| |
 |
Corporate Encryption Systems
Corporate Encryption Systems
|
|
Technical Features
The [FSRd] low level file
access interception
technology developed by
Prim'X Technologies
interfaces with FileSystems
running under Windows.
Algorithms: 3DES, AES
(128 to 256 bits), and RSA
(1024 to 4096 bits).
Available for
Windows 2000, XP and Vista. |
Technologies: PKCS#1,
PKCS#5, PKCS#11,
X509, Microsoft CSP,
LDAP, and PKIx
compatible.
Compatible with Windows,
Novell and UNIX servers
(NTFS & Samba).
|
|
|
|
Apply automatic security to laptops, fixed workstations and servers, etc.
ZoneCentral is the new-generation, simple-to-deploy corporate security product offering automatic administration and transparent use. This solution offers enhanced security by encrypting data and restricting access to only identified and authorized users. Without affecting your organization, ZoneCentral protects your files and folders in place. It also encrypts swap files and wipes temporary files.
ZoneCentral is certified as Common Criteria level EAL2+ has also obtained the Standard Qualification of the DCSSI which authorizes it to protect national, NATO and EU sensitive data.
|
 |
|
Main functions of ZoneCentral
|
|
Encryption
 On-the-fly, in-place encryption
Automatic swap file encryption
Encrypted containers for sending attachments securely by e-mail or for backups
Can encrypt Internet browser caches (Intranet protection)
Can encrypt user profiles (My Documents, Desktop, etc.)
Workstation security
‘Kernel’ mode cryptographic engine reduces user exposure to spyware
Keyboard driver prevents password capture
On-the-fly data wiping
Can prevent the creation of unencrypted (clear) files on removable disks
Automatic detection of USB memory sticks and proposed encryption |
| |
|
|
On-the-fly encryption transparent in use
|
|
|
Users access their files as normal. They handle their encrypted files in exactly the same way they handle unencrypted files. They must simply enter an access key once during their work session, enabling them to decrypt the encrypted files they access.
This policy of transparency in software designed specially to require the absolute minimum of user interaction minimizes corporate training costs. |
|
|
Permanent automatic protection |
|
| The data security plan is defined by the company’s security managers. ZoneCentral then applies this security plan automatically and systematically without any user interaction. Files are constantly encrypted (there is no unencrypted copy at any time). |
|
|
No need to change data organization or structure |
|
|
Files are encrypted 'in place' on workstations or data servers. ZoneCentral does not require any changes in data organization or structure. |
|
|
Secure data sharing and network traffic |
|
|
ZoneCentral encrypts and decrypts files where they are used: in memory on the workstation. This means data is carried in encrypted form when server files are accessed via corporate networks or remotely.
In addition, if a user shares an encrypted zone on their workstation only users with appropriate access rights can read the files it contains.
|
|
|
User access keys |
|
|
ZoneCentral secures encrypted zones using authentication methods already found in corporate environments: passwords, key files (.p12, .pfx), token smart cards or USB devices by major manufacturers, CSP containers or other systems.
ZoneCentral is therefore compatible with most PKIs on the market (although it does not require them).
|
|
|
Encrypted attachments and backups |
|
|
Zed! is a standard integrated module supplied with ZoneCentral, used to create encrypted compressed containers to send attachments securely via email. Users can exchange information securely with others, regardless of whether they too use ZoneCentral or not. Containers can use shared passwords or certificates. |
|
|
Secure wiping of files |
|
|
All files users or applications delete are wiped. ZoneCentral also encrypts swap files.
ZoneCentral is the only product to provide real-time wiping and swap encryption, countering major potential security weaknesses.
|
|
|
Strong cryptographic security |
|
|
The cryptographic engine runs in the operating system’s ‘kernel’ mode, providing enhanced global protection and greatly reducing user exposure to spyware. ZoneCentral also integrates a keyboard driver that secures code or password input, preventing key-press capture by spyware. |
|
|
Flexible, easy deployment |
|
|
Installation of ZoneCentral on workstations is compatible with centralized installation tools (SMS etc.).
Security rules and settings controlling fixed or mobile workstations, networked shared zones and removable disks are defined by the Administrator using Windows Security Policies. Windows applies these rules automatically and in real time.
Zones are initially encrypted either by users or by the security administrator, depending on the disk type and chosen deployment method.
|
|
|
Data is encrypted even for system administrators |
|
|
In-place encryption means network operation and administration is unaffected. System operators cannot access the data content, making ZoneCentral an essential part of any outsourcing project.
Even backups can be made in encrypted form, ensuring long-term confidentiality of sensitive information.
|
|
|
Operation and supervision
|
|
|
ZoneCentral generates events that can be read by security administrators using the Windows Event Viewer.
The list of events can be configured and the events can also be sent to a server.
ZoneCentral provides security managers with company specific recovery tools enabling them to audit encrypted zones. They can also activate or deactivate encryption of any zone in their system at any time.
|
|
|
|
|