount of information is stored in the hard disks of these machines, some of which are highly confidential and classified. Consequently, the theft or loss of such computing equipment will cost the organization many times more than the cost of the actual computing equipment alone. Too often, we read of careless employees losing hundreds of thousands of customer details when they left their notebooks in the back seat of the taxi on the way to the airport. FREE CompuSec is the fast and easy solution to the problem of protecting the confidentiality of the information stored on these computing equipment. This software product encrypts the entire hard disk of the machine, including the operating system and other system files. A pre-boot access control is enforced, so as to prevent any unauthorized access. Only with the correct username and password, can the operating system on the machine be booted. This software security suite also provides other software components to encrypt removable media such as USB memory sticks and floppy disks, files and folders on the network, and individual files. The encryption is performed transparently, and the user is not required to make extraneous steps to encrypt files.
Page 1 of 54
v3.0 14 May 2010
Overview
2.
2.1.
Overview
Basic Features
Pre-boot access control using User Name and Password Easy to convenient method to reset user password Full hard disk encryption using AES with 256-bit keys Option for background encryption and decryption during installation or uninstallation Fast and secure automatic logon to Windows using CompuSec Single Sign On feature Secure screen lock with CompuSec GINA Hibernation Mode supported Removable media encryption for encrypting floppy disks, USB memory sticks, and others Single file encryption using public key cryptography CD/DVD encryption using CDCrypt SafeLan for automatic folder and file encryption DataCrypt for file encryption [DriveCrypt] for container encryption Identity Management for simple password management [ClosedTalk] for secure VOIP talks Password history and complexity checks for higher security Password reset code for resetting lost passwords
2.2.
New in this Release

Support for Windows 7 (32 & 64 bit), Windows Server 2008 & Server 2008 R2 New and improved DataCrypt [DriveCrypt] for container encryption
2.3.
2.3.1.
System Requirements
Minimum System Requirements Intel or AMD processor 128 MB RAM 100 MB of free hard disk space
2.3.2.
Supported Operating Systems
FREE CompuSec supports the following operating systems (32 bit and 64 bit): Windows 2000 with Service Pack 4 Windows XP Professional Edition with Service Pack 2 Windows Server 2003 Windows Server 2008 R2 Windows Vista Windows 7
Page 2 of 54
v3.0 14 May 2010
Installation
3.
3.1.
Installation
Pre-Installation Checklist
Please read this list carefully and ensure that these points are adhered to. Before installing FREE CompuSec, please make a backup of your data. Please ensure that you use only standard IDE or SATA disks and they are properly connected. Use CHKDSK to check the hard drive for errors. Please disable Boot Sector Virus Protection from you systems BIOS Please deactivate any antivirus software before the installation/uninstallation process Stop all other applications before running the FREE CompuSec installation program. Please ensure that you have administrator rights in your operating system.
3.2.
Installation Procedure
To install FREE CompuSec, follow these steps. 1. 2. 3. Browse to the correct path to locate the FREE CompuSec installation folder. Run Setup.exe to start the installation wizard that will lead you through the installation. The welcome page of the installation wizard is displayed. Click on the button "Installation and removal of CompuSec Components.
Figure 3-1 FREE CompuSec Installation 4. 5. 6. 7. The License Agreement dialog is displayed. If you agree to the license terms, click on the Accept button. If not, click on the Decline button, and the installation will end. A reminder dialog is displayed. Please check that the antivirus software is disabled, and close all other applications before proceeding. Click on the Continue button when ready. The FREE CompuSec files will be copied to the folder C:\Program Infosys\CompuSec. This folder will be created automatically if it does not exist. Files\CE-
A list of FREE CompuSec components is displayed. Select the functions required and click on the Continue button to proceed. A description of the different options is listed in Table 3-1. Select the desired components and click on the button Continue to proceed.
Page 3 of 54 v3.0 14 May 2010
Installation
Figure 3-2 Select CompuSec Components Table 3-1 FREE CompuSec Installation Options Option Pre Boot Authentication Hard Disk Encryption Single Sign On using User Credentials Description When this function is selected, users will be required to enter the username and password before Windows can be started. When this option is selected, the hard disks in the computer will be encrypted when the machine is rebooted. When this function is selected, the CompuSec GINA (Windows XP) or Credential Provider (Windows Vista) will be installed. More details of this component can be found in Sections 6 and 7. When this option is selected, the SafeLan software component will be installed. More details of this component can be found in Section 13. When this option is selected, the DataCrypt software component will be installed. More details of this component can be found in Section 10. When this option is selected, the [ClosedTalk] software for encrypted VOIP will be installed. More details of this component can be found in the [ClosedTalk] Manual. When this option is selected, the Identity Management software will be installed. More details of this component can be found in Section 12. When this option is selected, the [DriveCrypt] software for container encryption will be installed. More details of this component can be found in Section 11.
SafeLan for network folder encryption DataCrypt for file encryption
[ClosedTalk]
Identity Management
[DriveCrypt]
Install driver for additional OS on Select this option to install the FREE CompuSec software disk partially for systems with multiple OS.
Note: Please do not enable Single Sign On if you already have another login program. If you would like to use the Single Sign On option in FREE CompuSec, please uninstall your other login program first.
Page 4 of 54
v3.0 14 May 2010
Installation
Note: If you have more than one operating system on your hard disk, you will need to enable the Install driver for additional OS on disk option for the secondary OS to install the FREE CompuSec software partially. You will then need to install the FREE CompuSec software on your primary OS without selecting the Install driver for additional OS on disk option to install the software completely. For more information, please see Section 15.1 - Installing FREE CompuSec on Hard Disks with Multiple O. 8. In the user account dialog, input your desired User ID that will be used by FREE CompuSec for pre-boot authentication. Select the password policies that are desired. You can activate or deactivate each setting by checking the boxes next to these options. The first option limits the lifetime of the password to the specified number of days. The second option limits the lifetime of the password to the specified number of logons. The third option specifies whether a password change question will be displayed after every successful login. Click on the button Continue to proceed.
Figure 3-3 User Details and Password Profile
Note: The User ID is case sensitive. Please write down the user ID and keep the information safe. 9. The keys used for the in FREE CompuSec are displayed. These keys have been randomly generated by the installation application. Table 3-2 describes how the generated keys can be modified. Click on the button Continue to proceed with the installation.
Page 5 of 54
v3.0 14 May 2010
Installation
Figure 3-4 Select Encryption Keys Table 3-2 Possible Modification of the Generated Keys Button Description Generate another random key Manually input a new key Import the key from an existing securityinfo.dat file
10. The hard disk encryption setting is displayed. FREE CompuSec supports up to 8 physical hard disks. Click on the drop down bar to change the setting. There are 3 options for hard disk encryption: Not Encrypted: The hard disk will not be encrypted Encryption before booting: The hard disk will be encrypted before the operating system starts. This process is slower and cannot be interrupt once started. Encryption while working: The hard disk will be encrypted after the operating system is started. This process is faster, and can be interrupted by a normal shutdown of the operating system or hibernation.
Page 6 of 54
v3.0 14 May 2010
Installation
Figure 3-5 Set Hard Disk Encryption State Click on the button Continue to proceed with the installation. 11. Enter your password reset code here. This can be used to help users in cases where the password is forgotten. Click on the button Continue to proceed with the installation.
Figure 3-6 Password Reset Code
Note: The password reset code is case sensitive. Please write down the password reset code and keep the information safe. 12. A reminder dialog is displayed. Please note that the default initial password is start123. Please enter this password during the pre-boot authentication immediately after the installation. Click on the Continue button to proceed. 13. In the next screen, click on the button Start Install to begin the actual software installation based on the parameters chosen.
FREE CompuSec v5.3 Manual Page 7 of 54 v3.0 14 May 2010
Installation
14. The setting of the FREE CompuSec installation is saved into a backup file, securityinfo.dat. This file is required during service updates and uninstallation of FREE CompuSec. It is also required in service situations. Click on the button Continue to save the securityinfo.dat. Note: The securityinfo.dat contains sensitive information that is unique to this installation of FREE CompuSec. Please save a copy of the file and store it in a safe and secure place. 15. The FREE CompuSec will install the necessary drivers and files into the machine. When the installation is completed, you will be prompted to finalise the installation by clicking on the button Finish. When you click on the button, your computer will be automatically restarted. When the computer starts the next time, the CompuSec pre-boot authentication screen will appear. Enter the selected user ID and the initial start123 password.
Page 8 of 54
v3.0 14 May 2010
Pre-boot Authentication
4.
The pre-boot authentication protects the machine from unauthorized access. It is started immediately after the BIOS POST. Figure 4-1 shows the screenshot of the pre-boot authentication screen. Please follow the instructions at the lower third of the screen for the pre-boot authentication. Note: The diagrams in the following subsections will only show the instructions displayed on the screen.
Figure 4-1 Standard CompuSec Pre-boot Authentication
During the FREE CompuSec setup, the installer will detect your video card settings. If it does not detect a compatible mode, different pre-boot authentication screens may be displayed, as shown in Figure 4-2 and Figure 4-3.
Figure 4-2 8-bit graphics for CompuSec pre-boot authentication
Page 9 of 54
v3.0 14 May 2010
Figure 4-3 VGA graphics for CompuSec pre-boot authentication
4.1.
Basic Authentication
The pre-boot authentication will prompt you to enter your user ID, as shown in Figure 4-4. Please type your user ID and press Enter. The characters will be displayed as asterisks (*) on the screen for higher security.
Please input your user ID or press F1 for Help User ID:

Figure 4-4 Basic Authentication: User ID At the password prompt, as shown in Figure 4-5, type your password and press the key Enter. As you type, the characters will be displayed as asterisks (*) on the screen for higher security.
Please input your password. Password:

Figure 4-5 Basic Authentication: Password
Note: Your user ID was provided during installation. Please see step 8 in Section 3.2. Note: The default password is start123.
Page 10 of 54
v3.0 14 May 2010
If you are logging in the first time, or if your password has expired, you will be prompted to type in a new password, as shown in Figure 4-6. Please see Section 4.2 for more details.
Your password has expired. You must change your password now.
Figure 4-6 Password expired
4.2.
Change Password
When you change your password, you will be prompted to enter new password, as shown in Figure 4-7. Enter your new password and press the key Enter when done. As you type, the characters will be displayed as asterisks (*) on the screen for higher security. If your password does not meet the complexity and password history checks, the CompuSec pre-boot authentication will prompt you to enter another password.
Please input your new password. Password:

Figure 4-7 Enter new password When your password is accepted, you will be required to enter your password again to verify it, as shown in Figure 4-8. Enter your password again and press the key Enter when done.
Please retype your new password to verify it. Password:

Figure 4-8 Confirm new password If the password change is successful, the message shown in Figure 4-9
The password is accepted and stored encrypted.

Figure 4-9 New password accepted
4.3.
More Functions
After you have successfully authenticated, a message for the service menu is displayed for 2 seconds. Press F1 when this is displayed to see the other options available. Figure 4-11 shows the different other options available.
Press F1 for more options. The system will boot in 2 seconds.

Figure 4-10 More Options
Page 11 of 54
v3.0 14 May 2010
The following service functions are available. Please select: 1 - Change current password 2 - Emergency decryption 3 - Boot
Figure 4-11 More Options Option 1 allows you to change the current password. Option 2 allows you to decrypt the hard disk immediately without booting into your operating system. Option 3 exits the menu and boots the operating system.
4.4.
Password Help Functions
If you forget the password, you can press F1 instead of typing the user ID. This will lead you to the password help screen as shown in Figure 4-12.
The following service functions are available. Please select: 1 - Reset Password 2 - Return
Figure 4-12 Password Help Press 1 to start the password reset mechanism. You will be prompted to type your user ID. Type your user ID and press the key Enter.
Please input your user ID User ID:

Figure 4-13 Password Reset: User ID The pre-boot authentication will prompt you for the password reset code, that was selected during the installation, as shown in Figure 4-14.
Please enter your password reset code. Code:

Figure 4-14 Enter Password Reset Code
Page 12 of 54
v3.0 14 May 2010
Encryption and Decryption of Hard Disks
5.
The encryption or decryption of the hard disks starts immediately after the pre-boot authentication. Before starting the encryption or decryption process, please ensure the following: A backup of all the important data in the hard disk has been made. The machine is running on electrical power supply mains and not on batteries. There should be no abrupt attempts to stop the encryption process once it has started.
5.1.
Encryption or Decryption Before Booting
When the option Encryption before booting or Decryption before booting is selected, the encryption or decryption process will be performed immediately after the pre-boot authentication and before the operating system is booted. Before beginning the encryption or decryption, FREE CompuSec will ask you whether to start the process. Pressing y will start the encryption or decryption. Pressing n will skip the process, and leave the encryption or decryption to the next boot. An example of the confirmation message is shown in Figure 5-1.
The following hard disk (1-8) is now ready for encryption: Disk 1 Do you want to encrypt this disk now? (Y / N)
Figure 5-1 Encryption before booting
Hard Disk 1 is encrypting. Please wait and dont switch off power. Remaining Sectors : 82130000
Figure 5-2 Encryption before booting in progress If you choose to start the encryption or decryption process, FREE CompuSec will display the status of the process as shown in Figure 5-2. The Remaining Sectors statistic shows the number of sectors left in the process. When it reaches 0, the encryption or decryption will finish. Note: This encryption or decryption process cannot be interrupted once it is started. If the process is stopped halfway, all the data on the disk will be rendered unreadable.
5.2.
Encryption or Decryption While Working
If the option Encryption while working or Decryption while working is selected, the encryption or decryption process is performed in the background. The user is able to use the operating system normally. Normal shutdown, hibernation and standby is allowed in this encryption or decryption mode. Before beginning the encryption or decryption, FREE CompuSec will ask you whether to start the process. Pressing y will start the encryption or decryption. Pressing n will skip the process, and leave the encryption or decryption to the next boot. An example of the confirmation message is shown in Figure 5-3.
Page 13 of 54
v3.0 14 May 2010
The background hard disk encryption is ready. Hard disk 1 Do you want to start it now? (Y / N)
Figure 5-3 Encryption while working The FREE CompuSec device driver will start the encryption during the booting of the operating system, and display the status message during the booting of the operating system, as shown in Figure 5-4.
CE-Infosys (c) 2005 2007 Security Device Driver Starting hard disk encryption for disk 0 6 % of hard disk 0 is already encrypted Warning: Do not power off the system when hard disk encryption is running. Regular system shutdown and hibernation is allowed.
Figure 5-4 Encryption status during booting After your operating system is started, the encryption or decryption will continue in the background. The background encryption icon in the taskbar shows the status of the encryption or decryption process. A description of the icons is provided in Table 5-1. Table 5-1 - Background encryption taskbar icon description Icon Description The spinning hourglass shows that the background encryption is still in progress. When the spinning hourglass changes to the image of a drive, the encryption or decryption while working process has finished. For more information regarding the background encryption process, click the spinning hourglass icon to see the background encryption status, as shown in Figure 5-5.
Figure 5-5 Background encryption status
Page 14 of 54
v3.0 14 May 2010
CompuSec GINA
6.
CompuSec GINA
CompuSec GINA is an extension of the Graphical Identification and Authentication for Windows 2000 and Windows XP. It provides a single sign-on capability so as to automatically log into Windows. In addition, it provides a secure screen lock function. To access the CompuSec GINA, press Ctrl, Alt and Del. The CompuSec GINA will start, and display the dialog shown in Figure 6-1.
Figure 6-1 CompuSec GINA
6.1.
Single Sign-On
When you first use the single sign-on feature, you will be asked to enter your user details as shown in Figure 6-2. This usually occurs in the first boot after the FREE CompuSec installation, or when there is no single sign-on accounts saved in the CompuSec GINA.
Figure 6-2 Enter user credentials (Windows XP) To save the user credentials and start using the single sign-on function, click on the button Logon & Save. The user credentials will be saved securely, and automatically used for authentication from now on. If you do not want to save the user credentials, click on the button Logon. This is useful for administrators or one-time users who need to access a users PC temporarily. If you have already configured your operating system to automatically log on for you, the single signon module will retrieve the information from your operating system, and automatically fill in the corresponding fields for you. All you need to do is click on the button Logon & Save to continue.
CompuSec GINA
The next time Windows is started, the user credentials will automatically be inserted into the Windows logon after a delay of 5 seconds, as shown in Figure 6-3. During this time, the user can click on the button Manual to skip the single sign-on and log into Windows normally. To skip the delay, you can click on the button Logon to sign in immediately.
Figure 6-3 Auto-Logon To manage the saved usernames and passwords in the single sign-on component, click on the button Manage Single SignOn button in the CompuSec GINA. A list of the saved users is displayed, as shown in Figure 6-4. To delete previously saved accounts, click on the account and click on the button Delete. Click on the button Close when done.
Figure 6-4 Manage single sign-on
6.2.
System Lock
The CompuSec GINA system lock is an alternative to the Windows screen lock function. When the system is locked, the logged in user must enter the CompuSec password before the system can be accessed again. To use the system lock, click on the button Lock Workstation and the lock screen will be displayed, as shown in Figure 6-5.
Page 16 of 54
v3.0 14 May 2010
CompuSec GINA
Figure 6-5 System Locked To unlock the system, , press Ctrl, Alt and Del, and type in the CompuSec password in the password dialog, seen in Figure 6-6.
Figure 6-6 Unlocking system lock with the CompuSec password
Page 17 of 54
v3.0 14 May 2010
CompuSec Credential Provider
7.
CompuSec Credential Provider is an additional Credential Provider in Windows Vista that can be used to access Windows Vista. Similar to the CompuSec GINA, the CompuSec Credential Provider has a single sign-on capability for automatically login Windows. In addition, it provides a secure screen lock function for users leaving the machine temporarily.
7.1.
Access CompuSec Credential Provider
To access the different functionalities provided by the CompuSec Credential Provider, press Ctrl, Alt and Del. The CompuSec Credential Provider will be started, and display the dialog shown in Figure 7-1.
Figure 7-1 Enter user credentials (Windows Vista)
7.2.
Single Sign-On
When you first use the single sign-on feature, you will be asked to enter your user details as shown in Figure 7-2. This usually occurs in the first boot after the FREE CompuSec installation, or when there is no single sign-on accounts saved in the Credential Provider.
Figure 7-2 Enter user credentials (Windows XP) To save the user credentials and start using the single sign-on function, enter the Windows user name and password, and check the box Remember this credential. Click on the submit button to save the credentials and log into Windows Vista. The user credentials will be saved securely, and automatically used for authentication from now on.
If you do not want to save the user credentials, uncheck the box Remember this credential before clicking on the submit button. This is useful for administrators or one-time users who need to access a users PC temporarily. If you have already configured your operating system to automatically log on for you, the single signon module will retrieve the information from your operating system, and automatically fill in the corresponding fields for you. All you need to do is click on the button Logon & Save to continue. The next time Windows is started, the saved users credentials will automatically be provided for Windows user authentication after a delay of 5 seconds, as shown in Figure 6-3. During this time, the user can click on the button Manual to skip the single sign-on and log into Windows normally. To skip the delay, you can click on the button Logon to sign in immediately.
Figure 7-3 Auto-Logon
7.3.
Change Password
To change your Windows password, press the buttons Ctrl, Alt and Del together to access the CompuSec Credential Provider. Click on the button Change a Password . In the next window, as shown in Figure 7-4, you can change your Windows password. Enter your current and your desired new password and click on the submit button to save your new password.
Figure 7-4 Change Windows Password
Page 19 of 54
v3.0 14 May 2010
7.4.
CompuSec Credential Provider Tools
To access the CompuSec Credential Provider Tools, press the buttons Ctrl, Alt and Del together to access the CompuSec Credential Provider. Click on the button Change a Password . In the next window, as shown in Figure 7-4, click on the button Option to access the CompuSec Credential Provider Tools as shown in Figure 7-5.
Figure 7-5 CompuSec Credential Provider Tools 7.4.1. Manage Single Sign On
To manage the user credentials saved in the Single Sign On component, click on the button Manage Single SignOn. You will now be able to see the user credentials saved by the CompuSec Credential Provider. A list of the saved user credentials is displayed, , as shown in Figure 7-6. To delete the user credentials, select the user, and click on the button Delete. Click on the button Save to confirm the deletion. To quit this menu, click on the button Cancel.
Figure 7-6 Manage Single Sign-On 7.4.2. Change CompuSec Password
To change your CompuSec password, click on the button Change CompuSec Password. The dialog for changing CompuSec password will be displayed, as shown in Figure 7-7. Enter your current CompuSec password, and then your desired new CompuSec password, and click on the button OK to save.
Page 20 of 54
v3.0 14 May 2010
Figure 7-7 Change CompuSec Password
7.5.
Screen Lock
To temporarily lock your system, press the buttons Ctrl, Alt and Del together to access the CompuSec Credential Provider. Click on the button Lock this Computer, and your system will be locked, as shown in Figure 7-8.
Figure 7-8 Screen Lock To unlock your system, type in your CompuSec password and click on the submit button.
Page 21 of 54
v3.0 14 May 2010
CompuSec Service
8.
CompuSec Service
The CompuSec service allows to modify the settings of the FREE CompuSec installation, or perform an upgrade of the components. You will need administrator rights in your operating system to access the CompuSec Service. To access the CompuSec Service, go to Start Program Files Security CompuSec Service.
The main page of the CompuSec Service offers four different options: Information Installation and removal of CompuSec components Service and Update Uninstallation of CompuSec
Figure 8-1 Main Dialog for CompuSec Service
8.1.
Information
This function opens the FREE CompuSec Readme file in the installation package. It describes the functions for each module in FREE CompuSec software, and other information.
8.2.
Installation and removal of CompuSec components
This option allows you to add or remove CompuSec components after you have performed the installation. You will need the securityinfo.dat that was created during the installation in order to use this option.
Page 22 of 54
v3.0 14 May 2010
CompuSec Service
Figure 8-2 CompuSec Components To add components to the current FREE CompuSec installation, check the corresponding box. To remove components, uncheck the corresponding box. Click on the button Continue to proceed.
8.3.
Service and Update
This service menu allows you to change the functioning of the FREE CompuSec installed in your machine. Before configuring the FREE CompuSec in your system, you will be prompted for your CompuSec password, as shown in Figure 8-3.
Figure 8-3 Authentication before Service and Update If you correctly authenticate yourself, you will be allowed to change the configuration of the FREE CompuSec. The options available are shown in Figure 8-4. Select the option desired, and click on the button Continue.
Page 23 of 54
v3.0 14 May 2010
CompuSec Service
Figure 8-4 Service and Update Options 8.3.1. Information about CompuSec
This option shows the details of the version of FREE CompuSec that is installed in this computer.
Figure 8-5 CompuSec Information 8.3.2. Manage HD Encryption
This function allows users to set the encryption status of the hard disks in the machine. For each hard disk that is connected in the machine, CompuSec Service will display the current encryption state. Up to 8 disks can be supported by FREE CompuSec, and each of the statuses is displayed in this page.
Page 24 of 54
v3.0 14 May 2010
CompuSec Service
Figure 8-6 Manage HD Encryption Screen Encryption State Not encrypted Encryption before booting Description Hard disk is not encrypted. The hard disk will be encrypted immediately after the pre-boot authentication, and before the operating system is booted. This process cannot be interrupt once it is started. The hard disk will be encrypted in the background after the operating system has finished booting. The hard disk is currently being encrypted. The hard disk is encrypted. The hard disk will be decrypted immediately after the pre-boot authentication, and before the operating system is booted. This process cannot be interrupt once it is started. The hard disk will be decrypted in the background after the operating system has finished booting. The hard disk is currently being decrypted. No hard disk is connected.
Encryption while working Encryption in progress Encrypted Decryption before booting
Decryption while working Decryption in progress No disk found
The state of the hard disk can be changed by selecting the options from the pull-down menu. When finished, click on the button Continue to save the new state, and return to the main menu. The hard disk encryption or decryption will begin after the next reboot. Note: The options Encryption before booting and Decryption before booting result in a slower process. In addition, this process cannot be interrupted once it is started. As such, it is advisable to use Encryption while working or Decryption while working to encrypt or decrypt the hard disks. 8.3.3. Backup Security File
If the securityinfo.dat file for your installation is misplacd, you can use this option to regenerate another file. Select Backup Security File from the main Service and Update menu, and click on the button Continue.
Page 25 of 54
v3.0 14 May 2010
CompuSec Service
Figure 8-7 Backup Security File You will be prompted to select a location to save the securityinfo.dat file. 8.3.4. Change Logon Screen
The functions provided allow you to customize the look and feel of the pre-boot authentication in FREE CompuSec.
Figure 8-8 Modify pre-boot logon screen There are 3 different bitmaps provided, COMPUSEC_1.BMP, COMPUSEC_2.BMP and COMPUSEC_3.BMP, with different graphics for your pre-boot authentication screen. The background and text colour can also be changed. Modify the Foreground Color to change the colour of the text, and the Background Color to change the colour of the background. Click on the button Apply to save the changes.
Page 26 of 54
v3.0 14 May 2010
CompuSec Service
8.4.
Uninstallation of CompuSec
This function starts the uninstallation process to remove FREE CompuSec from your machine. See Section 14 for more details.
Page 27 of 54
v3.0 14 May 2010
Removable Media Encryption
9.
The removable media encryption (RME) is a module that allows you to use encrypt removable media devices, such as USB memory sticks, floppy disks, and CD-ROMs. If installed, the RME module can be accessed by clicking on the lock icon in the taskbar. Depending on the encryption state of the devices in your computer, the lock can appear as either locked or unlocked. Table 9-1 RME status Description The unlocked icon is displayed when none of the removable media devices are encrypted. The locked icon is displayed when one or more removable media devices are encrypted.
Icon
To change the encryption state of the removable media device, click on the icon. A menu showing the different removable media devices will be displayed, as shown in Figure 9-1. If you want to change the state of your removable media device from plain to encrypted, select the Encrypted option for the required drive. To change it back to plain, select the Plain option for the required drive.
Figure 9-1 Change encryption state You can also see the status of the encryption in the My Computer property page, as seen in Figure 9-2. Encrypted drives are displayed with a green lock icon.
Figure 9-2 Viewing the encryption state of drives When you change the state from Plain to Encrypted, the RME module will start handling the drive as an encrypted media. If you connect a plain removable media device, you will receive a warning about the state of the removable media device, as shown in Figure 9-3. If you click on the button OK, the RME module will start handling this removable media device as an encrypted media, even though it is not encrypted.
Page 28 of 54
v3.0 14 May 2010
When you attempt to access the drive, you will be prompted to format the drive, as shown in Figure 9-4. If you click on the button Yes, your removable media device will be encrypted and all your data on the device will be lost. After the format, your removable media device can be used as an encrypted media. All data copied to the device is automatically encrypted, and all data read from the device is automatically decrypted.
Figure 9-3 RME Warning message
Figure 9-4 Format dialog
9.1.
CD Encryption
When the CDCrypt module is installed, you will be create encrypted CD/DVDs. To create an encrypted CD or DVD, select Encrypted under the CD/DVD burner section in the RME menu. A dialog box will appear, asking you to select the key that will be used to encrypt the CD or DVD, as shown in Figure 9-5. Select the key to be used, and click on button OK.
Figure 9-5 Choose CDCrypt encryption key
Note: These keys were defined during the installation. A total of 8 keys are available for use.
Note: The selection of keys is only required when creating encrypted CD/DVDs. When CDCrypt detects that an encrypted CD/DVD is inserted, it will automatically try all the keys available to find the appropriate key for decryption.
Page 30 of 54
v3.0 14 May 2010
DataCrypt
10. DataCrypt
DataCrypt is a module that enables users to encrypt individual files, using Public-Key-Cryptography based on elliptic curves. DataCrypt will automatically create a key pair (2 keys) for each user, which will be used for the encryption and decryption of files in DataCrypt. The function of the key pair is such that if one key (Public Key) is used to encrypt the data, only the other key (Private Key) can be used to decrypt the message. It is almost impossible to calculate one key from the other, so the Public Key can be published, as long as the Private Key is kept secret. As such, you will be able to send out your Public Key to your friends, associates, or business partners. To securely send you sensitive files through untrusted mediums by encrypting the files using DataCrypt with your Public Key. When received, the encrypted files are decrypted using your Private Key. DataCrypt supports multiple users on the same computer. A unique key pair is calculated for each user, and then stored into the Windows registry.
10.1. Starting DataCrypt

To start DataCrypt, go to Start Programs Security DataCrypt.
If this is your first time using DataCrypt, you will be prompted to enter your user name and you email as shown in Figure 10-1. Enter your username and email and click on the button OK to start using DataCrypt. This username and password will be used as your identity for DataCrypt.
Figure 10-1 Enter user information in DataCrypt When started, the DataCrypt application will be started in the Start tab, as shown in Figure 10-2. There are a total of 6 tabs for use in DataCrypt, Start, Encrypt, Decrypt, Manage Keys, Change options, and About.
Page 31 of 54
v3.0 14 May 2010
DataCrypt
Figure 10-2 Main screen of DataCrypt
10.2. Encrypting Files

To encrypt files, select the tab Encrypt. DataCrypt will display a tree view of the folders in your computer, as shown in Figure 10-3.
Figure 10-3 Encrypting files To navigate, click on the + icon to expand the folder. Select the file you want to encrypt by clicking on the checkbox beside the desired file. When selected, a red tick will appear in the checkbox. You can select multiple files to decrypt. To select entire folders of files for encryption, click on the checkbox beside the desired folder. When selected, all the files in the folder will be automatically selected. Only the files that reside in the target folder will be selected. Files in the sub-folders will not be selected. Click on the button Next to continue.
Page 32 of 54
v3.0 14 May 2010
DataCrypt
Figure 10-4 Select recipients The next step is to select the intended recipients of the encrypted file. Click on the checkbox beside the desired recipients. If you have multiple users, use the Search field to find the desired recipient, by typing a portion of the users name or email. To send to all recipients, select the checkbox All Recipients. Select the desired destination folder for the encrypted files. There are 3 different options available: Same folder as selected files Default folder set in options (See Section 10.5) Custom folder location When finished, click on the button Encrypt to begin encrypting the file.
Figure 10-5 Encryption Status When completed, click on the button OK to return to the DataCrypt application.
Page 33 of 54
v3.0 14 May 2010
DataCrypt
10.3. Decrypting Files

To decrypt files, click on the tab Decrypt. DataCrypt will display a tree view of the folders in your computer, as shown in Figure 10-6.
Figure 10-6 Decrypting Files To navigate, click on the + icon to expand the folder. Select the file you want to decrypt by clicking on the checkbox beside the desired file. When selected, a red tick will appear in the checkbox. You can select multiple files to decrypt. To select entire folders of files for decryption, click on the checkbox beside the desired folder. When selected, all the files in the folder will be automatically selected. Only the files that reside in the target folder will be selected. Files in the sub-folders will not be selected. Select the desired destination folder for the decrypted files. There are 3 different options available: Same folder as selected files Default folder set in options (See Section 10.5) Custom folder location Click on the button Next to continue. The selected files will be decrypted by DataCrypt, as show in Figure 10-7.
Page 34 of 54
v3.0 14 May 2010
DataCrypt
Figure 10-7 Decryption status Click on the button OK to return to the DataCrypt application.
10.4. Managing Keys

To manage the keys used in DataCrypt, click on the tab Manage Keys. DataCrypt will list the public keys available in the application for use, as well as some options to manage your own public key, as shown in Figure 10-8.
Figure 10-8 Manage Keys 10.4.1. Delete Keys To delete keys from the DataCrypt recipient database, click on the checkbox to select the keys that you want to delete. Click on the button Delete to remove the selected keys from the database. You can type the name or email into the search field to find the recipient if the list is too long.
Page 35 of 54
v3.0 14 May 2010
DataCrypt
10.4.2. Import Keys To import keys, click on the button Import. A dialog box will appear to ask you to choose the location for the recipients public key file. Select the file and click on the button Open to save the public key into the DataCrypt recipient database. 10.4.3. Backup Keys DataCrypt allows you to backup your own DataCrypt key pair. Click on the button Backup to begin the process. A dialog box will appear to choose the location to save the backup. Browse to the intended location and click on the button Save to complete the backup process. To prevent any unauthorised access to your public and private key in the backup, click on the button Password protect before beginning the backup process. A dialog box will appear asking you to enter a password to protect this backup file, as shown in Figure 10-9. Enter the intended password and click on the button OK to use this password.
Figure 10-9 Backup password 10.4.4. Restore Keys This function can be used to restore a saved key-pair and use it in DataCrypt. Click on the button Restore to begin the restore process. A dialog box will appear, requiring you to choose the location of the backup file. Browse to the location where you saved the backup file and click on the button OK to select it. The contents of the backup file will be restored into DataCrypt. If the backup file is protected with a password, you will be prompted to enter the password, as shown in Figure 10-10. Enter the password and click on the button OK to continue the backup process.
Figure 10-10 Restore password
Page 36 of 54
v3.0 14 May 2010
DataCrypt
10.4.5. Export Public Key To export your own public key to other users, click on the button Export Public Key. A dialog box will appear, asking you to select the location to save your public key. Browse to the intended location, and click on the button Save. The exported public key can now be sent to all your communication partners, so that they use it to send encrypted files to you.
10.5. Change Options

To change the default options in DataCrypt, click on the tab Change Options. This page will allow you to change the default folders used for storing files after they are encrypted or decrypted, as shown in Figure 10-11.
Figure 10-11 Change default options Click on the button ... to choose the location to save the encrypted or decrypted files. To automatically delete the plain files after encryption, click on the checkbox Delete after encrypt. Similarly, to automatically delete the encrypted files after decryption, click on the checkbox Delete after decrypt. When you have finished changing the default settings, click on the button Save.
Page 37 of 54
v3.0 14 May 2010
[DriveCrypt]
11. [DriveCrypt]
The [DriveCrypt] module provides a simple way to store sensitive data securely on the hard disk without the need to encrypt the entire hard disk. [DriveCrypt] creates a large file on the hard disk and encrypts it. The file is then mounted it as a separate drive in the file system for normal use. Data written into the drive will automatically be encrypted, while data read out will automatically be decrypted.
11.1. Starting [DriveCrypt]

To start [DriveCrypt], go to Start Programs Security to create a new container, as shown in Figure 11-1. [DriveCrypt]. This will open the dialog box
Figure 11-1 Create a new container This dialog allows you to create a new encrypted container. See Section 11.2 for more details.
11.2. Creating a new container

To create a new container, right-click anywhere over the explorer window and select New [DriveCrypt]. Alternatively, you can run [DriveCrypt] from Start Programs Security [DriveCrypt]. This will open the dialog as shown in Figure 11-1. Click on the button Browse to select the filename and location for the new container. Enter the size of the container needed in the Size field. Click on the dropdown bar to change the units from megabytes (MB) to gigabytes (GB). Note: The minimum size of the container is 3 MB. You can specify the name of the volume that will be displayed when the container is mounted into the filesystem. This field is optional. Click on the button OK when finished. The container will be created, and formatted. It will also be encrypted.
Page 38 of 54
v3.0 14 May 2010
Identity Management
12. Identity Management

The Identity Management module allows you to save login data, such as usernames and passwords, in applications or websites. The first time you enter your credentials into the authentication form, Identity Management will prompt you to save your login credentials. If you save the information, the next time you need to log in, the Identity Management module will automatically insert the credentials into the forms. As such, you will not need to remember the usernames and passwords.
12.1. Starting Identity Management

Identity Management is set to auto-start with Windows. To see the Identity Management application, go to Start Programs Security Identity Management. Alternatively, you can double-click on the Identity Management icon in the taskbar. The Identity Management module consists of 6 different tabs, Saved Applications, Never Saved Applications, Windows Logon, Saved Web Sites, Never Saved Web Sites and Settings, as shown in Figure 12-1.
Figure 12-1 Identity Management To navigate around the Identity Management, click on the different tabs. These tabs are described in the sub-sections below. To exit the Identity Management application, click on the button OK.
12.2. Saved Applications

The Saved Applications tab shows a list of application logins that Identity Management has saved. To view the saved applications, click on the tab Saved Applications and you will be presented with the list as shown in Figure 12-2.
Page 39 of 54
v3.0 14 May 2010
Identity Management
Figure 12-2 Saved Applications This page shows you the name of the application, the title for the log-on dialog box, and the full path of the application that required the authentication. To view the properties for the saved application, select the application and click on the button Properties. This will open a dialog box to manage the properties for the saved application, as shown in Figure 12-3.
Figure 12-3 Manage properties for saved application Click on the button Show Password to view the password, instead of asterisks. Click on the button OK to go back to the Identity Management application. To delete the login credentials for a saved application, select the application, and click on the button Delete. This will delete the application from the Identity Managements database, and you will need to enter your credentials to use the application the next time.
Page 40 of 54
v3.0 14 May 2010
Identity Management
12.3. Never Saved Applications

The Never Saved Applications tab shows a list of applications that you have specifically identified for Identity Management to ignore. To view these applications, click on the tab Never Saved Applications and you will be presented with a list as shown in Figure 12-4.
Figure 12-4 Never saved applications This page shows the full path to the application that Identity Management will ignore. To add an application, either click on the button Append, or click on the next available row. You can manually type the full path to the application, or you can click on the button ... to browse to the location of the application. To edit an entry, you can either double click on the entry, or select the entry and click on the button Edit. You can now change the path to the application that you want Identity Management to ignore. To delete an entry, select the desired entry and click on the button Delete.
12.4. Windows Logon

The Windows Logon tab shows the Windows logon passwords that you have saved for single sign-on. To view this information, click on the tab Windows Logon and you will be presented with the list as shown in Figure 12-5.
Page 41 of 54
v3.0 14 May 2010
Identity Management
Figure 12-5 Windows logon passwords To view the password instead of asterisks, click on the button Show Password. To delete a saved Windows password, select the password and click on the button Delete.
12.5. Saved Web Sites

The saved websites tab shows the list of websites that you have used Identity Management to manage your login credentials. To view this list, click on the tab Saved Web Sites, and you will be presented with list, as shown in Figure 12-6.
Figure 12-6 Saved web sites To edit an entry, select the desired entry and click on the button Edit. Alternatively, you can doubleclick on the entry. You can now change the URL of the website that you want to use Identity Management to remember your credentials. The Full Path option specifies whether Identity Management should only use exact URL or allows a variant of the URL entry. To delete an entry, select the desired entry and click on the button Delete.
Page 42 of 54
v3.0 14 May 2010
Identity Management
To manage the properties for the entry, select the desired entry and click on the button Properties. In the next dialog box, as shown in Figure 12-7, you can view the properties for the selected entry.
Figure 12-7 Properties for saved web sites Click on the button Edit URL(s) to edit the URL for the entry. Click on the button Show Password to show the saved password instead of asterisks. Click on the button OK to exit and return to the Identity Management application.
12.6. Never Saved Web Sites

The Never Saved Websites tab shows a list of websites that you have specifically identified for Identity Management to ignore. To view these websites, click on the tab Never Saved Web Sites and you will be presented with a list as shown in Figure 12-8.
Figure 12-8 Never saved web sites To add a new entry manually, you can either click on the button Append, or alternatively, you can double-click on the next empty row. Select the Full Path option, which specifies whether Identity Management should only use exact URL or allow a variant of the URL entry. Next, type in the URL that Identity Management should ignore. The new entry will be saved automatically. To edit an entry, select the desired entry and click on the button Edit. Alternatively, you can doubleclick on the entry. You can now change the URL, as well as the Full Path option for that entry. To delete an entry, select the desired entry and click on the button Delete.
Page 43 of 54
v3.0 14 May 2010
Identity Management
12.7. Settings
The Settings tab shows a list of options that you can set to modify the behaviour of Identity Management. To view these websites, click on the tab Settings and you will be presented with a screen as shown in Figure 12-9.
Figure 12-9 Identity Management settings To use Identity Management to manage your credentials for Windows applications, select the option Enable Identity Management for Windows Application. This option is selected by default. To start Identity Management every time Windows boots, select the option Run as startup program. This option is selected by default. Select the Hide tray icon option to hide the Identity Management icon from the system tray. This option is not selected by default. To change the delay before Identity Management automatically submits your credentials to the Windows application, change the value in the field Pre logon time out. The default delay is 3 seconds. Currently, Identity Management is compatible with 2 different browsers, Microsoft Internet Explorer and Mozilla. By default, Identity Management is enabled for Microsoft Internet Explorer. To enable Identity Management for Mozilla, select the option Enable Identity Management for Mozilla. To use the CompuSec single sign-on as a chain to another applications GINA, select the option Enable chain to third party GINA.
Page 44 of 54
v3.0 14 May 2010
SafeLan
13. SafeLan
The SafeLan module allows you to create encrypted files and folders on a remote folder, without needing to install any new application on the remote machine. SafeLan will transparently encrypt the data before transmitting the data through the network, and decrypt the data as it is received. As such, when used in a corporate environment, the files and folders stored in the file server are encrypted, preventing unauthorised access by system administrators and other IT support staff. It also provides a means of separating user spaces on the file server.
13.1. Starting SafeLan

To start SafeLan, go to Start Programs application as shown in Figure 13-1. Security SafeLan. This will open the SafeLan
Figure 13-1 SafeLan welcome page Click on the button Next to start encrypting folders.
Page 45 of 54
v3.0 14 May 2010
SafeLan
13.2. Creating a new folder
Figure 13-2 Creating a new encrypted folder in SafeLan To create a new encrypted folder using SafeLan, please follow these steps: 1. 2. 3. 4. 5. Select the radio button Create New Folder. Enter the name of your new folder in the field provided. Click on the button and select the location for your new folder. Please ensure you have write permissions to the selected folder. Select the key that you want to use for encryption. Click on the button Create to start the encryption.
13.3. Encrypt an existing folder
Figure 13-3 Encrypting an existing folder using SafeLan

SafeLan
To encrypt an existing folder, please follow these steps: 1. 2. 3. 4. Select the radio button Encrypt Existing Folder. Click on the button and select the location for your desired folder. Please ensure you have write permissions to the selected folder. Select the key that you want to use for encryption. Click on the button Create to start the encryption.
Page 47 of 54
v3.0 14 May 2010
Uninstallation
14. Uninstallation
14.1. Uninstallation Checklist
Please read this list carefully and ensure that these points are adhered to. Please ensure that you have administrator rights in your operating system. Stop all other applications before uninstalling FREE CompuSec. If your hard disks are encrypted, it is advisable to decrypt them using the Decryption while working option before beginning the uninstallation process. If the uninstallation process detects that the hard disks are encrypted, it will automatically use the Decryption before booting option to decrypt the hard disks.
14.2. Uninstallation Steps

To perform an uninstallation of FREE CompuSec, please follow these steps: 1. 2. Run CompuSec Service from Start Program Files Security CompuSec Service.
The welcome page of the CompuSec Service is displayed. Click on the button "Uninstallation of CompuSec.
Figure 14-1 CompuSec Service
3.
In the next screen, please enter the correct CompuSec password to prove your identity and click on the button Continue to proceed.
Page 48 of 54
v3.0 14 May 2010
Uninstallation
Figure 14-2 Authentication before uninstallation 4. In the next section, uninstallation notes note is showns:
Figure 14-3 Important uninstallation notes 5. In the next screen, click on the button Start Uninstall to begin the uninstallation. If your hard disks are not encrypted, the CompuSec drivers and other files will be removed from your system. Note: If your hard disks are encrypted, the CompuSec uninstallation will set your hard disks to be decrypted before booting and restart the machine. You will need to enter your user ID and password at the pre-boot authentication, and decryption process will start immediately. When the decryption of the hard disks is completed, the machine will boot, and the uninstallation process will continue. 6. To finalise the uninstallation, click on the button Finish. You computer will be restarted automatically.
Page 49 of 54 v3.0 14 May 2010
Uninstallation
Page 50 of 54
v3.0 14 May 2010
Advanced Options
15. Advanced Options

This section describes the different advanced options available to FREE CompuSec.
15.1. Installing FREE CompuSec on Hard Disks with Multiple Operating Systems
This option should be used if you already have multiple operating systems in your machine and want to encrypt the hard disks. 15.1.1. Overview FREE CompuSec encrypts the entire hard disk using a sector-based encryption. In Windows, this encryption or decryption of the data is performed using a device driver. As such, it is necessary for the device driver to be installed in both the operating systems in the hard disk. To do this, a few extra steps have to be taken to ensure that the device drivers are properly installed in both the operating systems. 15.1.2. Pre-Installation Checklist Before performing the installation, please read the following list carefully and ensure that the points are adhered to: Before installing FREE CompuSec, please make a backup of your data. Please ensure that you use only standard IDE or SATA disks and they are properly connected. Use CHKDSK to check the hard drive for errors. Please disable Boot Sector Virus Protection from you systems BIOS Please deactivate any antivirus software before the installation/uninstallation process Stop all other applications before running the FREE CompuSec installation program. Please ensure that you have administrator rights in both your operating system. Please ensure that all your required operating systems are installed.
Page 51 of 54
v3.0 14 May 2010
Advanced Options
15.1.3. Installation Procedure To install FREE CompuSec on a machine with 2 or more operating systems, please follow these steps: 1. 2. Boot to the first operating system and browse to the FREE CompuSec installation folder. Run Setup.exe to start the installation wizard. Follow the installation steps listed in Step 8 in Section 3.2 where the installation wizard shows the CompuSec components.
Figure 15-1 Select option to only install the driver 3. 4. Select the option Install driver for additional OS on disk, then click on the button Continue to proceed. The CompuSec installation will install the CompuSec device driver and exit. Reboot your computer and repeat steps 1 to 3 on your other operating systems if you have more than 2 operating systems in your machine. It is correct that the pre-boot authentication page does not appear as the installation is not completed. In the last operating system, run Setup.exe and DO NOT check the Install driver for additional OS on disk checkbox. This will now install the FREE CompuSec software completely, and the machine will be restarted automatically when the installation is finished. When the machine restarts again, you will be prompted with the pre-boot authentication screen, and you will have to enter the correct username and password in order to access your system. The installation is now complete, and you have successfully installed FREE CompuSec on a machine with multiple operating systems.
5.
6.
Page 52 of 54
v3.0 14 May 2010
Troubleshooting and Recovery Procedures
16. Troubleshooting and Recovery Procedures

This section describes various troubleshooting techniques for FREE CompuSec. Although the software has been thoroughly tested, there are certain unforeseen circumstances or hardware configurations that may lead to a non-correct functioning of the software. As such, these steps can help you troubleshoot and recover your system.
16.1. Emergency Decryption of an Encrypted Hard Disk

This procedure can be used to decrypt an encrypted hard disk in cases where the operating system cannot boot properly. After the hard disk is fully decrypted, you can then use your Windows installation CD to recover your operating system. To decrypt your hard disk, please follow these steps: 1. 2. Power on your computer and authenticate yourself at the pre-boot authentication. After you have successfully authenticated, a message for the service menu shown in Figure 16-1 is displayed for 2 seconds. Press F1 when this is displayed to access the service menu.
Press F1 for more options. The system will boot in 2 seconds

Figure 16-1 Service Menu Access 3. Figure 16-2 shows the different service options available. Select option 2 to begin the Emergency decryption for your hard disk.
The following service functions are available. Please select: 1 - Change current password 2 - Emergency decryption 3 - Boot
Figure 16-2 Service Menu Functions
The following hard disk (1-8) is now ready for decryption: Disk 1 Do you want to encrypt this disk now? (Y / N)
Figure 16-3 Decryption Notice 4. The decryption process will take some time, depending on the size of the hard disk. The remaining sectors to decrypt will be displayed on the screen, as shown in Figure 16-4.
Hard Disk 1 is decrypting now. Please wait and dont switch off power. Remaining Sectors : 82130000
Figure 16-4 Emergency Decryption in progress
Troubleshooting and Recovery Procedures
5.
When the decryption process is complete, the machine will boot. Then, you will be able to perform the necessary recovery procedures for your operating system. Note: This encryption or decryption process cannot be interrupted once it is started. If the process is stopped halfway, all the data on the disk will be rendered unreadable.
Page 54 of 54
v3.0 14 May 2010
CE-Infosys GmbH Am Kuemmerling 45 D-55294 Bodenheim Germany Tel: +49 (0) 6135 77 0 Fax: +49 (0) 6135 77 77 de.sales@ce-infosys.com
CE-Infosys Pte Ltd 31 International Business Park #04-03A Creative Resource Singapore 609921 Tel: +65 6899 9392 Fax:: +65 6899 9373 sg.sales@ce-infosys.com
CE-Infosys FZ-LLC Dubai Internet City Thuraya 2 Bldg Office 1007 P.O. Box 500434 Dubai U.A.E. Tel: +971 4 369 7578 Fax: +971 4 369 7579 ae.sales@ce-infosys.com
For more information, please visit our website http://www.ce-infosys.com

FREE CompuSec v5.3 Manual

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

FREE CompuSec v5.3 Manual

Uploaded by

Copyright:

Available Formats

User Manual

User Manual FREE CompuSec Version 5.3